Download GIAC.CertDumps.GASF.2018-07-23.1e.37q.vcex

Exam GIAC Advanced Smartphone Forensics (GASF)
Number GASF
File Name GIAC.CertDumps.GASF.2018-07-23.1e.37q.vcex
Size 1.89 Mb
Posted August 07, 2018


How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.


With discount: 20%

Demo Questions

Question 1

When conducting forensic analysis of an associated media card, one would most often expect to find this particular file system format?

  • A: HFS
  • B: NTFS
  • C: Yaffs2
  • D: FAT
Question 2

Cellebrite Physical Analyzer uses Bit Defender to scan for malware by flagging files who have known bad hash values. This is an example of which type of mobile malware detection?

  • A: Specific-based malware detection
  • B: Signature-based detection
  • C: Behavioral-based detection
  • D: Cloud based malware detection
Question 3

Which of the following is required in addition to the Apple ID of the custodian to access IOS backup files that are stored in ICloud?

  • A: iTunes password
  • B: Device passcode
  • C: Manifest.plist
  • D: Keychain-backup.plist
Question 4

In 2015, Apple’s iTunes store was found to be hosting several malicious applications that were infected as a result of hacked version of the developer toolkit used to create applications. Which Apple developer suite was targeted?

  • A: Xcode
  • B: ADB
  • C: Momentics IDE
  • D: Xamarin
Question 5

An Android device user is known to use Facebook to communicate with other parties under examination. There is no evidence of the Facebook application on the phone. 
If there was Facebook usage where would an examiner expect to find these artifacts?

  • A: Storage
  • B: dmappmgr.db
  • C: /data/system/packages.xml
  • D: AndroidManifest.xml
Question 6

Physical Analyzer provides a function to narrow down a search based on a timestamp, a type, a party or date. What is the name of this advanced searching capability?

  • A: Watchlist Editor
  • B: Tags
  • C: Timeline
  • D: Event of Interest
Question 7

The files pictured below from a BlackBerry OS10 file system have a unique file extension. What can be concluded about these files? 


  • A: Files are protected by the file system, so changing the file system makes them less accessible
  • B: Files are encrypted to prevent them from being viewed without the decryption key
  • C: Files are encoded for secure transmitting of data
  • D: Files are located on a media card so they contain a unique file extension
Question 8

Where can an analyst find data to provide additional artifacts to support the evidence in the highlighted file? 


  • A: internal.db-wal
  • B: browser2.db
  • C: sysmon2.db-shm
  • D: external.db
Question 9

Which of the following is a unique 56 bit number assigned to a CDMA handset?

  • A: Mobile Station International Subscriber Directory Number (MSISDN)
  • B: Electronic Serial Number (ESN)
  • C: International Mobile Equipment Identifier (IMEI)
  • D: Mobile Equipment ID (MEID)
Question 10

Which of the following files provides the most accurate reflection of the device’s date/timestamp related to the last device wipe?

  • A: /private/var/mobile/Library/AddressBook/AddressBook.sqlitedb
  • B: /private/var/mobile/Applications/
  • C: /private/var/mobile/Applications/com.viber/Library/Prefernces/com.viber.plist
  • D: /private/var/mobile/Applications/net.whatsapp.WhatsApp/Library/pw.dat