Digital forensics final exam
________ _FINE_LOCATION enables the app to determine the location of the user device based on cell sites and GPS.
ACCESS
Uber created a telematics pilot program, called ________, to identify the location of its drivers and perform vehicle diagnostic testing.
AUTOHAWK
________ Time Capsule is an automatic wireless backup drive for Mac users. .
Airport/ Apple
________ is an open source operating system based on the Linux 2.6 kernel.
Android
________ is a 64-bit file system, with theoretical 264 addressable blocks.
Apple file system
A ________ refers to a geographic area within a cellular network.
Cell
. ________ is a mobile forensics hardware device manufactured by Logicube. It can be used in the field for imaging mobile phones and navigation systems, such as Garmin and TomTom.
CellDEK
________ is a framework for developers of macOS, containing APIs (application programming interface), libraries, and runtimes.
Cocoa
. Apple ________ is the framework for enterprise deployment of iOS devices. It is a free download from the App Store and is available for iOS version 5 and above.
Configurator 2
The root directory in the file system of a digital camera that contains a series of subdirectories containing digital images is ________.
DCIM
The prefix for digital images found on a Nikon camera is ________.
DSCN
________ metadata associated with digital pictures can include date and time, make and model of camera, thumbnail, aperture, and shutter speed.
EXIF
. BR Software produces a free tool called BR's ________ that can extract the EXIF data from a folder of photos and then save that metadata to a comma-separated values (CSV) file.
EXIF extractor
True/false The file system utilized by flash memory is NTFS because of its increased security over FAT
FALSE
true/false Like UNIX, the Mac file system date stamps and time are recorded in seconds since January 1, 1970, 00:00:00 UTC (UNIX epoch time). Date and time values are stored as a 32-bit integer. When a file is moved from a location to another, the creation date changes.
FALSE
true/false NTFS is a case-sensitive file system, which means that files with the same name, for example, File1 and file1 can coexist in the same logical location.
FALSE
true/false OSI is an IEEE standard for testing, maintenance, and support of assembled circuit boards
FALSE
true/false On a Mac computer, the sleepcopy is a file that is a copy of the contents of RAM. When a Mac goes into sleep (hibernation) mode, a copy of RAM is saved to the computer's hard drive.
FALSE
true/false Spotlight is a tool available from Cellebrite (BlackBag Technologies) that can provide an investigator with information about devices connected to a Mac, such as SATA drives, FireWire devices, and USB devices.
FALSE
true/false The extensible metadata platform is the metadata associated with digital pictures
FALSE
true/false The flight academy where Zacharias Moussaoui took lessons closed shortly after the events of September 11, 2001.
FALSE
true/false Zacharias Moussaoui entered a plea of innocent to all six charges against him relating to the September 11, 2001, hijackings.
FALSE
true/false Zacharias Moussaoui used an email of [email protected], and the FBI was able to subpoena relevant information from Hotmail.
FALSE
true/false a megapixel is a billion pixels. there are so many pixels found in digital photos today that file sizes become extremely large.
FALSE
true/false a mobile country code is an internationally unique number that identifies a CDMA handset
FALSE
true/false a raster graphic is composed of curves, lines, or shapes based on mathematical formula rather than pixels
FALSE
true/false the design rule for camera file system was developed by apple to facilitate the exchange of images between digital still cameras and other devices for viewing digital photographs
FALSE
true/false verizon, t-mobile, sprint/nextel, and at&t are examples of Mobile Virtual Network Operators.
FALSE
true/false A dynamic analysis of a mobile application generally refers to a code review, which includes the app manifest.
False
true/false IOS app developers may access an Iphone's UDID and use it to track app users
False
________ is a volume encryption tool developed by Apple for use with Macintosh computers. If it is enabled, virtually no helpful evidence can be retrieved.
FileVault
When an examiner cannot bypass the cell phone's PIN or if the phone is damaged, as a last resort some investigators will use a ________box.
Flasher
The mobile station consists of mobile equipment (handset) and, in the case of a ________ network, a Subscriber Identity Module (SIM).
