Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC GASF Exam - Topic 6 Question 64 Discussion

Actual exam question for GIAC's GASF exam
Question #: 64
Topic #: 6
[All GASF Questions]

Exhibit:

Where can an analyst find data to provide additional artifacts to support the evidence in the highlighted file?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Joaquin at Mar 08, 2026, 04:41 AM

Limited Time Offer

25%

Off

Get Premium GASF Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Sharen
19 days ago
C) sysmon2.db-shm might not be relevant, just saying.
upvoted 0 times
...
Becky
25 days ago
I think B) browser2.db could have useful info too.
upvoted 0 times
...
Earleen
30 days ago
A) internal.db-wal is a good choice for internal data.
upvoted 0 times
...
Laine
1 month ago
Wait, are we sure about A)? I thought it was just temporary data.
upvoted 0 times
...
Jill
1 month ago
D) external.db? That’s a bit vague, not sure about that one.
upvoted 0 times
...
Derick
2 months ago
C) sysmon2.db-shm might not be useful for this case.
upvoted 0 times
...
Felicia
2 months ago
I think B) browser2.db could have relevant browsing history.
upvoted 0 times
...
Dortha
2 months ago
A) internal.db-wal is often used for transaction logs.
upvoted 0 times
...
Shenika
2 months ago
I’m a bit confused about sysmon2.db-shm; I remember it being related to shared memory, but I’m not sure how that ties into our evidence.
upvoted 0 times
...
Stephaine
2 months ago
I practiced a question similar to this, and I think external.db could hold useful artifacts too, but I can't recall the specifics.
upvoted 0 times
...
Gerald
2 months ago
I feel like browser2.db could have relevant browsing history data, which might help support the evidence.
upvoted 0 times
...
Kati
3 months ago
I think I remember that internal.db-wal might contain transaction logs, but I'm not entirely sure if that's what we're looking for here.
upvoted 0 times
...

Save Cancel