Month End Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Certensure Logo
  1. Home
  2. GIAC
  3. Security Certification: GASF
  4. GASF - GIAC Advanced Smartphone Forensics

GIAC GASF GIAC Advanced Smartphone Forensics Exam Practice Test

Demo: 11 questions
Total 75 questions
Get GASF Full Access Download GASF PDF

GIAC Advanced Smartphone Forensics Questions and Answers

Question 1

An analyst investigating a Nokia S60 Symbian device wants to know if an Adobe Flash file on the handset is compromised.

Which file in the image will best target the Adobe Flash files?

Options:

A.

FLASHLITE.sis

B.

flashliteplugin.r03

C.

saflash.r01

D.

OnlinePrint.sis

Question 2

When examining the iOS device shown below the tool indicates that there are 4 chat messages recovered from the device.

Which of the following locations may contain additional chat information?

Options:

A.

Memory ranges from a physical dump of the device

B.

Databases installed and maintained by the application

C.

Internet history plist files found in logical acquisitions

D.

IP connections used by the application

Question 3

Which of the following files provides the most accurate reflection of the device’s date/timestamp related to the

last device wipe?

Options:

A.

/private/var/mobile/Library/AddressBook/AddressBook.sqlitedb

B.

/private/var/mobile/Applications/com.apple.mobilesafari/Library/history.db

C.

/private/var/mobile/Applications/com.viber/Library/Prefernces/com.viber.plist

D.

/private/var/mobile/Applications/net.whatsapp.WhatsApp/Library/pw.dat

Question 4

Which cloud based system can be utilized by Android owners to backup user data?

Options:

A.

Amazon Web Services (AWS)

B.

Samsung Kies

C.

Android Device Manager

D.

Google

Question 5

Which of the following actions described below would populate the suggestions table on an Android phone?

Options:

A.

Google Maps recommends locations, which are cached in the table

B.

Google Maps tracks previously entered destinations by the user

C.

The table contains previously saved or bookmarked destinations

Question 6

When examining a file system acquisition of an Android device Which artifact must be carved out manually?

Options:

A.

Deleted images

B.

Contacts

C.

SMS messages

D.

Phone numbers

Question 7

Cellebrite’s Physical Analyzer will conduct a Quick Scan for images, which goes through and carves files that may have been deleted from the device. When carving for image files, which of the following methods is most effectively used to recover data?

Options:

A.

Update the signature database

B.

Carve based on file header

C.

Carve based on file metadata

D.

Carve based on memory ranges

Question 8

How would an examiner review items deleted from a SQLITE database?

Options:

A.

Using a Hex Viewer

B.

Converting the database to a txt file

C.

Reviewing the file header

D.

Selecting the raw data from the table

Question 9

Which of the following is one potential risk of using the ALWAYS OFF rule for handling cell phones?

Options:

A.

Overwriting data

B.

Engaging password or PIN protection mechanism

C.

Destruction of call logs and cell tower information

D.

Improper handling by the user

Question 10

While analysis in BlackBerry application list it appears that no third-party applications were installed on the device. Which other file may provide you with additional information on applications that were accessed with the handset?

Options:

A.

BlackBerry NV Items

B.

Content Store

C.

Event logs

D.

BBThumbs.dat

Question 11

Which of the following items is found in the Kernel Space for an iOS device?

Options:

A.

Cocoa Touch framework

B.

System Area

C.

Applications

D.

Core Services

Load More GASF Questions
Demo: 11 questions
Total 75 questions
Get GASF Full Access Download GASF PDF