GASF

When examining the iOS device shown below the tool indicates that there are 4 chat messages recovered A . Memory ranges from a physical dump of the deviceB . Databases installed and maintained by the applicationC . Internet history plist files found in logical acquisitionsD . IP connections used by...

An Android device user is known to use Facebook to communicate with other parties under examination. There is no evidence of the Facebook application on the phone. If there was Facebook usage where would an examiner expect to find these artifacts?A . com.android.chrome/app_chrome/Default/Local StorageB . dmappmgr.dbC . /data/system/packages.xmlD . AndroidManifest.xmlView...

Which of the following files provides the most accurate reflection of the device’s date/timestamp related to the last device wipe?A . /private/var/mobile/Library/AddressBook/AddressBook.sqlitedbB . /private/var/mobile/Applications/com.apple.mobilesafari/Library/history.dbC . /private/var/mobile/Applications/com.viber/Library/Prefernces/com.viber.plistD . /private/var/mobile/Applications/net.whatsapp.WhatsApp/Library/pw.datView AnswerAnswer: A

In addition to the device passcode, what other essential piece of information is most often required in order to decrypt the contents of BlackBerry OS 10 handsets?A . BlackBerry Blend username/pinB . BlackBerry Balance username/passwordC . BlackBerry Link ID/passwordD . BBM pinView AnswerAnswer: C Explanation: Special considerations when analyzing data...

What type of acquisition is being examined in the image below? A . iOS bypass lockB . Blackberry logicalC . Android physicalD . Windows Mobile file systemView AnswerAnswer: C Explanation: Reference: http://www.forensicswiki.org/wiki/How_To_Decrypt_Android_Full_Disk_Encryption

Which of the following is the term for the SMS malware that sends text messages to a premium number generating large service bills for the user of the targeted device?A . TrojanB . AdwareC . Potentially unwanted applicationsD . Click baitView AnswerAnswer: A Explanation: Reference: https://pdfs.semanticscholar.org/7f33/9156f47345bd102c9b05f45f9bfe4c182720.pdf

As part of your analysis of a legacy BlackBerry device, you examine the installed applications list and it appears that no third-party applications were installed on the device. Which other file may provide you with additional information on applications that were accessed with the handset?A . BlackBerry NV ItemsB ....

An analyst investigating a Nokia S60 Symbian device wants to know if an Adobe Flash file on the handset is compromised. Which file in the image will best target the Adobe Flash files?A . FLASHLITB . sisC . flashliteplugin.r03D . saflash.r01E . OnlinePrint.sisView AnswerAnswer: A Explanation: A sis.file is the...

The files pictured below from a BlackBerry OS10 file system have a unique file extension. What can be concluded about these files?A . Files are protected by the file system, so changing the file system makes them less accessibleB . Files are encrypted to prevent them from being viewed without...

Cellebrite Physical Analyzer uses Bit Defender to scan for malware by flagging files who have known bad hash values. This is an example of which type of mobile malware detection?A . Specific-based malware detectionB . Signature-based detectionC . Behavioral-based detectionD . Cloud based malware detectionView AnswerAnswer: B Explanation: Reference: https://security.stackexchange.com/questions/95186/what-is-the-precise-difference-between-a­signature-based-vs-behavior-based-antiv