GIAC Exam GASF Topic 3 Question 46 Discussion

Actual exam question for GIAC's GASF exam

Question #: 46
Topic #: 3

[All GASF Questions]

When dealing with mobile devices and flash memory, and the fact that data in memory constantly changes

even when the device is simply powered on. It is best practice to:

AOnly acquire from devices in an OFF state

BDocument those changes that were made to the device during the forensic process

CAlways use a write-blocker when dealing with mobile devices

DAlways remove the battery from a device before acquisition

Show Suggested Answer

Suggested Answer: C

by Gerald at Dec 09, 2024, 07:03 AM

Limited Time Offer

25%

Off

Get Premium GASF Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Lorrie

5 days ago

I believe option A) Only acquire from devices in an OFF state is also a good practice to prevent any changes to the data.

upvoted 0 times

...

Zoila

6 days ago

I agree with Bettina, using a write-blocker ensures that the data in memory remains unchanged during the forensic process.

upvoted 0 times

...

Clement

7 days ago

Hmm, I'd say Option B is important too. Documenting the changes made to the device is crucial for maintaining a proper chain of custody.

upvoted 0 times

...

Bettina

10 days ago

I think the best practice is to always use a write-blocker when dealing with mobile devices.

upvoted 0 times

...

Matthew

10 days ago

Option C is the way to go. Using a write-blocker is the best practice to ensure data integrity during the forensic process. I've learned that the hard way in the past.

upvoted 0 times

...