MDF FINAL EXAM 2024
QUESTIONS WITH
COMPLETE
SOLUTIONS!!
MDF
Evatee 8/21/24 MDF
,MDF FINAL EXAM 2024 QUESTIONS WITH
COMPLETE SOLUTIONS!!
What is the term used extensively in the digital forensics community to qualify
and justify the use of a particular forensic technology or methodology? Answer
- Forensically Sound
List 3 mobile device operating systems. Answer - Android, iOS, Windows
Mobile forensics is a branch of digital forensics related to the recovery of digital
evidence from what types of devices? Answer - Cell Phones, GPS devices,
drones, tablets
What is a brief definition or translation of the term "metadata?" Answer -
"data about data"
What are SIM card data files? Answer - ICCID, IMSI, MSISDN
Metadata that can be specifically found in media files, such as pictures, is
known as? Answer - EXIF Data
What is the order of extraction methodologies from the bottom of the
"pyramid" to the top, with the bottom representing the most basic? Answer -
Manual, Logical, Hex Dump, Chip Off, Micro Read
Which of the following is not an example of a Hex Dump Extraction: File
system, Bootloader Physical, Client Physical, JTAG Answer - File System
,An examiner would physically scroll through a device while photographically
documenting its screen during what type of acquisition? Answer - Manual
What does a logical acquisition utilize Answer - a device's API, and is achieved
through USB or Bluetooth connections.
Physical acquisitions directly access what Answer - the flash memory of a
mobile device, resulting in a bit-for-bit copy of the data.
What will never be recovered through a logical acquisition? Answer -
Unallocated space
The mobile forensics process is broken down in to what three main categories?
Answer - Seizure, acquisition, and examination/analysis
Search warrants require what? Answer - Scope, Oath/Affirmation, Probable
Cause
At the crime scene, the examiner should place the device in _______ and/or a
_______ to prevent changes to the mobile device. Answer - Airplane mode,
faraday bag
Describe 1 way of identifying the model of an iPhone, and 1 way of identifying
the iOS version of an iPhone. Answer - Model of iPhone: looking at the
back/bottom half of the phone @ A#; iOS version: unlock
phone>settings>general>about
iOS devices utilize what file systems? Answer - HFSX
, Within the file system of Apple mobile devices, which partition contains the
device firmware, the operating system, and pre-installed application settings
that are not typically available to the device user? Answer - System Partition
What Apple protocol prevents users from downloading and installing
unauthorized apps? Answer - Code Signing
What is the iOS architecture layer that develops the visual interface, provides
basic application architecture, and supports key functions, such as multi-
tasking? Answer - Cocoa Touch
What does sandboxing do? Answer - Requires user permission in order to
allow applications to access data from other applications
What are the Apple mobile device modes? Answer - DFU, Normal, Recovery
What iOS backup is utilized when conducting an Advanced Logical acquisition in
Cellebrite Physical Analyzer? Answer - Method 1 = iTunes Backup, Method 2 =
Apple File Conduit
What property list file, located in an iTunes backup, contains metadata
regarding application backup, identifying, and encryption-related information,
such as application names, passcode/encryption status, and keybagdata?
Answer - Manifest.plist
What are pairing records? Answer - The records of every time you've
connected your phone to your computer and had your phone "trust" it
Devices that utilize iOS or OSX operating systems store timestamps in what raw
format? Answer - Mac Absolute Time and Unix Epoch Time
QUESTIONS WITH
COMPLETE
SOLUTIONS!!
MDF
Evatee 8/21/24 MDF
,MDF FINAL EXAM 2024 QUESTIONS WITH
COMPLETE SOLUTIONS!!
What is the term used extensively in the digital forensics community to qualify
and justify the use of a particular forensic technology or methodology? Answer
- Forensically Sound
List 3 mobile device operating systems. Answer - Android, iOS, Windows
Mobile forensics is a branch of digital forensics related to the recovery of digital
evidence from what types of devices? Answer - Cell Phones, GPS devices,
drones, tablets
What is a brief definition or translation of the term "metadata?" Answer -
"data about data"
What are SIM card data files? Answer - ICCID, IMSI, MSISDN
Metadata that can be specifically found in media files, such as pictures, is
known as? Answer - EXIF Data
What is the order of extraction methodologies from the bottom of the
"pyramid" to the top, with the bottom representing the most basic? Answer -
Manual, Logical, Hex Dump, Chip Off, Micro Read
Which of the following is not an example of a Hex Dump Extraction: File
system, Bootloader Physical, Client Physical, JTAG Answer - File System
,An examiner would physically scroll through a device while photographically
documenting its screen during what type of acquisition? Answer - Manual
What does a logical acquisition utilize Answer - a device's API, and is achieved
through USB or Bluetooth connections.
Physical acquisitions directly access what Answer - the flash memory of a
mobile device, resulting in a bit-for-bit copy of the data.
What will never be recovered through a logical acquisition? Answer -
Unallocated space
The mobile forensics process is broken down in to what three main categories?
Answer - Seizure, acquisition, and examination/analysis
Search warrants require what? Answer - Scope, Oath/Affirmation, Probable
Cause
At the crime scene, the examiner should place the device in _______ and/or a
_______ to prevent changes to the mobile device. Answer - Airplane mode,
faraday bag
Describe 1 way of identifying the model of an iPhone, and 1 way of identifying
the iOS version of an iPhone. Answer - Model of iPhone: looking at the
back/bottom half of the phone @ A#; iOS version: unlock
phone>settings>general>about
iOS devices utilize what file systems? Answer - HFSX
, Within the file system of Apple mobile devices, which partition contains the
device firmware, the operating system, and pre-installed application settings
that are not typically available to the device user? Answer - System Partition
What Apple protocol prevents users from downloading and installing
unauthorized apps? Answer - Code Signing
What is the iOS architecture layer that develops the visual interface, provides
basic application architecture, and supports key functions, such as multi-
tasking? Answer - Cocoa Touch
What does sandboxing do? Answer - Requires user permission in order to
allow applications to access data from other applications
What are the Apple mobile device modes? Answer - DFU, Normal, Recovery
What iOS backup is utilized when conducting an Advanced Logical acquisition in
Cellebrite Physical Analyzer? Answer - Method 1 = iTunes Backup, Method 2 =
Apple File Conduit
What property list file, located in an iTunes backup, contains metadata
regarding application backup, identifying, and encryption-related information,
such as application names, passcode/encryption status, and keybagdata?
Answer - Manifest.plist
What are pairing records? Answer - The records of every time you've
connected your phone to your computer and had your phone "trust" it
Devices that utilize iOS or OSX operating systems store timestamps in what raw
format? Answer - Mac Absolute Time and Unix Epoch Time
