1. Home
  2. GIAC
  3. Security Certification: GASF
  4. GASF
  5. GIAC Advanced Smartphone Forensics Questions and Answers

Pass the GIAC Security Certification: GASF GASF Questions and answers with CertsForce

 GIAC Exams      Go to Exam Detail      Get Premium Access
Viewing page 2 out of 3 pages
Viewing questions 11-20 out of questions
Questions # 11:

When examining the iOS device shown below the tool indicates that there are 4 chat messages recovered from the device.

Question # 11

Which of the following locations may contain additional chat information?

Options:
A.

Memory ranges from a physical dump of the device

B.

Databases installed and maintained by the application

C.

Internet history plist files found in logical acquisitions

D.

IP connections used by the application

Questions # 12:

Which of the following is a backup tool for smartphones?

Options:
A.

Ovi Suite

B.

Lifeblog

C.

Absinthe

D.

Mbackup

Questions # 13:

Review the two highlighted sections in the hex output below from the file MP0c_000.

Question # 13

Convert the phone number found in raw format extracted from a Chinese knock-off device.

Options:
A.

3494044495

B.

7034241991

C.

6174429119

D.

4349404459

Questions # 14:

Which of the following files provides the most accurate reflection of the device’s date/timestamp related to the

last device wipe?

Options:
A.

/private/var/mobile/Library/AddressBook/AddressBook.sqlitedb

B.

/private/var/mobile/Applications/com.apple.mobilesafari/Library/history.db

C.

/private/var/mobile/Applications/com.viber/Library/Prefernces/com.viber.plist

D.

/private/var/mobile/Applications/net.whatsapp.WhatsApp/Library/pw.dat

Questions # 15:

Which file type below is commonly associated with locational data and is an export option from within

Cellebrite Physical Analyzer and XRY to provide detailed visual output of geographic information?

Options:
A.

.plist

B.

.kml

C.

.xry

D.

.ipa

Questions # 16:

Which of the following is of most concern when attempting to root an Android device such as Google Glass

when conducting a forensic acquisition?

Options:
A.

Rooting this device will overwrite the data partition

B.

The manufacturer warranty is voided

C.

Device security is altered

D.

Traces of the root are left behind

Questions # 17:

Review the sample database.

Question # 17

What is the BLOB column storing for this particular database table?

Options:
A.

Mp4 videos

B.

Encrypted text messages

C.

Audio files

D.

Text messages

E.

JPEG images

Questions # 18:

Property list (Plist) files are used by iOS devices to store datA. Which of the file formats below is common to

plist files?

Options:
A.

HTML

B.

SQL

C.

DMG

D.

Binary

Questions # 19:

When dealing with mobile devices and flash memory, and the fact that data in memory constantly changes

even when the device is simply powered on. It is best practice to:

Options:
A.

Only acquire from devices in an OFF state

B.

Document those changes that were made to the device during the forensic process

C.

Always use a write-blocker when dealing with mobile devices

D.

Always remove the battery from a device before acquisition

Questions # 20:

Which artifact must be carved out manually when examining a file system acquisition of an Android device?

Options:
A.

Deleted images

B.

Contacts

C.

SMS messages

D.

Phone numbers

Viewing page 2 out of 3 pages
Viewing questions 11-20 out of questions