Use this quick start guide to collect all the information about GIAC GIME Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the GIAC iOS and macOS Examiner (GIME) exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual GIAC iOS and macOS Examiner (GIME) certification exam.
The GIAC GIME certification is mainly targeted to those candidates who want to build their career in Digital Forensics, Incident Response & Threat Hunting domain. The GIAC iOS and macOS Examiner (GIME) exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of GIAC GIME.
GIAC GIME Exam Summary:
| Exam Name | GIAC iOS and macOS Examiner (GIME) |
| Exam Code | GIME |
| Exam Price | $979 (USD) |
| Duration | 120 mins |
| Number of Questions | 75 |
| Passing Score | 67% |
| Books / Training | FOR518: Mac and iOS Forensic Analysis and Incident Response |
| Schedule Exam | GIAC |
| Sample Questions | GIAC GIME Sample Questions |
| Practice Exam | GIAC GIME Certification Practice Exam |
GIAC GIME Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Apple Application Analysis | - The candidate will analyze configurations and data for contacts, notes, wallet, photos, maps, screen time and apple watch applications. |
| Apple File System Artifacts | - The candidate will examine event artifacts created by file system operations, operating system use, Spotlight, and removable media devices. |
| Apple Systems Triage | - The candidate will prepare system triage with fundamental system artifacts. Triage information includes system identifiers, OS installation and backup dates, management profiles, network information, and user accounts. |
| Application Fundamentals | - The candidate will identify basic application data structures and construct SQL queries to examine the data. |
| Document and iCloud analysis | - The candidate will distinguish changes across document versions and iCloud data. |
| Encrypted Container and Memory Analysis | - The candidate will identify memory acquisition methods and use brute force techniques to access encrypted data for analysis |
| Incident Response | - The candidate will examine artifacts created by malicious code and analyze volatile system artifacts. |
| Introduction to Apple Operating Systems | - The candidate will differentiate between system acquisition and data types available for analysis. |
| Introduction to Disk and File Systems | - The candidate will identify key data types associated with Apple systems and mount system images for analysis. |
| Log Analysis and Timeline Creation | - The candidate will correlate key log types and create an event timeline. |
| Pattern of Life | The candidate will organize system based artifacts to track user behavior and habits. |
| Productivity Application Analysis | - The candidate will analyze configurations and data for mail, safari, communication, and reminder applications. |
| User Data and System Configuration | - The candidate will identify artifacts created from system configuration and user data. |
To ensure success in GIAC GIME certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for GIAC iOS and macOS Examiner (GIME) exam.