Final Exam Flashcards
What file system is the Android operating system based on?
Linux
What are some important folders common to most Android devices?
Boot. System. Recovery. Data. Cache. Misc.
Why do forensic examiners not use write blockers for mobile devices?
They prevent commands from being pushed to the device which are needed for successful acquisition of the device
Android Debug Bridge
ADB is a command line tools that allows you to communicate with the Android device and control it.
What does enabling USB debugging option do?
Enables communication between the device and a
workstation on which the Android SDK is installed.
What is rooting?
Gaining access on the device to allow superuser capabilities and provide open access to the Android device.
Disadvantages of Rooting
Errors may result in irreparable damage, void warranty, and increased exposure to malware attacks.
3 Types of Data Extraction: Android
Manual.
Logical.
Physical.
What are the two hardware techniques used to obtain a
physical extraction?
Chip off.
JTAG.
Where are preinstalled application stored on Android devices?
/system/appdirectory.
What is the definition of data recovery?
The process of retrieving deleted data from a device when it cannot be accessed normally.
In an SD card, should the data be acquired through the device or separate from the
device?
Both.
What is file carving?
The process of reassembling computer files from fragments in the absence of file system metadata.
What can we use to rename an APK file in order to see the contents of the file?
.zip
4 Main Tools Used in Acquisition and Analysis of Android Devices
AFLogical.
Cellebrite.
MobileEdit.
Autopsy.
