07 - Examination Tools Flashcards
1
Q
Name the two distinct categories of Non-Forensic Tools?
A
- Data Suites (e.g. iTunes)
- Mobile Device Managers (e.g. MobileMaster)
2
Q
Name a few Manual Capture Tools?
A
- ZRT
- Eclipse
- Project-a-Phone
3
Q
Name a few Integrated Manual Capture Tools?
A
- XRY Camera
- UFED Camera
4
Q
Name a few SIM/UICC Only Examination Tools?
A
- SIMTools - (3G Forensics)
- USIMdetective (Quantaq)
- CPA SIM Analyser (BK Forensics)
- SIMCON (Paraben)
5
Q
What is a SIM Clone Tool?
A
Enables an examination of a mobile device:
- without the original SIM card
- with a PIN locked SIM card
- without connecting to a network
Some forensic tools use rewritable cards. Other forensic tools use write once cards.
6
Q
Name a few Logical Examination Forensic Tools?
A
- XRY Logical (Microsystemation)
- UFED Standard (Cellebrite)
- Device Seizure (Paraben)
- Secure View Kit (Susteen)
- Oxygen Forensic Suite (Oxygen)
- Santoku
7
Q
What is/can XRY?
A
- Logical, Physical and Cloud versions available
- Allows the examination of three different items such as mobile device, SIM and memory card simultaneously
- XRY provides a device manual which identifies the potential data of mobile devices it supports
- USB or Bluetooth connection, IR no longer supported
- Pinpoint add on for MTK and Spreadtrum devices
- Supports iOS backup import decoding
- Available in standard, kiosk, tablet and field versions
8
Q
What is/can Universal Forensic Extraction Device (UFED)?
A
- Logical, Physical and Cloud Analyzer versions available
- Chinex add on for MTK, Infineon, Spreadtrum devices
- Standalone with no computer required for extraction using Touch version
- Integrated Malware Scanner / Screen capture
- Supports USB, Bluetooth and IR Interface
- Available in 4PC, Touch, Kiosk and Ruggedized versions
9
Q
What is/can Oxygen Forensics Detective?
A
- Integrates functionality from earlier versions
- Extracts data from devices and offline and online backups
- Extracts data from online storage areas
- Built in Plist, SQLite viewer
- Integrated Timeline Function
- Supports a wide range of phone operating systems
- Integrated communications statistics reporting
10
Q
What is/can Device Seizure?
A
- Supports a wide range of mobile devices
- USB, Bluetooth or IR Connection
- Available in different versions
- Logical and Physical Support
11
Q
What is/can AXIOM?
A
- Smartphone based
- Evolution of Internet Evidence Finder product
- Modular options of Smartphone, Computer and Cloud
- Logical and Physical acquisition
- Import acquisitions from other tools and binary images
- Dynamic App Finder for unsupported artefacts
12
Q
What is/can MOBILedit Forensic?
A
- Retrieves handset data and SIM data
- Cable, IR, Bluetooth
- Retrieve data from SIM Card using SIM Card Reader
- Software only version with an optional cable kit
- Forensic Express version
- Concurrent Extractions
13
Q
Name a few Single and Multi OS Tools?
A
- Internet Evidence Finder/AXIOM
- iOS Forensic Toolkit
- Belkasoft Evidence Center
- NowSecure
- Autopsy
- Andriller
14
Q
Name a few SQLite Tools?
A
- Forensic Toolkit for SQLite
- SQlite Forensics Explorer
- Epilog
15
Q
Name a few Offline / Online Backup Files?
A
- Elcomsoft Mobile Forensic Bundle
- XRY
- Oxygen
- Belkasoft Evidence Centre
- MobilEdit
- Internet Evidence Finder/AXIOM
