Cyber Security Certification: GASF
Cyber Security Certification: GASF
GIAC Advanced Smartphone Forensics (GASF)
The popularity of mobile devices in our work and personal lives has become increasingly broad and complex. The volume and type of data that these devices carry such as contact lists, email, work
documents, SMS messages, images, internet browsing history and application specific data make them important for the individual who carries the device and allows for a rich source of data for forensic examinations.
Areas Covered
- Fundamentals of mobile forensics and conducting forensic exams
- Device file system analysis and mobile application behavior
- Event artifact analysis and the identification and analysis of mobile device malware
Who is GASF for?
- Experienced digital forensic examiners
- Media exploitation analysts
- Information security professionals
- Incident response teams
- Law enforcement officers, federal agents, and detectives
- Accident reconstruction investigators
- IT auditors
Requirements
- 1 proctored exam
- 75 questions
- Time limit of 2 hours
- Minimum Passing Score of 69%
Delivery
NOTE: All GIAC Certification exams are web-based and required to be proctored. There are two proctoring options: remote proctoring through ProctorU, and onsite proctoring through PearsonVUE. Click here for more information.
GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt.
Exam Certification Objectives & Outcome Statements
The topic areas for each exam part follow:
- Android Backup and Cloud Storage Forensics
- The candidate will be familiar with the various methodologies and platform specific resources used by Android devices when creating device and system backups
- Android Device Forensics and Analysis of File System, Evidence Locations and User Activity
- The candidate will demonstrate an understanding of the techniques and tools used during the collection, preservation and analysis of Android mobile device data including the file system structure, user activity and common artifact locations.
- iOS Backup and Cloud Storage Forensics
- The candidate will be familiar with the various methodologies and platform specific resources used by iOS devices when creating device and system backups
- iOS Device Forensics and Analysis of File System, Evidence Locations and User Activity
- The candidate will demonstrate an understanding of the techniques and tools used during the collection, preservation and analysis of iOS mobile device data including the file system structure, user activity and common artifact locations.
- Mobile Forensics Introduction
- The candidate will demonstrate an understanding of the techniques and tools used to collect and analyze data from Android and iOS mobile devices.
- Mobile Malware and Spyware Detection and Analysis
- The candidate will demonstrate an understanding of how mobile malware interacts with Android and iOS devices and the tools used to detect and analyze malicious activity.
- Third-party Application Artifact Analysis
- The candidate will demonstrate an understanding of the tools and techniques used to review, analyze and investigate third party application activity.
- Third-party Application Forensics Introduction
- The candidate will be familiar with artifacts created by third party applications on Android and iOS devices.
*No Specific training is required for any GIAC certification. There are many sources of information available regarding the certification objectives' knowledge areas. Practical experience is an option; there are also numerous books on the market covering Computer Information Security. Another option is any relevant courses from training providers, including SANS.*
Other Resources
- Training is available in a variety of modalities including live conference training, online, and self study.
- Practical work experience can help ensure that you have mastered the skills necessary for certification
- College level courses or study through another program may meet the needs for mastery.
- The procedure to contest exam results can be found athttps://www.giac.org/about/procedures/grievance.