MDF FINAL EXAM 2024/2025 WITH 100% ACCURATE
SOLUTIONS
List 3 mobile device operating systems. - Precise Answer ✔✔Android,
iOS, Windows
Mobile forensics is a branch of digital forensics related to the recovery
of digital evidence from what types of devices? - Precise Answer
✔✔Cell Phones, GPS devices, drones, tablets
What is a brief definition or translation of the term "metadata?" - Precise
Answer ✔✔"data about data"
What are SIM card data files? - Precise Answer ✔✔ICCID, IMSI,
MSISDN
Metadata that can be specifically found in media files, such as pictures,
is known as? - Precise Answer ✔✔EXIF Data
What is the order of extraction methodologies from the bottom of the
"pyramid" to the top, with the bottom representing the most basic? -
Precise Answer ✔✔Manual, Logical, Hex Dump, Chip Off, Micro Read
Which of the following is not an example of a Hex Dump Extraction:
File system, Bootloader Physical, Client Physical, JTAG - Precise
Answer ✔✔File System
,What does a logical acquisition utilize - Precise Answer ✔✔a device's
API, and is achieved through USB or Bluetooth connections.
Physical acquisitions directly access what - Precise Answer ✔✔the flash
memory of a mobile device, resulting in a bit-for-bit copy of the data.
What will never be recovered through a logical acquisition? - Precise
Answer ✔✔Data in Unallocated space
The mobile forensics process is broken down in to what three main
categories? - Precise Answer ✔✔Seizure, acquisition, and
examination/analysis
Search warrants require what? - Precise Answer ✔✔Scope,
Oath/Affirmation, Probable Cause
At the crime scene, the examiner should place the device in _______
and/or a _______ to prevent changes to the mobile device. - Precise
Answer ✔✔Airplane mode, faraday bag
Describe 1 way of identifying the model of an iPhone, and 1 way of
identifying the iOS version of an iPhone. - Precise Answer ✔✔Model of
iPhone: looking at the back/bottom half of the phone @ A#; iOS
version: unlock phone>settings>general>about
iOS devices utilize what file systems? - Precise Answer ✔✔HFSX
,Within the file system of Apple mobile devices, which partition contains
the device firmware, the operating system, and pre-installed application
settings that are not typically available to the device user? - Precise
Answer ✔✔System Partition
What Apple protocol prevents users from downloading and installing
unauthorized apps? - Precise Answer ✔✔Code Signing
What is the iOS architecture layer that develops the visual interface,
provides basic application architecture, and supports key functions, such
as multi-tasking? - Precise Answer ✔✔Cocoa Touch
What does sandboxing do? - Precise Answer ✔✔Requires user
permission in order to allow applications to access data from other
applications
What are the Apple mobile device modes? - Precise Answer ✔✔DFU,
Normal, Recovery
What iOS backup is utilized when conducting an Advanced Logical
acquisition in Cellebrite Physical Analyzer? - Precise Answer
✔✔Method 1 = iTunes Backup, Method 2 = Apple File Conduit
What property list file, located in an iTunes backup, contains metadata
regarding application backup, identifying, and encryption-related
, information, such as application names, passcode/encryption status, and
keybagdata? - Precise Answer ✔✔Manifest.plist
What are pairing records? - Precise Answer ✔✔The records of every
time you've connected your phone to your computer and had your phone
"trust" it
Devices that utilize iOS or OSX operating systems store timestamps in
what raw format? - Precise Answer ✔✔Mac Absolute Time and Unix
Epoch Time
In iOS devices, SMS Messages are stored in what type of data structure?
