GIAC GIME Actual Free Exam Questions & Community Discussion

Exam Code/Number: GIME
Exam Name/Title: GIAC iOS and macOS Examiner
Certification Provider: GIAC
Corresponding Certification: Digital Forensics

Exam Questions: 157
Updated On: Jun 02, 2026

Question #40

Which system configuration files are commonly analyzed during a macOS forensic investigation? (Select two)

A. /Users/[username]/Library/Preferences/com.apple.systempreferences.plist

B. /etc/sudoers

C. /private/var/log/system.log

D. /Library/Preferences/SystemConfiguration/preferences.plist

Discussion 0

Correct Answer: A,D Vote an answer

Question #41

What SQL clause is used to filter the results of a query?

A. ORDER BY

B. WHERE

C. GROUP BY

D. SELECT

Discussion 0

Correct Answer: B Vote an answer

Question #42

During system triage, what indicates the initial installation date of the OS?

A. Kernel extension

B. Firmware version

C. System log creation date

D. Time Machine backup

Discussion 0

Correct Answer: C Vote an answer

Question #43

What artifact within the Apple File System indicates application usage?

A. Spotlight index

B. User preferences

C. System logs

D. Kernel extensions

Discussion 0

Correct Answer: A Vote an answer

Question #44

Which acquisition method is preferred for preserving the integrity of data during an incident response?

A. Live system acquisition

B. Full disk encryption

C. Logical acquisition

D. Remote acquisition

Discussion 0

Correct Answer: A Vote an answer

Question #45

During the analysis of user data from productivity applications, what is a primary focus?

A. Checking compliance with licensing terms

B. Monitoring CPU temperature

C. Evaluating network speed

D. Understanding the applications' role in the user's activities

Discussion 0

Correct Answer: D Vote an answer

Question #46

Which data types can be recovered from a forensic image of an iOS device? (Select two)

A. Encrypted network traffic logs

B. Deleted text messages

C. Decrypted iCloud backups

D. Location data from the Maps app

Discussion 0

Correct Answer: B,D Vote an answer

Question #47

In productivity application analysis, what data can be extracted from the Mail application?

A. Network configuration

B. Printing preferences

C. Web browsing history

D. Email content and metadata

Discussion 0

Correct Answer: D Vote an answer

Question #48

Which tool is commonly used for memory acquisition on macOS devices?

A. Terminal

B. Cellebrite

C. Volatility

D. MemDump

Discussion 0

Correct Answer: C Vote an answer

Question #49

During an investigation, you need to determine when a user typically uses their macOS device for online shopping.
What steps will you take to establish this pattern of life? (Choose three)

A. Review Safari browsing history for e-commerce sites

B. Check the /var/log/cron logs for shopping-related tasks

C. Check Wi-Fi logs for activity during specific timeframes

D. Analyze Screen Time data to identify peak usage hours

E. Extract geolocation data to confirm the user's location during purchases

Discussion 0

Correct Answer: A,C,D Vote an answer

Question #50

What can iCloud data analysis reveal in a forensic context?

A. Network bandwidth

B. Power consumption patterns

C. CPU usage

D. User's data backup habits

Discussion 0

Correct Answer: D Vote an answer

Question #51

Which artifact indicates the OS backup frequency during system triage?

A. Application update logs

B. System migration assistant

C. Time Machine settings

D. Disk utility reports

Discussion 0

Correct Answer: C Vote an answer

Question #52

Which application's data would provide insights into the user's professional contacts and communications?

A. Safari

B. Calendar

C. Photos

D. Mail

Discussion 0

Correct Answer: D Vote an answer

Download Free GIAC GIME Demo

Simply submit your e-mail address below to get started with our free demo of your GIAC GIME exam.