GIAC Battlefield Forensics and Acquisition (GBFA) Exam Syllabus

GBFA PDF, GBFA Dumps, GBFA VCE, GIAC Battlefield Forensics and Acquisition Questions PDF, GIAC Battlefield Forensics and Acquisition VCE, GIAC GBFA Dumps, GIAC GBFA PDFUse this quick start guide to collect all the information about GIAC GBFA Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the GIAC Battlefield Forensics and Acquisition (GBFA) exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual GIAC Battlefield Forensics and Acquisition (GBFA) certification exam.

The GIAC GBFA certification is mainly targeted to those candidates who want to build their career in Digital Forensics, Incident Response & Threat Hunting domain. The GIAC Battlefield Forensics and Acquisition (GBFA) exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of GIAC GBFA.

GIAC GBFA Exam Summary:

Exam Name GIAC Battlefield Forensics and Acquisition (GBFA)
Exam Code GBFA
Exam Price $999 (USD)
Duration 120 mins
Number of Questions 75
Passing Score 69%
Books / Training FOR498: Digital Acquisition and Rapid Triage
Schedule Exam GIAC
Sample Questions GIAC GBFA Sample Questions
Practice Exam GIAC GBFA Certification Practice Exam

GIAC GBFA Exam Syllabus Topics:

Topic Details
Acquiring RAM and OS Artifacts
- The candidate will be able to describe the different methods for performing acquisition of RAM, macOS and Shadow copies. This includes using disk copy utilities and target disk mode.
Acquisition Preparation
- The candidate will be able to summarize the goals of scene management, how to assess evidence, recognize tampering, and verify acquisitions.
Computer Fundamentals
- The candidate will be familiar with basic computer concepts, such as machine configuration, boot processes, BIOS, UEFI, IP addressing, and domain registrars, in preparation for acquisition.
Data on Drives
- The candidate will be able to summarize different ways data on drives can be stored and accessed, including encryption and handling deleted files.
Data on the Network
- The candidate will be able to describe different ways that data can exist in motion, such as IoT network traffic and PCAP files. They will also be able to discuss how different network tools can be used to discover networked devices.
Dead Box Acquisition
- The candidate will be able to describe the different methods for performing dead box acquisition, including write blocking and media removal.
Filesystem Fundamentals
- The candidate will be able to describe basic concepts of common filesystems, like NTFS, EXT, and FAT. They will also be able to describe the functionality of major components that comprise these file systems, such as Master File Tables and File Allocation Tables.
Host Based Live Acquisition
- The candidate will be able to describe the different methods for performing host based live acquisition, including the use of software and hardware write blocking and accessing physical drives and volumes.
Manual Triage
- The candidate will be familiar with manual techniques and tools used to select and triage data.
Manually Finding Data
- The candidate will be able to outline the different ways in which data can be manually found. This includes: where data can be found, carving metadata, and file recovery.
Mobile Device Acquisition
- The candidate will be able to describe, at a high level, the different methods used to perform mobile device acquisition. This includes isolating portable devices from radio signals, tools for mobile device acquisition, and identifying specific mobile devices.
Mobile Device Triage
- The candidate will be able to outline the ways in which data can be triaged from mobile devices. This includes Android and Apple specific scenarios and how to triage data found in mobile apps, as well as calendars and emails.
Physical Storage Devices
- The candidate will be able to compare and contrast the different forms of physical storage devices. This includes device interfaces, spinning disk layout, solid state drive fundamentals, and common HDD problems.
Remote Acquisition
- The candidate will be able to describe the different methods for performing remote acquisitions, including acquisitions over the network as well as leveraging common cloud provider products.
Specialty Device Fundamentals
- The candidate will be able to describe basic concepts of common specialty devices, like MacOS, including System Profiler and Device Information Collection.
Storage Technologies
- The candidate will be able to summarize, compare, and contrast common storage technologies, such as the different levels of RAID configurations.
Using Forensic Tools for Triage
- The candidate will be able to compare and contrast the ways in which popular forensic tools can be effectively used in data triage.
Windows Filesystems
- The candidate will be able to compare and contrast major Windows filesystems including FAT, exFAT, and NTFS.
Working With Evidence Files
- The candidate will be able to compare and contrast common evidence file formats, how they can be accessed, and how they can be used in an investigation.

To ensure success in GIAC GBFA certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for GIAC Battlefield Forensics and Acquisition (GBFA) exam.

Rating: 4.8 / 5 (111 votes)