Areas Covered
- Fundamentals of mobile forensics and conducting forensic exams
- Device file system analysis and mobile application behavior
- Event artifact analysis and the identification and analysis of mobile device malware
Who is GASF for?
- Experienced digital forensic examiners
- Media exploitation analysts
- Information security professionals
- Incident response teams
- Law enforcement officers, federal agents, and detectives
- Accident reconstruction investigators
Exam Format
- 1 proctored exam
- 75 questions
- 2 hours
- Minimum passing score of 69%
Delivery
NOTE: All GIAC Certification exams are web-based and required to be proctored. There are two proctoring options: remote proctoring through ProctorU, and onsite proctoring through PearsonVUE. Click here for more information.
GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt.
Exam Certification Objectives & Outcome Statements
- Android Backup and Cloud Storage Forensics The candidate will be familiar with the various methodologies and platform specific resources used by Android devices when creating device and system backups
- Android Device Forensics and Analysis of File System, Evidence Locations and User Activity The candidate will demonstrate an understanding of the techniques and tools used during the collection, preservation and analysis of Android mobile device data including the file system structure, user activity and common artifact locations.
- iOS Backup and Cloud Storage Forensics The candidate will be familiar with the various methodologies and platform specific resources used by iOS devices when creating device and system backups
- iOS Device Forensics and Analysis of File System, Evidence Locations and User Activity The candidate will demonstrate an understanding of the techniques and tools used during the collection, preservation and analysis of iOS mobile device data including the file system structure, user activity and common artifact locations.
- Mobile Forensics Introduction The candidate will demonstrate an understanding of the techniques and tools used to collect and analyze data from Android and iOS mobile devices.
- Mobile Malware and Spyware Detection and Analysis The candidate will demonstrate an understanding of how mobile malware interacts with Android and iOS devices and the tools used to detect and analyze malicious activity.
- Third-party Application Artifact Analysis The candidate will demonstrate an understanding of the tools and techniques used to review, analyze and investigate third party application activity.
- Third-party Application Forensics Introduction The candidate will be familiar with artifacts created by third party applications on Android and iOS devices.
Other Resources
- Training is available in a variety of modalities including live training and OnDemand
- Practical work experience can help ensure that you have mastered the skills necessary for certification
- College level courses or self paced study through another program or materials may meet the needs for mastery.
- Get information about the procedure to contest exam results.
Practice Tests
- These tests are a simulation of the real exam allowing you to become familiar with the test engine and style of questions.
- Practice exams are a gauge to determine if your preparation methods are sufficient.
- The practice bank questions are limited so you may encounter the same question on practice tests when multiple practice tests are purchased.
- Practice exams never include actual exam questions.
- Purchase a GASF practice test here.
- GIAC recommends leveraging additional study methods for test preparation.