GD0-100 Exam Dumps - Certification Exam For ENCE North America

The results of a hash analysis

The information contained in the signature table

The results of a signature analysis

Pointers to an evidence file

A chip that would be considered the brain of a computer, which is installed on a motherboard.

A Central Programming Unit.

A motherboard with all required devices connected.

An entire computer box, not including the monitor and other attached peripheral devices.

Nothing

It is moved to a special area.

It is overwritten with zeroes.

The file header is marked with a Sigma so the file is not recognized by the operating system.

The RAM chip

The controller card

The motherboard

The microprocessor

It is zeroed out.

The first character of the directory entry is marked with a hex 00.

It is wiped from the directory.

The first character of the directory entry is marked with a hex E5.

FileSignatures.ini

Keywords.ini

TextStyle.ini

FileTypes.ini

FF 0000 00 00 FF BA

0000 00 01 FF FF BA

04 06 0000 00 FF FF BA

04 0000 00 FF FF BA

Will not find it because the letters of the keyword are not contiguous.

Will not find it because EnCase performs a physical search only.

Will find it because EnCase performs a logical search.

Will not find it unlessile slack?is checked on the search dialog box. Will not find it unless ?ile slack?is checked on the search dialog box.

Test the technique on simulated evidence in a controlled environment to confirm that the results are consistent.

Be trained in the employment of the technique.

Botha and b.

Neithera or b.

Tomorrow

TomJ@hotmail.com

Tom

Stomp

Red

Red on black

Black

Black on red

Will not find it unlessile slack is checked on the search dialog box.

Will find it because EnCase performs a logical search.

Will not find it because EnCase performs a physical search only.

Will not find it because the letters of the keyword are not contiguous.

Never

When the FAT 32 has the same number of sectors / clusters.

When the FAT 32 is the same size or bigger.

Both a and b

Will find the keyword if it is either Unicode or ASCII.

Unicode is not a search option for EnCase.

Will only find the keyword if it is Unicode.

None of the above.

The file signature is unknown and the header is a JPEG.

The file signature is a JPEG signature and the file extension is incorrect.

The file signature is unknown and the file extension is JPEG.

None of the above.

5

1

any number of

10

Computes the hash value including the logical file and filename.

Computes the hash value including the physical file and filename.

Computes the hash value based on the logical file.

Computes the hash value based on the physical file.

a unique directory on the lab drive for case management

a text file for notes

All of the above

an .E01 file on the lab drive

Word

Byte

Bit

Nibble

Dword

The .SHD file

The .SPL file

Neither a or b

Both a and b

Read Open Memory

Random Open Memory

Read Only Memory

Relative Open Memory

Pre-POST

After POST

During POST

None of the above.

An add-in card that handles allRAM.

Any circuit board, regardless of its function.

The main circuit board that has slots for the microprocessor, RAM, ROM, and add-in cards.

An add-in card that controls all hard drive activity.