GSM
The social networking app called ________ was launched in 2009 and facilitates networking gay, bisexual, trans and queer people. A user can "Tap" on a profile or use the "Hi" icon tap.
Grindr
When moving through an area, several Base Transceiver Stations might handle your call—a hand-off would occur from one BTS to another. In a ________ hand-off, the communication is handled by one Base Transceiver Station at a time with no simultaneous communication.
Hard
Safari browser history is stored in a binary PList called ________ in the user directory. Every URL is recorded, along with the date and time of the last visit and the number of times the website was visited.
History.plist
________is Apple's cloud service that is available to Apple device owners.
Icloud
________ is an operating system feature that maintains a backup of user files; if a system crashes, the last saved copy of that file can be made available to the user.
Journaling
On an iPhone, user data, including cache, cookies, and other personal data, are generally found in the ________ folder.
Library
________ refers to techniques that can enhance edges and sharpen objects in an image.
Linear filtering
________is a messaging service found on most cell phones that allows the user to send multimedia content, such as audio, video, and images.
MMS (multi media messaging)
. A ________ -in-the-middle attack is an attempt to intercept electronic communications between two computing devices.
Man
The Android ________ file contains the application's package name, its functionality, permissions, hardware, and software requirements for installation
Manifest
The ________ provides standard operating procedures for a variety of scientific practices, including cell phone forensics. It issued guidelines on cellphone forensics in 2014.
NIST (national institute of standards and technology)
________ is a tool available from Cellebrite ( formerly BlackBag Technologies) that displays a map of a Mac device's partition.
PMAP info
A ________ file is a packet of data, from a wireless network, that can be obtained using Wireshark.
Pcap
A(n) ________ is the smallest element of a raster image.
Pixel
When you take a photograph with a high-end digital camera, the camera can either process the image as a JPEG file or save the data to a ________ file, which takes data from a digital camera's image sensor to create an unprocessed or minimally processed image.
RAW
Earlier Mac operating systems were composed of files with two parts. The first part was the data fork, which consisted of the data, and the ________ fork, which stored the file metadata and associated application information.
Resource
Four primary sources of evidence are available from a GPS device: trackpoints, track log, waypoint, and ________.
Route
. The most valuable evidence on an Android is in the libraries, especially the ________ databases.
SQLite
A ________ database is a relational database that is the preferred storage for mobile apps.
SQLite
________ is a text message communication service found on mobile devices. These text messages can be found in memory on a mobile handset or on a SIM card in the handset.
Short message service (SMS)
In a ________hand-off, a cellular communication is conditionally handed off from one base station to another, and the mobile equipment is simultaneously communicating with multiple Base Transceiver Stations.
Soft
True/false A base transceiver station(BTS) is the equipment found at a cell site that facilitates the communication of cell phone users across a cellular network.
TRUE
True/false facebook is probably the worlds most popular social networking service
TRUE
True/false the mobile switching center (MSC) is responsible for switching data packets from one network path to another on a cellular network.
TRUE
true/false AirPlay is a proprietary protocol developed by Apple to wirelessly stream content from the Internet and between compatible devices.
TRUE
true/false DMG is a file system associated with macOS and can contain many files that can be encrypted, and is used when installing an application on a MacBook.
TRUE
true/false Disk Utility is an Apple Mac tool for conducting a variety of disk functions, including verifying and repairing disks, formatting disks, mounting disks, and creating disk images.
TRUE
true/false The iPhone Device Firmware Upgrade (DFU) Mode enables the user to select the firmware version to install on the device.
TRUE
true/false The only terrorist who stood trial for the atrocities of September 11, 2001, was Zacharias Moussaoui.
TRUE
true/false The root partition is the first partition found in an iOS device, and it contains the operating system. After the root partition, the rest of the volume is the media partition.
TRUE
true/false The subject line of one of Zacharias Moussaoui's emails to a flight school was "Simulator training".
