Digital forensics final exam

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

________ metadata associated with digital pictures can include date and time, make and model of camera, thumbnail, aperture, and shutter speed.

EXIF

. BR Software produces a free tool called BR's ________ that can extract the EXIF data from a folder of photos and then save that metadata to a comma-separated values (CSV) file.

EXIF extractor

The ________ object can be used by an app developer to determine the assigned name of the device, device model, iOS version and other device analytics.

UIDevice

True/false The file system utilized by flash memory is NTFS because of its increased security over FAT

FALSE

true/false Like UNIX, the Mac file system date stamps and time are recorded in seconds since January 1, 1970, 00:00:00 UTC (UNIX epoch time). Date and time values are stored as a 32-bit integer. When a file is moved from a location to another, the creation date changes.

FALSE

true/false NTFS is a case-sensitive file system, which means that files with the same name, for example, File1 and file1 can coexist in the same logical location.

FALSE

true/false OSI is an IEEE standard for testing, maintenance, and support of assembled circuit boards

FALSE

true/false On a Mac computer, the sleepcopy is a file that is a copy of the contents of RAM. When a Mac goes into sleep (hibernation) mode, a copy of RAM is saved to the computer's hard drive.

FALSE

true/false Spotlight is a tool available from Cellebrite (BlackBag Technologies) that can provide an investigator with information about devices connected to a Mac, such as SATA drives, FireWire devices, and USB devices.

FALSE

true/false The extensible metadata platform is the metadata associated with digital pictures

FALSE

true/false The flight academy where Zacharias Moussaoui took lessons closed shortly after the events of September 11, 2001.

FALSE

true/false Zacharias Moussaoui entered a plea of innocent to all six charges against him relating to the September 11, 2001, hijackings.

FALSE

true/false Zacharias Moussaoui used an email of [email protected], and the FBI was able to subpoena relevant information from Hotmail.

FALSE

true/false a megapixel is a billion pixels. there are so many pixels found in digital photos today that file sizes become extremely large.

FALSE

true/false a mobile country code is an internationally unique number that identifies a CDMA handset

FALSE

true/false a raster graphic is composed of curves, lines, or shapes based on mathematical formula rather than pixels

FALSE

true/false the design rule for camera file system was developed by apple to facilitate the exchange of images between digital still cameras and other devices for viewing digital photographs

FALSE

true/false verizon, t-mobile, sprint/nextel, and at&t are examples of Mobile Virtual Network Operators.

FALSE

true/false A dynamic analysis of a mobile application generally refers to a code review, which includes the app manifest.

False

true/false IOS app developers may access an Iphone's UDID and use it to track app users

False

________ is a volume encryption tool developed by Apple for use with Macintosh computers. If it is enabled, virtually no helpful evidence can be retrieved.

FileVault

When an examiner cannot bypass the cell phone's PIN or if the phone is damaged, as a last resort some investigators will use a ________box.

Flasher

The mobile station consists of mobile equipment (handset) and, in the case of a ________ network, a Subscriber Identity Module (SIM).

GSM

The social networking app called ________ was launched in 2009 and facilitates networking gay, bisexual, trans and queer people. A user can "Tap" on a profile or use the "Hi" icon tap.

Grindr

When moving through an area, several Base Transceiver Stations might handle your call—a hand-off would occur from one BTS to another. In a ________ hand-off, the communication is handled by one Base Transceiver Station at a time with no simultaneous communication.

Hard

Safari browser history is stored in a binary PList called ________ in the user directory. Every URL is recorded, along with the date and time of the last visit and the number of times the website was visited.

History.plist

________is Apple's cloud service that is available to Apple device owners.

Icloud

________ is an operating system feature that maintains a backup of user files; if a system crashes, the last saved copy of that file can be made available to the user.

Journaling

On an iPhone, user data, including cache, cookies, and other personal data, are generally found in the ________ folder.

Library

________ refers to techniques that can enhance edges and sharpen objects in an image.

Linear filtering

________is a messaging service found on most cell phones that allows the user to send multimedia content, such as audio, video, and images.

MMS (multi media messaging)

. A ________ -in-the-middle attack is an attempt to intercept electronic communications between two computing devices.

