GIAC GIME Actual Free Exam Questions & Community Discussion

Exam Code/Number: GIME
Exam Name/Title: GIAC iOS and macOS Examiner
Certification Provider: GIAC
Corresponding Certification: Digital Forensics

Exam Questions: 157
Updated On: Jun 02, 2026

Question #53

What type of data can be found in volatile memory on macOS devices?

A. Web browser bookmarks

B. User contacts

C. System logs

D. Application passwords and encryption keys

Discussion 0

Correct Answer: D Vote an answer

Question #54

What can be inferred from a consistent login pattern found during a "Pattern of Life" analysis?

A. Hardware specifications

B. Encryption strength

C. System vulnerabilities

D. User's typical activity times

Discussion 0

Correct Answer: D Vote an answer

Question #55

How can an investigator use Unified Logs in macOS for timeline creation?

A. By correlating system events across different log levels

B. By analyzing hardware-related messages exclusively

C. By tracking user logins only

D. By focusing solely on application crash reports

Discussion 0

Correct Answer: A Vote an answer

Question #56

What is a crucial step in log analysis within incident response?

A. Changing log retention settings

B. Correlating events from different log sources

C. Deleting outdated logs

D. Archiving all logs to external storage

Discussion 0

Correct Answer: B Vote an answer

Question #57

What aspect of user data is critical for distinguishing between different user profiles in system configuration analysis?

A. Screen resolution settings

B. Desktop wallpaper choices

C. Universal Access preferences

D. Per-user daemon configurations

Discussion 0

Correct Answer: D Vote an answer

Question #58

You are analyzing a macOS system involved in a data breach. The user is suspected of modifying system settings to avoid detection.
What steps will you take to identify changes in user settings and system configurations? (Choose three)

A. Review /Users/[username]/Library/Preferences/com.apple.systempreferences.plist for changes in user preferences

B. Check the /Library/Preferences/SystemConfiguration/ directory for system-wide configuration changes

C. Inspect the sudoers file for unauthorized privilege escalation

D. Use dscl to list all user accounts and their permissions

E. Use Time Machine backups to restore default system settings

Discussion 0

Correct Answer: A,B,C Vote an answer

Question #59

Which artifacts are commonly analyzed to reconstruct a user's pattern of life on macOS and iOS? (Select two)

A. Application usage history

B. Bluetooth pairing logs

C. System uptime logs

D. Geolocation metadata from photos

Discussion 0

Correct Answer: A,D Vote an answer

Question #60

Which macOS log files should be analyzed to track application crashes during forensic analysis?

A. /Library/Logs/DiagnosticReports/

B. /System/Logs/app_error.log

C. /etc/security/crashlog.log

D. /private/var/log/app_crashes.log

Discussion 0

Correct Answer: A Vote an answer

Question #61

What type of data can be extracted from the Maps application in iOS for forensic purposes?

A. Contact details

B. Browser history

C. Location history and routes

D. Text messages

Discussion 0

Correct Answer: C Vote an answer

Question #62

Which command can you use to gather detailed system information about a macOS device during a triage?

A. sudo systemctl status

B. sudo systeminfo

C. sudo sysdiagnose

D. sudo system_profiler

Discussion 0

Correct Answer: D Vote an answer

Question #63

In Apple Systems Triage, what artifact might show when the system was last managed or configured remotely?

A. Mobile device management (MDM) logs

B. Peripheral device connections

C. User login times

D. Screen sharing sessions

Discussion 0

Correct Answer: A Vote an answer

Question #64

For system triage, how can one identify the presence of network profiles?

A. Reviewing browser cookies

B. Analyzing email configurations

C. Inspecting network preferences

D. Checking the firewall status

Discussion 0

Correct Answer: C Vote an answer

Question #65

What type of metadata is stored in APFS snapshots?

A. System event logs

B. Wi-Fi connection history

C. File and directory states at specific points in time

D. File permissions

Discussion 0

Correct Answer: C Vote an answer

Download Free GIAC GIME Demo

Simply submit your e-mail address below to get started with our free demo of your GIAC GIME exam.