Test 6

Question 1

One of the dangers (from a forensic standpoint) of mobile devices is:

Connected networks can contain investigatively useful information.

Network service providers may provide information for comparison with data extracted from a mobile device.

Connected networks can enable offenders to delete data remotely.

Network service providers may provide additional historical call records.

Answer 1

Connected networks can enable offenders to delete data remotely.

Question 2

One drawback of mobile device examination is that when a user deletes data on a mobile device that data is never recoverable.

True
False

Answer 2

False

Question 3

Since mobile devices consist of a CPU, memory, storage, and software, the same as traditional computers, they are processed in exactly the same way.

True
False

Answer 3

False

Question 4

One of the difficulties unique to forensic processing of mobile devices is:

MD5 hashes must be calculated for data recovered from mobile devices.

Documentation must show continuous possession and control.

An investigator must make a calculated decision to either prevent or allow the device to receive new data over wireless networks.

Any issues encountered with processing the device should be documented.

Answer 4

An investigator must make a calculated decision to either prevent or allow the device to receive new data over wireless networks.

Question 5

Who was our Special Presenter on February 20th?

Jeremy

John

Jeffrey

Josh

Answer 5

Jeremy

Question 6

By default, when Mac OS X boots up, it will attempt to mount an evidence disk.

True
False

Answer 6

True

Question 7

On Mac OS X, when a file is deleted, it is copied to the:

Recycler folder

.Trash folder

[orphans]

None of the above

Answer 7

.Trash folder

Question 8

The default browser used on Mac OS X is:

Internet Explorer

Safari

Firefox

Opera

Answer 8

Safari

Question 9

Given the small amount of usable data obtainable from mobile devices, the forensic investigator needs to weigh the value of investing time examining mobile devices.

True
False

Answer 9

False

Question 10

There is a wide selection of forensic tools available for exploiting Macs.

True
False

Answer 10

False

Question 11

Examination of a Mac computer must be done manually – no automated tools exist.

True
False

Answer 11

False

Question 12

The reason that malware developers are beginning to target mobile devices is:

Because available memory is much smaller and the operating system is much less sophisticated on mobile devices, it is much easier to develop malicious code.

The malware market has become very crowded and developers are looking for new avenues.

Since the coding is much simpler on mobile devices, many new programmers are trying at this particular platform.

Since mobile devices are used more and more for online banking and making purchases, they have become prime targets for computer criminals.

Answer 12

Since mobile devices are used more and more for online banking and making purchases, they have become prime targets for computer criminals.

Question 13

Macintosh disks can only be examined on a Macintosh system.

True
False

Answer 13

False

Question 14

Powering down a mobile device and removing the battery may cause problems in that:

When the battery is removed from a mobile device, the information in memory is lost.

Doing so may activate security measures such as lock codes and encryption.

The process of removing the battering can cause a capacitive discharge, destroying the device.

You now have two pieces of evidence, which have to be documented.

Answer 14

Doing so may activate security measures such as lock codes and encryption.

Question 15

Where did our Special Presenter from February 20th work?

Target

Best Buy

Medtronic

HelioMetrics

Answer 15

HelioMetrics

Question 16

Mobile devices are considered to be a type of embedded system.

True
False

Answer 16

True

Question 17

Which of the following is NOT one of the methods mobile devices use to communicate?

FDDI

Telecommunication networks

WiFi access points

Bluetooth piconets

Answer 17

FDDI

Question 18

Recently accessed files and applications are listed in:

~/Library/Recent

Catalog:Recent

~/Library/Preferences/com.apple.recent.items

com.apple.TextEdit.plist

Answer 18

~/Library/Preferences/com.apple.recent.items

Question 19

The most common approach to salvaging deleted data on Macintosh systems is to:

Use EnCase to recover the files.

Use the Catalog utility.

Use file carving techniques.

There is currently no solution to recovering deleted files from a Macintosh.

Answer 19

Use file carving techniques.

Question 20

Due to the design of the Macintosh Catalog file, it is easy to recover deleted files manually, using forensic tools.

True
False

Answer 20

False

Question 21

When analyzing a GPS-enabled mobile device, it is often possible to recover location information, import it into mapping software, and display the locations on a map.

True
False

Answer 21

True

Question 22

The folder ~/Library/Mail Downloads contains:

Internet downloads

E-mails that contain attachments

Unread e-mails

E-mail attachments that have been opened

Answer 22

E-mail attachments that have been opened