Quiz 3

A digital illustration showing various iOS devices and forensic tools in a futuristic lab setting, emphasizing the theme of mobile forensics and data acquisition.

iOS Forensics Quiz

Test your knowledge on iOS forensics with our comprehensive quiz. Dive into questions about file systems, data storage, acquisition methods, and much more related to iOS devices.

Whether you're a forensic analyst or simply interested in mobile technology, this quiz will challenge your understanding and help you learn more about:

  • iOS file systems
  • Data acquisition methods
  • iOS device settings
  • Mobile forensics techniques
20 Questions5 MinutesCreated by AnalyzingApple21
Starting in iOS 11, what is the length of the datetime stamps for iMessages?
18-digit
9-digit
10-digit
16-digit
What area, stored between the flash memory and system area of a device, holds the encryption key for encrypting an iOS device?
Key storage
Master storage
Effaceable storage
Internal storage
All dates and times for iMessages are stored in what format?
Mac Epoch
Local time
Universal Time
UNIX epoch
What file would an examiner analyze to find Apple Maps data for an iOS 9 device?
History.mapsdata
Com.GeoHistory.plist
Com.applemaps
GeoHistory.mapsdata
What file can help determine whether multiple SIM cards were used in an iPhone?
CellularUsage.db
SIM.db
TCC.db
DataUsage.sqlite
What folder contains the communication data for an iPhone device, including call logs, SMS data, and email?
User
Data
Var
Library
You are analyzing a Windows PC used by a suspect. The suspect also owns an iPhone, which was wiped a few hours before seizure. In which PC folder could you possibly find synced crash logs and sysdiagnose logs?
C:\Users\\Apple\MobileSync\Backup\
C:\Users\ \Library\Logs\CrashReporter\MobileDevice\
C:\Users\\AppData\Roaming\Apple Computer\MobileSync\Backup\
C:\Users\\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\
A forensic examiner needs to obtain user data from an iOS device as part of an investigation. What file system location would provide most of these data?
/usr/var/mobile
/private/var/mobile
/usr/data/app
/private/data/user
On iOS 13, where are Apple Maps data being stored?
Protobufs
RAM Slack
BLOB data
Flatbufs
What feature of Apple Continuity allows users to receive a phone call on their iPhone and answer it with their MacBook Pro?
AirPlay
Streaming
Universal Clipboard
Handoff
A forensic analyst needs to do a file system acquisition of an iPhone running iOS 12.3. What exploit can be leveraged to temporarily jailbreak the device?
Checkraln
UncOver
GrayKey
Checkm8
Which folder contains user-created screen captures on an iOS device?
Media
Library
DCIM
Video
During an investigation, a lockdown file is found on a suspect's computer. What might prevent the lockdown file from unlocking the suspect's iPhone?
The iPhone was recently restarted.
The iPhone needs updating.
The computer was recently restarted.
The computer runs Windows.
What artifact provides evidence of location services being enabled on an iOS device?
Device_values.plist
Services.sqlite
Com.apple.locationd.plist
Cached_encryptedA.db
What is the best acquisition method for imaging current iOS devices?
Physical acquisition
Advanced logical acquisition
Full file system acquisition
Logical acquisition
An iPhone running iOS 12 has been seized and transported to a lab. Three days later, during an attempted acquisition, tools are unable to recognize the connected device. What might be the cause?
USB Restricted Mode was disabled.
Device Security Mode was enabled.
The device was jailbroken.
USB Restricted Mode was enabled.
An analyst has a jailbroken iOS device used for testing and research. The device is connected via USB to the workstation, and the analyst wants to use the ArtEx tool to create a live connection. What is needed to activate the connection?
Open an SSH tunnel on localhost and then install ArtEx agent on the device.
Reboot the device in DFU mode and connect via SSH on port 44,
Install Open SSH on the iOS device and then open an SSH tunnel on localhost.
Install an FTP server on the jailbroken device and x create an SSH tunnel.
You are asked to acquire an iPhone X running iOS 13.5. The device is turned off and the passcode is unknown. You need to grab some user data and config files before submitting the device to a specialized lab for passcode cracking. Which kind of acquisition can you obtain before cracking the passcode?
AFC
ITunes Backup
Sysdiagnose
BFU
On an iOS 13 file system extraction, what evidence source is not available when the backup is not encrypted?
SMS Messages
MMS Messages
Safari
Contacts
Which of the following file systems is used on iOS devices?
FAT16
NTFS
EXT4
APFS
{"name":"Quiz 3", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"Test your knowledge on iOS forensics with our comprehensive quiz. Dive into questions about file systems, data storage, acquisition methods, and much more related to iOS devices.Whether you're a forensic analyst or simply interested in mobile technology, this quiz will challenge your understanding and help you learn more about:iOS file systemsData acquisition methodsiOS device settingsMobile forensics techniques","img":"https:/images/course6.png"}
Powered by: Quiz Maker