giac gasf practice test

Which of the following is required in addition to the Apple ID of the custodian to access IOS backup
files that are stored in ICloud?
A. iTunes password
B. Device passcode
C. Manifest.plist
D. Keychain-backup.plist

In 2015, Apple’s iTunes store was found to be hosting several malicious applications that were
infected as a result of hacked version of the developer toolkit used to create applications. Which
Apple developer suite was targeted?
A. Xcode
B. ADB
C. Momentics IDE
D. Xamarin

An Android device user is known to use Facebook to communicate with other parties under
examination.
There is no evidence of the Facebook application on the phone. If there was Facebook usage where
would an examiner expect to find these artifacts?
A. com.android.chrome/app_chrome/Default/Local Storage
B. dmappmgr.db
C. /data/system/packages.xml
D. AndroidManifest.xml

Physical Analyzer provides a function to narrow down a search based on a timestamp, a type, a party
or date.
What is the name of this advanced searching capability?
A. Watchlist Editor
B. Tags
C. Timeline
D. Event of Interest

The files pictured below from a BlackBerry OS10 file system have a unique file extension.

What can be concluded about these files?
A. Files are protected by the file system, so changing the file system makes them less accessible
B. Files are encrypted to prevent them from being viewed without the decryption key
C. Files are encoded for secure transmitting of data
D. Files are located on a media card so they contain a unique file extension

Exhibit:

Where can an analyst find data to provide additional artifacts to support the evidence in the
highlighted file?

• A. internal.db-wal
• B. browser2.db
• C. sysmon2.db-shm
• D. external.db

Which of the following is a unique 56 bit number assigned to a CDMA handset?
A. Mobile Station International Subscriber Directory Number (MSISDN)
B. Electronic Serial Number (ESN)
C. International Mobile Equipment Identifier (IMEI)
D. Mobile Equipment ID (MEID)

Which of the following files provides the most accurate reflection of the device’s date/timestamp
related to the
last device wipe?
A. /private/var/mobile/Library/AddressBook/AddressBook.sqlitedb
B. /private/var/mobile/Applications/com.apple.mobilesafari/Library/history.db
C. /private/var/mobile/Applications/com.viber/Library/Prefernces/com.viber.plist
D. /private/var/mobile/Applications/net.whatsapp.WhatsApp/Library/pw.dat

Which of the following is the term for the SMS malware that sends text messages to a premium
number
generating large service bills for the user of the targeted device?
A. Trojan
B. Adware
C. Potentially unwanted applications
D. Click bait

When examining the iOS device shown below the tool indicates that there are 4 chat messages
recovered from the device.

Which of the following locations may contain additional chat information?
A. Memory ranges from a physical dump of the device
B. Databases installed and maintained by the application
C. Internet history plist files found in logical acquisitions
D. IP connections used by the application