Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu
sale

Want to Unlock All Questions for this Exam?

Full Exam Access, Discussions, No Robots Checks

27
Students signed up in the last 24H

GIAC GASF Exam Actual Questions

The questions for GASF were last updated on April 29, 2024.
  • Viewing page 1 out of 18 pages.
  • Viewing questions 1-4 out of 75 questions
 

Topic 1 - Single Topic

Question #1 Topic 1

Based on the image below, which file system is being examined?

  • A. Chinese knock-off
  • B. Windows
  • C. Android
  • D. Blackberry
Reveal Solution Hide Solution   Discussion   1

Correct Answer: A 🗳️
Reference:
https://forums.techguy.org/threads/virus-in-china-mobile.992051/

Question #2 Topic 1

What type of acquisition is being examined in the image below?

  • A. iOS bypass lock
  • B. Blackberry logical
  • C. Android physical
  • D. Windows Mobile file system
Reveal Solution Hide Solution   Discussion  

Correct Answer: C 🗳️
Reference:
http://www.forensicswiki.org/wiki/How_To_Decrypt_Android_Full_Disk_Encryption

Question #3 Topic 1

Which of the following files contains details regarding the encryption state of an iTunes backup file?

  • A. Keychain-backup.plist
  • B. Manifest.mbdb
  • C. Manifest.plist
  • D. Status.plist
Reveal Solution Hide Solution   Discussion  

Correct Answer: C 🗳️
The Manifest.plist lists if the backup is encrypted. This will come into use and be required should the backup file need to be accessed forensically if it is locked. The Manifest.mbdb contains a listing of data stored in the backup. Even if the backup is encrypted, this data can be parsed for more information.
Reference:
http://resources.infosecinstitute.com/ios-5-backups-part-1/#gref

Question #4 Topic 1

In addition to the device passcode, what other essential piece of information is most often required in order to decrypt the contents of BlackBerry OS 10 handsets?

  • A. BlackBerry Blend username/pin
  • B. BlackBerry Balance username/password
  • C. BlackBerry Link ID/password
  • D. BBM pin
Reveal Solution Hide Solution   Discussion  

Correct Answer: C 🗳️
Special considerations when analyzing data from BlackBerry OS 10 devices:
✑ You must have the device passcode as well as the BlackBerry Link password in order to backup or view this data
✑ This requires an Internet connection on the processing machine because you are authenticating to the BlackBerry
Link Server to authenticate the username and password
✑ You may encounter issues when attempting to acquire a BES-enabled device.

Next Questions

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel