GIAC Exam GASF Topic 3 Question 46 Discussion

Actual exam question for GIAC's GASF exam

Question #: 46
Topic #: 3

[All GASF Questions]

When dealing with mobile devices and flash memory, and the fact that data in memory constantly changes

even when the device is simply powered on. It is best practice to:

AOnly acquire from devices in an OFF state

BDocument those changes that were made to the device during the forensic process

CAlways use a write-blocker when dealing with mobile devices

DAlways remove the battery from a device before acquisition

Show Suggested Answer

Suggested Answer: C

by Gerald at Dec 09, 2024, 07:03 AM

Limited Time Offer

25%

Off

Get Premium GASF Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Kiera

3 months ago

Ooh, I bet the answer is a combination of B and C. Gotta love those tricky certification questions!

upvoted 0 times

Jettie

3 months ago

C) Always use a write-blocker when dealing with mobile devices

upvoted 0 times

...

Wilson

3 months ago

B) Document those changes that were made to the device during the forensic process

upvoted 0 times

...

Elenora

3 months ago

A) Only acquire from devices in an OFF state

upvoted 0 times

...

Willie

4 months ago

Option A, really? Acquiring from devices in the OFF state? What is this, the dark ages? Let's get with the times, people!

upvoted 0 times

Vinnie

3 months ago

D) Always remove the battery from a device before acquisition

upvoted 0 times

...

Elenora

3 months ago

C) Always use a write-blocker when dealing with mobile devices

upvoted 0 times

...

Hannah

3 months ago

B) Document those changes that were made to the device during the forensic process

upvoted 0 times

...

Shayne

3 months ago

A) Only acquire from devices in an OFF state

upvoted 0 times

...

Milly

4 months ago

Removing the battery, as in Option D? That's so old-school. Who uses that technique anymore? C'mon, we're in the 21st century!

upvoted 0 times

...

Lorrie

4 months ago

I believe option A) Only acquire from devices in an OFF state is also a good practice to prevent any changes to the data.

upvoted 0 times

...

Zoila

4 months ago

I agree with Bettina, using a write-blocker ensures that the data in memory remains unchanged during the forensic process.

upvoted 0 times

...

Clement

4 months ago

Hmm, I'd say Option B is important too. Documenting the changes made to the device is crucial for maintaining a proper chain of custody.

upvoted 0 times

Lyndia

3 months ago

User 2: Yeah, documenting the changes made to the device is really important in forensic processes.

upvoted 0 times

...

Blondell

3 months ago

User 1: I think option B is crucial for maintaining a proper chain of custody.

upvoted 0 times

...

Joni

3 months ago

User 4: It's best practice to document changes and use a write-blocker for mobile devices.

upvoted 0 times

...

Candra

3 months ago

User 3: Using a write-blocker is also essential when dealing with mobile devices.

upvoted 0 times

...

Shakira

3 months ago

User 2: Definitely, documenting changes made to the device is important for forensic process.

upvoted 0 times

...

Giovanna

4 months ago

User 1: I think Option B is crucial for maintaining a proper chain of custody.

upvoted 0 times

...

Bettina

4 months ago

I think the best practice is to always use a write-blocker when dealing with mobile devices.

upvoted 0 times

...

Matthew

4 months ago

Option C is the way to go. Using a write-blocker is the best practice to ensure data integrity during the forensic process. I've learned that the hard way in the past.

upvoted 0 times

...