Man

The Android ________ file contains the application's package name, its functionality, permissions, hardware, and software requirements for installation

Manifest

The ________ provides standard operating procedures for a variety of scientific practices, including cell phone forensics. It issued guidelines on cellphone forensics in 2014.

NIST (national institute of standards and technology)

________ is a tool available from Cellebrite ( formerly BlackBag Technologies) that displays a map of a Mac device's partition.

PMAP info

A ________ file is a packet of data, from a wireless network, that can be obtained using Wireshark.

Pcap

A(n) ________ is the smallest element of a raster image.

Pixel

________is a cleanup feature associated with SQLite databases that permanently erases deleted records or tables.

Vacuuming

. CDMA technology is used by ________ and Sprint on their U.S. nationwide cellular networks.

Verizon

When you take a photograph with a high-end digital camera, the camera can either process the image as a JPEG file or save the data to a ________ file, which takes data from a digital camera's image sensor to create an unprocessed or minimally processed image.

RAW

Earlier Mac operating systems were composed of files with two parts. The first part was the data fork, which consisted of the data, and the ________ fork, which stored the file metadata and associated application information.

Resource

Four primary sources of evidence are available from a GPS device: trackpoints, track log, waypoint, and ________.

Route

. The most valuable evidence on an Android is in the libraries, especially the ________ databases.

SQLite

A ________ database is a relational database that is the preferred storage for mobile apps.

SQLite

________ is a text message communication service found on mobile devices. These text messages can be found in memory on a mobile handset or on a SIM card in the handset.

Short message service (SMS)

In a ________hand-off, a cellular communication is conditionally handed off from one base station to another, and the mobile equipment is simultaneously communicating with multiple Base Transceiver Stations.

Soft

True/false A base transceiver station(BTS) is the equipment found at a cell site that facilitates the communication of cell phone users across a cellular network.

TRUE

True/false facebook is probably the worlds most popular social networking service

TRUE

True/false the mobile switching center (MSC) is responsible for switching data packets from one network path to another on a cellular network.

TRUE

true/false AirPlay is a proprietary protocol developed by Apple to wirelessly stream content from the Internet and between compatible devices.

TRUE

true/false DMG is a file system associated with macOS and can contain many files that can be encrypted, and is used when installing an application on a MacBook.

TRUE

true/false Disk Utility is an Apple Mac tool for conducting a variety of disk functions, including verifying and repairing disks, formatting disks, mounting disks, and creating disk images.

TRUE

true/false The iPhone Device Firmware Upgrade (DFU) Mode enables the user to select the firmware version to install on the device.

TRUE

true/false The only terrorist who stood trial for the atrocities of September 11, 2001, was Zacharias Moussaoui.

TRUE

true/false The root partition is the first partition found in an iOS device, and it contains the operating system. After the root partition, the rest of the volume is the media partition.

TRUE

true/false The subject line of one of Zacharias Moussaoui's emails to a flight school was "Simulator training".

TRUE

true/false WhatsApp is a communication app that enables users to make free voice calls using Wi-Fi or a cellular data connection. The service enables the users to make voice calls and send texts, photos, voice messages, or location information.

TRUE

true/false a digital photograph is an image taken with a camera and stored as a computer file

TRUE

true/false a mobile equipment identifier (MEID) is an internationally unique number that identifies a CDMA handset (mobile equipment)

TRUE

true/false a raster graphic is a pixelated image associated with pictures found on a computer or retrieved from a digital camera

TRUE

true/false a tagged image file format is a raster image file format that uses lossless data compression.

TRUE

true/false a waypoint is a geological point of interest created by a user

TRUE

true/false an accelerometer is a hardware device that senses motion or gravity and reacts to these changes

TRUE

true/false cropping is the process of removing unwanted portions of an image

TRUE

true/false microsofts FAT32 file system resides on Android devices; the FAT32 file system is found on microSD cards , which are common in many android handsets.

TRUE

true/false the Kinko's computer used by Zacharias Moussaoui was not seized by the FBI because agents were informed that data on the computer was scrubbed.

