Summer Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Examstrust Logo
examstrust mcafee
  1. Home
  2. GIAC
  3. Security Certification: GASF
  4. GASF - GIAC Advanced Smartphone Forensics

GIAC GASF GIAC Advanced Smartphone Forensics Exam Practice Test

Page: 1 / 8
Total 75 questions
Get GASF Full Access Download GASF PDF

GIAC Advanced Smartphone Forensics Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$43.75  $124.99
Add to Cart

PDF + Testing Engine

  • Product Type: PDF + Testing Engine
$61.25  $174.99
Add to Cart

PDF Study Guide

  • Product Type: PDF Study Guide
$38.5  $109.99
Add to Cart
Question 1

Cellebrite’s Physical Analyzer will conduct a Quick Scan for images, which goes through and carves files that may have been deleted from the device. When carving for image files, which of the following methods is most effectively used to recover data?

Options:

A.

Update the signature database

B.

Carve based on file header

C.

Carve based on file metadata

D.

Carve based on memory ranges

Question 2

Which of the following is one potential risk of using the ALWAYS OFF rule for handling cell phones?

Options:

A.

Overwriting data

B.

Engaging password or PIN protection mechanism

C.

Destruction of call logs and cell tower information

D.

Improper handling by the user

Question 3

What is being shown in the image below?

Options:

A.

An outgoing call that was not answered

B.

A call that was answered but immediately hung up

C.

A missed Skype message on an android device

D.

A call that was answered and lasted 5 seconds

Question 4

Which of the following is a unique 56 bit number assigned to a CDMA handset?

Options:

A.

Mobile Station International Subscriber Directory Number (MSISDN)

B.

Electronic Serial Number (ESN)

C.

International Mobile Equipment Identifier (IMEI)

D.

Mobile Equipment ID (MEID)

Question 5

Which of the following can most forensics tools crack on an iOS device?

Options:

A.

Touch (fingerprint) ID

B.

Simple passcode

C.

Passphrase

Question 6

An analyst is reviewing the contents of a media card that was found without an associated device. Based on the image below, with which mobile device is it most likely that this device was once paired?

Options:

A.

Android smartphone

B.

Chinese Knock-off

C.

Legacy BlackBerry

D.

Nokia device running Symbian OS

Question 7

Which artifact(s) can be extracted from a logical image only if the device the image was acquired from was jailbroken?

Options:

A.

SMS/MMS

B.

Email

C.

Call Logs

D.

Photos

Question 8

Property list (Plist) files are used by iOS devices to store datA. Which of the file formats below is common to

plist files?

Options:

A.

HTML

B.

SQL

C.

DMG

D.

Binary

Question 9

As part of your analysis of a legacy BlackBerry device, you examine the installed applications list and it

appears that no third-party applications were installed on the device. Which other file may provide you with additional information on applications that were accessed with the handset?

Options:

A.

BlackBerry NV Items

B.

Content Store

C.

Event logs

D.

BBThumbs.dat

Question 10

What will happen when a user creates an encrypted backup of their personal iPhone on their work computer then later performs a backup to their personal computer at home?

Options:

A.

The user will not be able to create the backup until they have deleted the original on their work computer

B.

The user will be required to enter a new backup password on their personal computer

C.

The user will be required to enter their backup password to start the backup process

D.

The user will not need to enter a password on the personal computer

Question 11

When examining a file system acquisition of an Android device Which artifact must be carved out manually?

Options:

A.

Deleted images

B.

Contacts

C.

SMS messages

D.

Phone numbers

Load More GASF Questions
Page: 1 / 8
Total 75 questions
Get GASF Full Access Download GASF PDF