GIAC GASF GIAC Advanced Smartphone Forensics Online Training
GIAC GASF Online Training
The questions for GASF were last updated at Feb 18,2025.
- Exam Code: GASF
- Exam Name: GIAC Advanced Smartphone Forensics
- Certification Provider: GIAC
- Latest update: Feb 18,2025
Which of the following is required in addition to the Apple ID of the custodian to access IOS backup files that are stored in ICloud?
- A . iTunes password
- B . Device passcode
- C . Manifest.plist
- D . Keychain-backup.plist
In 2015, Apple’s iTunes store was found to be hosting several malicious applications that were infected as a result of hacked version of the developer toolkit used to create applications.
Which Apple developer suite was targeted?
- A . Xcode
- B . ADB
- C . Momentics IDE
- D . Xamarin
An Android device user is known to use Facebook to communicate with other parties under examination. There is no evidence of the Facebook application on the phone.
If there was Facebook usage where would an examiner expect to find these artifacts?
- A . com.android.chrome/app_chrome/Default/Local Storage
- B . dmappmgr.db
- C . /data/system/packages.xml
- D . AndroidManifest.xml
Physical Analyzer provides a function to narrow down a search based on a timestamp, a type, a party or date.
What is the name of this advanced searching capability?
- A . Watchlist Editor
- B . Tags
- C . Timeline
- D . Event of Interest
The files pictured below from a BlackBerry OS10 file system have a unique file extension.
What can be concluded about these files?
- A . Files are protected by the file system, so changing the file system makes them less accessible
- B . Files are encrypted to prevent them from being viewed without the decryption key
- C . Files are encoded for secure transmitting of data
- D . Files are located on a media card so they contain a unique file extension
Where can an analyst find data to provide additional artifacts to support the evidence in the highlighted file?
- A . internal.db-wal
- B . browser2.db
- C . sysmon2.db-shm
- D . external.db
Which of the following is a unique 56 bit number assigned to a CDMA handset?
- A . Mobile Station International Subscriber Directory Number (MSISDN)
- B . Electronic Serial Number (ESN)
- C . International Mobile Equipment Identifier (IMEI)
- D . Mobile Equipment ID (MEID)
Which of the following files provides the most accurate reflection of the device’s date/timestamp related to the last device wipe?
- A . /private/var/mobile/Library/AddressBook/AddressBook.sqlitedb
- B . /private/var/mobile/Applications/com.apple.mobilesafari/Library/history.db
- C . /private/var/mobile/Applications/com.viber/Library/Prefernces/com.viber.plist
- D . /private/var/mobile/Applications/net.whatsapp.WhatsApp/Library/pw.dat
Which of the following is the term for the SMS malware that sends text messages to a premium number generating large service bills for the user of the targeted device?
- A . Trojan
- B . Adware
- C . Potentially unwanted applications
- D . Click bait
When examining the iOS device shown below the tool indicates that there are 4 chat messages recovered
- A . Memory ranges from a physical dump of the device
- B . Databases installed and maintained by the application
- C . Internet history plist files found in logical acquisitions
- D . IP connections used by the application
Latest GASF Dumps Valid Version with 71 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
