GD0-100 Practice Questions

A.  

Directory Entry

B.  

Master File Table

C.  

Info2 file

D.  

Inode Table

A.  

Compare a file header to a file extension.

B.  

Identify files that are already known to the user.

C.  

Compare one hash set with another hash set.

D.  

Verify the evidence file.

A.  

Red

B.  

Red on black

C.  

Black on red

D.  

Black

A.  

FF 0000 00 00 FF BA

B.  

0000 00 01 FF FF BA

C.  

04 06 0000 00 FF FF BA

D.  

04 0000 00 FF FF BA

A.  

Clusters;starting extent

B.  

Sectors;starting extent

C.  

Clusters;file size

D.  

Sectors;file size

A.  

False

B.  

True

A.  

The only drive on the computer.

B.  

The primary of two drives connected to one cable.

C.  

Whenever another drive is on the same cable and is pinned as a slave.

D.  

A SCSI drive is not pinned as a master.

A.  

The cluster is unallocated

B.  

The cluster is the end of a file

C.  

The cluster is allocated

D.  

The cluster is marked bad

A.  

When SCSI devices are configured.

B.  

When Windows starts up.

C.  

After a computer begins to boot from a device.

D.  

When the power button to a computer is turnedon.

A.  

UseFastBloc or a network/parallel port cable to preview the hard drives. Go to the Gallery view and search for the previously identified images.

B.  

UseFastBloc or a network/parallel port cable to acquire forensic images of the hard drives, then search the evidence files for the previously identified images.

C.  

UseFastBloc or a network/parallel port cable to preview the hard drives. Conduct a hash analysis of the files on the hard drives, using a hash library containing the hash values of the previously identified images.

D.  

Use an EnCase DOS boot disk to conduct a text search for child porn. Use an EnCase DOS boot disk to conduct a text search for child porn?