Advanced Digital Forensics Exam 3 Questions with Correct Answers.
0 view 0 purchase
Course
Advanced Digital Forensics
Institution
Advanced Digital Forensics
Advanced Digital Forensics Exam 3 Questions with Correct Answers.Advanced Digital Forensics Exam 3 Questions with Correct Answers.Advanced Digital Forensics Exam 3 Questions with Correct Answers.
Advanced Digital Forensics Exam 3 Questions with Correct
Answers.
How does Axiom Process identify Encrypted Files?
A) Hash Value Check
B) File Signature Check
C) Entropy Value Check
D) $MFT Attribute Check - Correct Answer C) Entropy Value Check
(T/F) In addition to identifying files that are encrypted, AXIOM will also display the
program that was used to encrypt the file. - Correct Answer False
When encountering encrypted files, what options does the examiner have to decrypt the
file? (Select All)
A) Ask the user for the password
B) Run a dictionary attack against the file
C) None. As of this time, encryption cannot be broken
D) Run a brute force attack against the file - Correct Answer A) Ask the user for the
password
B) Run a dictionary attack against the file
D) Run a brute force attack against the file
What type of database is typically used by mobile devices and applications to store data
on the device?
A) SQLite Database
B) Extensible Database
C) Access Database
D) DBase Database - Correct Answer A) SQLite Database
Which .plist file associated with an iOS backup keeps a record of the device name and
UDID (Unique Device Identifier)
A) Status.plist
B) Manifest.plist
C) Config.plist
D) Info.plist - Correct Answer D) Info.plist
AXIOM Process can extract information from which types of devices? (Select All)
A) Android
B) iOS
C) Windows
D) Flip Phones
E) Kindle Fire - Correct Answer A) Android
B) iOS
C) Windows
E) Kindle Fire
, (T/F) Since many of the techniques used by examiners for iOS exams rely on Apple's
built in backup features, the forensic capabilities of each iOS version are consistent
from version-to-version - Correct Answer False
Which of the following is not an identifying value of an Apple device?
A) IMEI (International Mobile Equipment Identity)
B) Cellular telephone number
C) Serial number assigned by Apple
D) UDID (Unique Device Identifier) - Correct Answer B) Cellular telephone number
(T/F) The UDID is unique to an Apple device and Apple maintains records for each
device based on the UDID - Correct Answer True
In which situation would an iOS device NOT pass the UDID into the registry of a
Windows computer when attached?
A) The device is locked
B) The device is not trusted
C) The device is not powered on
D) The device is trusted but not unlocked - Correct Answer C) The device is not
powered on
Which of the following is the format of an iOS UDID?
A) 12a6 iPad 3
B) 574-234-7121
C) 2C7D24D2346E0F4F8FE727EC0F3435AD22E1BF3C
D) 12a8 iPhone5/5C/5S/6/6+/7 - Correct Answer C)
2C7D24D2346E0F4F8FE727EC0F3435AD22E1BF3C
(T/F) The location of an iOS backup on a Windows computer depends on how iTunes
was installed. - Correct Answer True
If an examiner knows that a computer contains an encrypted iOS backup, where in
AXIOM Process is the examiner able to enter a password to decrypt and process the
backup?
A) Mobile Artifacts
B) Mobile Backup Passwords
C) Mobile Backup Decryption
D) AXIOM will not process encrypted backups - Correct Answer B) Mobile Backup
Passwords
(T/F) The passcode assigned to an iTunes backup is different from the passcode on the
device and different from the iCloud password - Correct Answer True
(T/F) It is possible to reset an iTunes backup password with all versions of iOS - Correct
Answer False
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Lectjoe. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $23.49. You're not tied to anything after your purchase.
