Exam (elaborations)
MDF FINAL EXAM 2024 QUESTIONS WITH COMPLETE SOLUTIONS!!
- Course
- Institution
MDF FINAL EXAM 2024 QUESTIONS WITH COMPLETE SOLUTIONS!!
[Show more]
Content preview
MDF FINAL EXAM 2024QUESTIONS WITH
COMPLETE
SOLUTIONS!!
MDF
Evatee 8/21/24 MDF
,MDF FINAL EXAM 2024 QUESTIONS WITH
COMPLETE SOLUTIONS!!
What is the term used extensively in the digital forensics community to qualify
and justify the use of a particular forensic technology or methodology? Answer
- Forensically Sound
List 3 mobile device operating systems. Answer - Android, iOS, Windows
Mobile forensics is a branch of digital forensics related to the recovery of digital
evidence from what types of devices? Answer - Cell Phones, GPS devices,
drones, tablets
What is a brief definition or translation of the term "metadata?" Answer -
"data about data"
What are SIM card data files? Answer - ICCID, IMSI, MSISDN
Metadata that can be specifically found in media files, such as pictures, is
known as? Answer - EXIF Data
What is the order of extraction methodologies from the bottom of the
"pyramid" to the top, with the bottom representing the most basic? Answer -
Manual, Logical, Hex Dump, Chip Off, Micro Read
Which of the following is not an example of a Hex Dump Extraction: File
system, Bootloader Physical, Client Physical, JTAG Answer - File System
,An examiner would physically scroll through a device while photographically
documenting its screen during what type of acquisition? Answer - Manual
What does a logical acquisition utilize Answer - a device's API, and is achieved
through USB or Bluetooth connections.
Physical acquisitions directly access what Answer - the flash memory of a
mobile device, resulting in a bit-for-bit copy of the data.
What will never be recovered through a logical acquisition? Answer -
Unallocated space
The mobile forensics process is broken down in to what three main categories?
Answer - Seizure, acquisition, and examination/analysis
Search warrants require what? Answer - Scope, Oath/Affirmation, Probable
Cause
At the crime scene, the examiner should place the device in _______ and/or a
_______ to prevent changes to the mobile device. Answer - Airplane mode,
faraday bag
Describe 1 way of identifying the model of an iPhone, and 1 way of identifying
the iOS version of an iPhone. Answer - Model of iPhone: looking at the
back/bottom half of the phone @ A#; iOS version: unlock
phone>settings>general>about
iOS devices utilize what file systems? Answer - HFSX
, Within the file system of Apple mobile devices, which partition contains the
device firmware, the operating system, and pre-installed application settings
that are not typically available to the device user? Answer - System Partition
What Apple protocol prevents users from downloading and installing
unauthorized apps? Answer - Code Signing
What is the iOS architecture layer that develops the visual interface, provides
basic application architecture, and supports key functions, such as multi-
tasking? Answer - Cocoa Touch
What does sandboxing do? Answer - Requires user permission in order to
allow applications to access data from other applications
What are the Apple mobile device modes? Answer - DFU, Normal, Recovery
What iOS backup is utilized when conducting an Advanced Logical acquisition in
Cellebrite Physical Analyzer? Answer - Method 1 = iTunes Backup, Method 2 =
Apple File Conduit
What property list file, located in an iTunes backup, contains metadata
regarding application backup, identifying, and encryption-related information,
such as application names, passcode/encryption status, and keybagdata?
Answer - Manifest.plist
What are pairing records? Answer - The records of every time you've
connected your phone to your computer and had your phone "trust" it
Devices that utilize iOS or OSX operating systems store timestamps in what raw
format? Answer - Mac Absolute Time and Unix Epoch Time
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller EvaTee. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $30.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
73314 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now