TRUE
true/false WhatsApp is a communication app that enables users to make free voice calls using Wi-Fi or a cellular data connection. The service enables the users to make voice calls and send texts, photos, voice messages, or location information.
TRUE
true/false a digital photograph is an image taken with a camera and stored as a computer file
TRUE
true/false a mobile equipment identifier (MEID) is an internationally unique number that identifies a CDMA handset (mobile equipment)
TRUE
true/false a raster graphic is a pixelated image associated with pictures found on a computer or retrieved from a digital camera
TRUE
true/false a tagged image file format is a raster image file format that uses lossless data compression.
TRUE
true/false a waypoint is a geological point of interest created by a user
TRUE
true/false an accelerometer is a hardware device that senses motion or gravity and reacts to these changes
TRUE
true/false cropping is the process of removing unwanted portions of an image
TRUE
true/false microsofts FAT32 file system resides on Android devices; the FAT32 file system is found on microSD cards , which are common in many android handsets.
TRUE
true/false the Kinko's computer used by Zacharias Moussaoui was not seized by the FBI because agents were informed that data on the computer was scrubbed.
TRUE
true/false the public switched telephone network (PSTN) is an aggregate of all circuit switched telephone networks
TRUE
________are a feature of macOS Mavericks that enables the user to organize files with keywords.
Tags
In terms of iOS app development, the ________ ID is created and assigned by Apple, while the bundle ID is generated by the app developer
Team/APP
A ________ is a geolocation record that is automatically captured and stored by a GPS device.
Trackpoint
true/false A zero-day exploit is called this because when discovered, there is no existing patch or anti-virus solution.
True
true/false wireshark is a network analysis tool for windows PC users
True
The ________ object can be used by an app developer to determine the assigned name of the device, device model, iOS version and other device analytics.
UIDevice
________is a cleanup feature associated with SQLite databases that permanently erases deleted records or tables.
Vacuuming
. CDMA technology is used by ________ and Sprint on their U.S. nationwide cellular networks.
Verizon
On a Mac, when files are moved to the Trash, those files cannot be removed if the Trash is emptied because the operating system no longer maintains a link to reference that file's physical location on the hard drive. (That is, the catalog ID no longer exists.) A ________ file will still be available in the Trash.
ds_store
true/false An Android emulator is helpful to investigators because it uses a Java decompiler to reveal the source code.
false
true/false SQLite database file associated with skype is skype.db
false
________ is a photo and video hosting company that enables users to organize and share their media with approximately 90 million users. Users upload approximately 60 million photos to this hosting service monthly; and on average 3.5 million photos are uploaded on a daily basis.
flickering
Facebook purchased ________, an application that enables the users to share photos and video content with their social network.
Which of the following is a medium used for storing digital images?
internal memory, sd card, compact flash card, all of the above
JPEG is a ________ format, which means that compression causes some loss of quality to the image.
lossy
An Android emulator is an application that simulates or runs the Android operating system in a virtual ________.
machine
. Although numerous applications are available to edit digital photographs, detecting those changes is possible. For example, an investigator can review a photograph's ________ and see whether changes were made and when.
metadata
In 2011, Skype was purchased by ________ Corporation.
microsoft
On an iPhone, usernames and passwords can sometimes be found unencrypted in the ________ folder.
preferences
In the Federal Rules of Evidence, an "original" photograph can include a negative or a ________ from the negative.
_______________is a feature of macOS that enables the user to preview the contents of a file without opening the file or starting its associated application.
quick look
Joint Photographic Experts Group, RAW file, Bitmap Image File, Portable Network Graphics, Graphics Interchange Format, and Tagged Image File Format are examples of ________ graphics.
raster
The PList Format Files on a Mac computer can be thought of as the equivalent of ________ files on a Windows computer.
registry
The ________ service began in September 2011, and enables users to take photos and record videos. The sender can set a time limit for when the picture or video disappears (1 to 10 seconds). From a forensics perspective, these images are often still present on the user's device even though the user thinks the file has been deleted.
snapchat
The two primary functions of a SIM card are to identify the subscriber to a cellular network and to ________.
store data