New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC GASF Exam - Topic 3 Question 46 Discussion

Actual exam question for GIAC's GASF exam
Question #: 46
Topic #: 3
[All GASF Questions]

When dealing with mobile devices and flash memory, and the fact that data in memory constantly changes

even when the device is simply powered on. It is best practice to:

Show Suggested Answer Hide Answer
Suggested Answer: C

by Gerald at Dec 09, 2024, 07:03 AM

Limited Time Offer

25%

Off

Get Premium GASF Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Ruthann
3 months ago
Documenting changes seems like a hassle, but probably necessary.
upvoted 0 times
...
Ilene
3 months ago
Wait, does data really change just by being on? That's wild!
upvoted 0 times
...
Alysa
3 months ago
I think removing the battery is risky. Could lose data that way.
upvoted 0 times
...
Annamaria
4 months ago
Totally agree with that! Write-blockers are a must.
upvoted 0 times
...
Hillary
4 months ago
Always use a write-blocker when dealing with mobile devices.
upvoted 0 times
...
Glen
4 months ago
Removing the battery sounds familiar, but I’m not convinced it’s the best practice in every case. I feel like there are exceptions.
upvoted 0 times
...
Catherin
4 months ago
I vaguely recall something about write-blockers being essential for mobile devices, but I can't remember if they apply to all situations.
upvoted 0 times
...
Matthew
4 months ago
I think documenting changes is crucial, especially since mobile devices can alter data even when idle. That seems like a safe bet.
upvoted 0 times
...
Vonda
5 months ago
I remember we discussed the importance of the device state during our practice sessions, but I'm not sure if turning it off is always the best option.
upvoted 0 times
...
Daniel
5 months ago
This is a great question! I remember discussing this in class. I believe the best approach is to go with option D - always remove the battery from the device before acquisition. That way, you can be sure the data is static and won't be modified during the process.
upvoted 0 times
...
Markus
5 months ago
Okay, let me think this through. Since the data is constantly changing, we need to minimize the impact of the forensic process. I think B is the way to go - document any changes that were made to the device. That way, we can account for them in our analysis.
upvoted 0 times
...
Mireya
5 months ago
Ah, this is a classic mobile forensics question. I'm pretty confident that the answer is C - always use a write-blocker. That's the best way to ensure you don't accidentally modify the data during the acquisition process.
upvoted 0 times
...
Stanton
5 months ago
Hmm, I'm a bit confused on this one. I know we need to be careful with mobile devices, but I'm not sure which option is the best approach. I guess I'll have to review my notes and try to figure out the right strategy.
upvoted 0 times
...
Detra
5 months ago
This is a tricky one. I think the key is to focus on preserving the integrity of the data, even as the device is powered on. I'm leaning towards B or C, but I'll need to think it through carefully.
upvoted 0 times
...
Kiera
10 months ago
Ooh, I bet the answer is a combination of B and C. Gotta love those tricky certification questions!
upvoted 0 times
Jettie
9 months ago
C) Always use a write-blocker when dealing with mobile devices
upvoted 0 times
...
Wilson
9 months ago
B) Document those changes that were made to the device during the forensic process
upvoted 0 times
...
Elenora
10 months ago
A) Only acquire from devices in an OFF state
upvoted 0 times
...
...
Willie
10 months ago
Option A, really? Acquiring from devices in the OFF state? What is this, the dark ages? Let's get with the times, people!
upvoted 0 times
Vinnie
9 months ago
D) Always remove the battery from a device before acquisition
upvoted 0 times
...
Elenora
9 months ago
C) Always use a write-blocker when dealing with mobile devices
upvoted 0 times
...
Hannah
10 months ago
B) Document those changes that were made to the device during the forensic process
upvoted 0 times
...
Shayne
10 months ago
A) Only acquire from devices in an OFF state
upvoted 0 times
...
...
Milly
10 months ago
Removing the battery, as in Option D? That's so old-school. Who uses that technique anymore? C'mon, we're in the 21st century!
upvoted 0 times
...
Lorrie
10 months ago
I believe option A) Only acquire from devices in an OFF state is also a good practice to prevent any changes to the data.
upvoted 0 times
...
Zoila
11 months ago
I agree with Bettina, using a write-blocker ensures that the data in memory remains unchanged during the forensic process.
upvoted 0 times
...
Clement
11 months ago
Hmm, I'd say Option B is important too. Documenting the changes made to the device is crucial for maintaining a proper chain of custody.
upvoted 0 times
Lyndia
9 months ago
User 2: Yeah, documenting the changes made to the device is really important in forensic processes.
upvoted 0 times
...
Blondell
9 months ago
User 1: I think option B is crucial for maintaining a proper chain of custody.
upvoted 0 times
...
Joni
10 months ago
User 4: It's best practice to document changes and use a write-blocker for mobile devices.
upvoted 0 times
...
Candra
10 months ago
User 3: Using a write-blocker is also essential when dealing with mobile devices.
upvoted 0 times
...
Shakira
10 months ago
User 2: Definitely, documenting changes made to the device is important for forensic process.
upvoted 0 times
...
Giovanna
10 months ago
User 1: I think Option B is crucial for maintaining a proper chain of custody.
upvoted 0 times
...
...
Bettina
11 months ago
I think the best practice is to always use a write-blocker when dealing with mobile devices.
upvoted 0 times
...
Matthew
11 months ago
Option C is the way to go. Using a write-blocker is the best practice to ensure data integrity during the forensic process. I've learned that the hard way in the past.
upvoted 0 times
...

Save Cancel