TRUE

true/false the public switched telephone network (PSTN) is an aggregate of all circuit switched telephone networks

TRUE

________are a feature of macOS Mavericks that enables the user to organize files with keywords.

Tags

In terms of iOS app development, the ________ ID is created and assigned by Apple, while the bundle ID is generated by the app developer

Team/APP

A ________ is a geolocation record that is automatically captured and stored by a GPS device.

Trackpoint

true/false A zero-day exploit is called this because when discovered, there is no existing patch or anti-virus solution.

True

true/false wireshark is a network analysis tool for windows PC users

True

________ _FINE_LOCATION enables the app to determine the location of the user device based on cell sites and GPS.

ACCESS

Uber created a telematics pilot program, called ________, to identify the location of its drivers and perform vehicle diagnostic testing.

AUTOHAWK

On a Mac, when files are moved to the Trash, those files cannot be removed if the Trash is emptied because the operating system no longer maintains a link to reference that file's physical location on the hard drive. (That is, the catalog ID no longer exists.) A ________ file will still be available in the Trash.

ds_store

true/false An Android emulator is helpful to investigators because it uses a Java decompiler to reveal the source code.

false

true/false SQLite database file associated with skype is skype.db

false

________ is a photo and video hosting company that enables users to organize and share their media with approximately 90 million users. Users upload approximately 60 million photos to this hosting service monthly; and on average 3.5 million photos are uploaded on a daily basis.

flickering

Facebook purchased ________, an application that enables the users to share photos and video content with their social network.

instagram

Which of the following is a medium used for storing digital images?

internal memory, sd card, compact flash card, all of the above

JPEG is a ________ format, which means that compression causes some loss of quality to the image.

lossy

An Android emulator is an application that simulates or runs the Android operating system in a virtual ________.

machine

. Although numerous applications are available to edit digital photographs, detecting those changes is possible. For example, an investigator can review a photograph's ________ and see whether changes were made and when.

metadata

In 2011, Skype was purchased by ________ Corporation.

microsoft

On an iPhone, usernames and passwords can sometimes be found unencrypted in the ________ folder.

preferences

In the Federal Rules of Evidence, an "original" photograph can include a negative or a ________ from the negative.

print

_______________is a feature of macOS that enables the user to preview the contents of a file without opening the file or starting its associated application.

quick look

Joint Photographic Experts Group, RAW file, Bitmap Image File, Portable Network Graphics, Graphics Interchange Format, and Tagged Image File Format are examples of ________ graphics.

raster

The PList Format Files on a Mac computer can be thought of as the equivalent of ________ files on a Windows computer.

registry

The ________ service began in September 2011, and enables users to take photos and record videos. The sender can set a time limit for when the picture or video disappears (1 to 10 seconds). From a forensics perspective, these images are often still present on the user's device even though the user thinks the file has been deleted.

snapchat

The two primary functions of a SIM card are to identify the subscriber to a cellular network and to ________.

store data

________ Time Capsule is an automatic wireless backup drive for Mac users. .

Airport/ Apple

________ is an open source operating system based on the Linux 2.6 kernel.

Android

________ is a 64-bit file system, with theoretical 264 addressable blocks.

Apple file system

A ________ refers to a geographic area within a cellular network.

Cell

. ________ is a mobile forensics hardware device manufactured by Logicube. It can be used in the field for imaging mobile phones and navigation systems, such as Garmin and TomTom.

CellDEK

________ is a framework for developers of macOS, containing APIs (application programming interface), libraries, and runtimes.

Cocoa

. Apple ________ is the framework for enterprise deployment of iOS devices. It is a free download from the App Store and is available for iOS version 5 and above.

Configurator 2

The root directory in the file system of a digital camera that contains a series of subdirectories containing digital images is ________.

DCIM

The prefix for digital images found on a Nikon camera is ________.

DSCN


Kaugnay na mga set ng pag-aaral

4.2 Agency Positions and Disclosure

View Set

*HURST REVIEW Qbank/Customize Quiz - Leadership

View Set

Starting Out with Python, 3e Ch 1

View Set

Chapter 7: Protecting a Cybersecurity Domain

View Set

Introduction to Teaching Chp. 2: Today's Students

View Set