GIAC
GCFA · Question #85
GCFA Question #85: Real Exam Question with Answer & Explanation
The correct answer is D. Mac OS. iPod forensic investigations are best performed on Mac OS because Apple devices use native Apple file systems that Mac OS fully supports, enabling deeper access to device data.
Question
Adam works as a professional Computer Hacking Forensic Investigator. He works with the local police. A project has been assigned to him to investigate an iPod, which was seized from a student of the high school. It is suspected that the explicit child pornography contents are stored in the iPod. Adam wants to investigate the iPod extensively. Which of the following operating systems will Adam use to carry out his investigations in more extensive and elaborate manner?
Options
- ALinux
- BMINIX 3
- CWindows XP
- DMac OS
Explanation
iPod forensic investigations are best performed on Mac OS because Apple devices use native Apple file systems that Mac OS fully supports, enabling deeper access to device data.
Common mistakes.
- A. Linux has limited or read-only support for Apple HFS+ file systems by default, which restricts the depth and completeness of forensic investigation on an iPod.
- B. MINIX 3 is an academic microkernel operating system not designed for forensic investigation and lacks both the toolsets and the file system support needed to analyze Apple devices.
- C. Windows XP has no native support for Apple HFS+ file systems and would require third-party software just to mount the iPod, making extensive forensic investigation impractical.
Concept tested. Apple device forensics and native file system compatibility
Reference. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-101.pdf
Community Discussion
No community discussion yet for this question.