Summer Special Sale - Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 575363r9

Welcome To DumpsPedia
  1. Home
  2. GIAC
  3. Security Certification: GASF
  4. GASF
  5. GIAC Advanced Smartphone Forensics Questions and Answers

GASF Sample Questions Answers

Questions 4

What information can you determine by reviewing the (bp2p) file from a BlackBerry OS10 handset?

Options:

A.

Cloud accounts

B.

Bluetooth pairings

C.

Paired computers

D.

Connected Wireless Access points

Buy Now
Questions 5

In addition to the device passcode, what other essential piece of information is most often required in order to decrypt the contents of BlackBerry OS 10 handsets?

Options:

A.

BlackBerry Blend username/pin

B.

BlackBerry Balance username/password

C.

BlackBerry Link ID/password

D.

BBM pin

Buy Now
Questions 6

Examine the file, Bluetooth, what is the name of the device being examined?

Options:

A.

CON

B.

WIN7

C.

CON….M

D.

WIN10

Buy Now
Questions 7

Cellebrite Physical Analyzer uses Bit Defender to scan for malware by flagging files who have known bad hash values. This is an example of which type of mobile malware detection?

Options:

A.

Specific-based malware detection

B.

Signature-based detection

C.

Behavioral-based detection

D.

Cloud based malware detection

Buy Now
Questions 8

Cellebrite’s Physical Analyzer will conduct a Quick Scan for images, which goes through and carves files that may have been deleted from the device. When carving for image files, which of the following methods is most effectively used to recover data?

Options:

A.

Update the signature database

B.

Carve based on file header

C.

Carve based on file metadata

D.

Carve based on memory ranges

Buy Now
Questions 9

Which of the following is one potential risk of using the ALWAYS OFF rule for handling cell phones?

Options:

A.

Overwriting data

B.

Engaging password or PIN protection mechanism

C.

Destruction of call logs and cell tower information

D.

Improper handling by the user

Buy Now
Questions 10

The jTAG method is designed to acquire data through which of the following?

Options:

A.

Chip-level access

B.

Twister box with RJ45 connection

C.

Test Access Ports (TAPs)

D.

Chip-level access USB connection

Buy Now
Questions 11

Which of the following actions described below would populate the suggestions table on an Android phone?

Options:

A.

Google Maps recommends locations, which are cached in the table

B.

Google Maps tracks previously entered destinations by the user

C.

The table contains previously saved or bookmarked destinations

Buy Now
Questions 12

What does the data string highlighted in blue represent in the File system path?

Options:

A.

Code name and build number

B.

Phone nick name and serial number

C.

Device user name and phone number

D.

Volume name and network ID

Buy Now
Questions 13

Based on the image below, which file system is being examined?

Options:

A.

Chinese knock-off

B.

Windows

C.

Android

D.

Blackberry

Buy Now
Questions 14

An analyst investigating a Nokia S60 Symbian device wants to know if an Adobe Flash file on the handset is compromised.

Which file in the image will best target the Adobe Flash files?

Options:

A.

FLASHLITE.sis

B.

flashliteplugin.r03

C.

saflash.r01

D.

OnlinePrint.sis

Buy Now
Questions 15

Which of the following is required in addition to the Apple ID of the custodian to access IOS backup files that are stored in ICloud?

Options:

A.

iTunes password

B.

Device passcode

C.

Manifest.plist

D.

Keychain-backup.plist

Buy Now
Questions 16

During the forensic analysis of a Nokia Symbian phone, you receive a SD card with files in the Nokia\Content

Copier folder. What data is present to examine?

Options:

A.

Encryption keys

B.

User created images

C.

Logon credentials

D.

Backup files

Buy Now
Questions 17

What is being shown in the image below?

Options:

A.

An outgoing call that was not answered

B.

A call that was answered but immediately hung up

C.

A missed Skype message on an android device

D.

A call that was answered and lasted 5 seconds

Buy Now
Questions 18

Review the information contained within the Viber application running on an Android device. Which of the

following can be determined?

Options:

A.

A message containing the string8901260572525158741was sent using the Viber application.

B.

The Viber account used to send/receive messages can be tied to the user in possession of the SIM cardwith an IMSI of 8901260572525158741

C.

The user account for Viber is 8901260572525158741

D.

The Viber account used to send/receive messages can be tied to the user in possession of the SIM cardwith an ICCID of 8901260572525158741

Buy Now
Questions 19

What information can be concluded by examining this XML file extracted from an Android device?

Options:

A.

Skype was installed but not utilized on the device

B.

A Skype account was configured and accessed on this device

C.

Skype was launched but a profile was not created

D.

A user logged into Skype with a temporary guest profile

Buy Now
Questions 20

Review the sample database.

What is the BLOB column storing for this particular database table?

Options:

A.

Mp4 videos

B.

Encrypted text messages

C.

Audio files

D.

Text messages

E.

JPEG images

Buy Now
Questions 21

Which file system is mostly found on Samsung devices?

Options:

A.

Yet Another Flash File System (YAFFS2)

B.

Out of Bound (OOB)

C.

Robust File system (RFS)

D.

EXT4

Buy Now
Questions 22

As part of your analysis of a legacy BlackBerry device, you examine the installed applications list and it

appears that no third-party applications were installed on the device. Which other file may provide you with additional information on applications that were accessed with the handset?

Options:

A.

BlackBerry NV Items

B.

Content Store

C.

Event logs

D.

BBThumbs.dat

Buy Now
Exam Code: GASF
Exam Name: GIAC Advanced Smartphone Forensics
Last Update: Oct 10, 2025
Questions: 75
$66  $164.99
$50  $124.99
$42  $104.99
buy now GASF