CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Guidance Software
  5. GD0-110

Free GD0-110 Exam Braindumps (page: 18)

Page 18 of 44
PDF with 174 Questions

To undelete a file in the FAT file system, EnCase computes the number of _______ the file will use based on the file ______.

  1. Clusters; file size
  2. Sectors; file size
  3. Clusters; starting extent
  4. Sectors; starting extent

Answer(s): A



You are at an incident scene and determine that a computer contains evidence as described in the search warrant. When you seize the computer, you should:

  1. Record the identity of the person(s) involved in the seizure.
  2. Record the location that the computer was recovered from.
  3. Record nothing to avoid inaccuracies that might jeopardize the use of the evidence.
  4. Record the date and time the computer was seized.

Answer(s): A,B,D



You are working in a computer forensic lab. A law enforcement investigator brings you a computer and a valid search warrant. You have legal authority to search the computer. The investigator hands you a piece of paper that has three printed checks on it. All three checks have the same check and account number. You image the suspect computer and open the evidence file with EnCase. You checks have the same check and account number. You image the suspect? computer and open the evidence file with EnCase. You perform a text search for the account number and check number. Nothing returns on the search results. You perform a text search for all other information found on the printed checks and there is still nothing returned in the search results. You run a signature analysis and check the gallery. You cannot locate any graphical copies of the printed checks in the gallery. At this point, is it safe to say that the checks are not located on the suspect computer? checks are not located on the suspect? computer?

  1. No. The images could be located a compressed file.
  2. No. The images could be in unallocated clusters.
  3. No. The images could be embedded in a document.
  4. All of the above.
  5. No. The images could be in an image format not viewable inside EnCase.

Answer(s): D



A physical file size is:

  1. The total size of all the clusters used by the file measured in bytes.
  2. The total size in bytes of a logical file.
  3. The total size of the file including the ram slack in bytes.
  4. The total size in sectors of an allocated file.

Answer(s): A



Page 18 of 44



Post your Comments and Discuss Guidance Software GD0-110 exam with other Community members:

Paresh commented on January 27, 2021
Brain dump was very accurate and helpful in preparation for exam. Also, I learned a lot and was able to pass the exam. Thanks
UNITED STATES
upvote

Raman commented on June 11, 2019
Questions and answers valid but it does not cover 100% of the exam. But enough to get you pass your exam. I suggest you use alternative materials as well to be on the safe side. But this package worths the price.
UNITED STATES
upvote