- Precise Answer ✔✔SQLite Database
What data structure is stored in a raw binary or XML format and is
typically present within devices that utilize iOS and OSX? - Precise
Answer ✔✔Property List
What version of iPhones is it possible to conduct a physical acquisition
on when they're locked or the passcode is unknown? - Precise Answer
✔✔iPhone 4 and below
Devices that utilize the GSM communication protocol are uniquely
identified by what type of identifier? - Precise Answer ✔✔IMEI
What does ADB stand for? - Precise Answer ✔✔Android Debug Bridge
SOLUTIONS
List 3 mobile device operating systems. - Precise Answer ✔✔Android,
iOS, Windows
Mobile forensics is a branch of digital forensics related to the recovery
of digital evidence from what types of devices? - Precise Answer
✔✔Cell Phones, GPS devices, drones, tablets
What is a brief definition or translation of the term "metadata?" - Precise
Answer ✔✔"data about data"
What are SIM card data files? - Precise Answer ✔✔ICCID, IMSI,
MSISDN
Metadata that can be specifically found in media files, such as pictures,
is known as? - Precise Answer ✔✔EXIF Data
What is the order of extraction methodologies from the bottom of the
"pyramid" to the top, with the bottom representing the most basic? -
Precise Answer ✔✔Manual, Logical, Hex Dump, Chip Off, Micro Read
Which of the following is not an example of a Hex Dump Extraction:
File system, Bootloader Physical, Client Physical, JTAG - Precise
Answer ✔✔File System
,What does a logical acquisition utilize - Precise Answer ✔✔a device's
API, and is achieved through USB or Bluetooth connections.
Physical acquisitions directly access what - Precise Answer ✔✔the flash
memory of a mobile device, resulting in a bit-for-bit copy of the data.
What will never be recovered through a logical acquisition? - Precise
Answer ✔✔Data in Unallocated space
The mobile forensics process is broken down in to what three main
categories? - Precise Answer ✔✔Seizure, acquisition, and
examination/analysis
Search warrants require what? - Precise Answer ✔✔Scope,
Oath/Affirmation, Probable Cause
At the crime scene, the examiner should place the device in _______
and/or a _______ to prevent changes to the mobile device. - Precise
Answer ✔✔Airplane mode, faraday bag
Describe 1 way of identifying the model of an iPhone, and 1 way of
identifying the iOS version of an iPhone. - Precise Answer ✔✔Model of
iPhone: looking at the back/bottom half of the phone @ A#; iOS
version: unlock phone>settings>general>about
iOS devices utilize what file systems? - Precise Answer ✔✔HFSX
,Within the file system of Apple mobile devices, which partition contains
the device firmware, the operating system, and pre-installed application
settings that are not typically available to the device user? - Precise
Answer ✔✔System Partition
What Apple protocol prevents users from downloading and installing
unauthorized apps? - Precise Answer ✔✔Code Signing
What is the iOS architecture layer that develops the visual interface,
provides basic application architecture, and supports key functions, such
as multi-tasking? - Precise Answer ✔✔Cocoa Touch
What does sandboxing do? - Precise Answer ✔✔Requires user
permission in order to allow applications to access data from other
applications
What are the Apple mobile device modes? - Precise Answer ✔✔DFU,
Normal, Recovery
What iOS backup is utilized when conducting an Advanced Logical
acquisition in Cellebrite Physical Analyzer? - Precise Answer
✔✔Method 1 = iTunes Backup, Method 2 = Apple File Conduit
What property list file, located in an iTunes backup, contains metadata
regarding application backup, identifying, and encryption-related
, information, such as application names, passcode/encryption status, and
keybagdata? - Precise Answer ✔✔Manifest.plist
What are pairing records? - Precise Answer ✔✔The records of every
time you've connected your phone to your computer and had your phone
"trust" it
Devices that utilize iOS or OSX operating systems store timestamps in
what raw format? - Precise Answer ✔✔Mac Absolute Time and Unix
Epoch Time
In iOS devices, SMS Messages are stored in what type of data structure?
- Precise Answer ✔✔SQLite Database
What data structure is stored in a raw binary or XML format and is
typically present within devices that utilize iOS and OSX? - Precise
Answer ✔✔Property List
What version of iPhones is it possible to conduct a physical acquisition
on when they're locked or the passcode is unknown? - Precise Answer
✔✔iPhone 4 and below
Devices that utilize the GSM communication protocol are uniquely
identified by what type of identifier? - Precise Answer ✔✔IMEI
What does ADB stand for? - Precise Answer ✔✔Android Debug Bridge
