Week 06 - Quiz
Which of the following is not an Android OS phone?
Nokia Lumina 925
Android forensic techniques are either _________ or ________ in nature.
logical, physical
Android devices save data in _______ time format.
Epoch
Identify the layers of the Android OS:
- Application Framework - Linux Kernel - Applications
Identify file systems commonly found in Android mobile devices:
-YAFFS2 -vFAT
The file extension for an Android software installation file is ______.
.apk
In Android systems, the application specific data, such as the Facebook app, is located at:
/data/data
Match the system function with the respective OS layer. SSL Contacts Activity Manager SQLite Bluetooth Driver A. Libraries B. Application Framework C. Linux Kernel D. Applications E. Libraries
A. SSL D. Contacts B. Activity Manager E. SQLite C. Bluetooth Driver A. Libraries B. Application Framework C. Linux Kernel D. Applications E. Libraries
HFS+ files systems are commonly found in Android mobile devices.
False
SD cards in Android devices do not need to be write-protected like in conventional computer forensics.
False
Due to Android devices not encrypting their file systems by default, an examiner can perform ____________ in unallocated space, which wouldn't be beneficial with the most recent iOS devices.
File Carving
When performing a string analysis on an Android device, a powerful command line utility is called __________.
Grep
Why would an examiner perform a logical acquisition of an Android instead of a physical acquisition?
Logical acquisitions are faster, easier, and compatible with more devices compared to that of physical acquisitions. Logical acquisitions also only require USB debugging and can recover some deleted information within SQLight databases that are still allocated in the file system. In some cases, a logical acquisition can even be conducted on an Android device without root privileges, although some files may not be accessible without elevating permissions.
Which device isolation technique appears solely to GSM phones?
Remove the SIM card from the device.
Analyzing Android app databases can be performed best with ______________.
SQLitebrowser
An examiner performing JTAG physical imaging will need to be proficient with soldering onto the JTAG test access points (TAPs).
True
Android Core apps cannot run on the SD card.
True
The Android OS platform is open source.
True
A physical extraction of an Android device that requires the BGA connections to be regenerated is a __________.
chip-off
The difference between a microSD card and an eMMC is _____________.
microSD cards are portable while eMMCs are embedded in the Android device
