Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home GIAC GASF

GIAC GASF Exam Practice Questions (P. 1)

  • Full Access (71 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #1
Based on the image below, which file system is being examined?

  1. A
    Chinese knock-off
  2. B
    Windows
  3. C
    Android
  4. D
    Blackberry

Correct Answer:
A
Reference:
https://forums.techguy.org/threads/virus-in-china-mobile.992051/

Question #2
What type of acquisition is being examined in the image below?

  1. A
    iOS bypass lock
  2. B
    Blackberry logical
  3. C
    Android physical
  4. D
    Windows Mobile file system

Correct Answer:
C
Reference:
http://www.forensicswiki.org/wiki/How_To_Decrypt_Android_Full_Disk_Encryption

Question #3
Which of the following files contains details regarding the encryption state of an iTunes backup file?
  1. A
    Keychain-backup.plist
  2. B
    Manifest.mbdb
  3. C
    Manifest.plist
  4. D
    Status.plist

Correct Answer:
C
The Manifest.plist lists if the backup is encrypted. This will come into use and be required should the backup file need to be accessed forensically if it is locked. The Manifest.mbdb contains a listing of data stored in the backup. Even if the backup is encrypted, this data can be parsed for more information.
Reference:
http://resources.infosecinstitute.com/ios-5-backups-part-1/#gref

Question #4
In addition to the device passcode, what other essential piece of information is most often required in order to decrypt the contents of BlackBerry OS 10 handsets?
  1. A
    BlackBerry Blend username/pin
  2. B
    BlackBerry Balance username/password
  3. C
    BlackBerry Link ID/password
  4. D
    BBM pin

Correct Answer:
C
Special considerations when analyzing data from BlackBerry OS 10 devices:
✑ You must have the device passcode as well as the BlackBerry Link password in order to backup or view this data
✑ This requires an Internet connection on the processing machine because you are authenticating to the BlackBerry
Link Server to authenticate the username and password
✑ You may encounter issues when attempting to acquire a BES-enabled device.

Question #5
The device pictured below is in Download Mode to attempt a physical acquisition. What can be ascertained by viewing the Android boot screen below?

  1. A
    The Android is not rooted
  2. B
    No ROM changes have ever occurred on this device
  3. C
    The Original/Factory ROM is booting
  4. D
    The Original ROM was at one time modified

Correct Answer:
C
Reference:
https://www.digitalforensics.com/blog/physical-acquisition-of-a-locked-android-device/

Next Questions

All Pages