Quiz 4

A digital illustration of mobile forensics, featuring a blend of iOS and Android devices, a magnifying glass, and analytical tools in a futuristic setting.

Mobile Forensics Quiz

Test your knowledge on mobile forensics with this comprehensive quiz! It covers topics related to iOS and Android devices, including malware, backup strategies, data extraction, and application analysis.

Key Features:

Multiple choice questions
Focus on real-world forensic scenarios
Enhance your understanding of mobile security

20 Questions5 MinutesCreated by AnalyzingFox524

While collecting a user's iOS 11 device, a forensic examiner is informed by the user that they no longer know the backup password. What can the forensic examiner do in order to perform a good forensic acquisition?

Use the Reset All Settings feature on the device.

The examiner has no options as the password cannot be changed.

Have the user call Apple to obtain a temporary password.

Use brute-forcing techniques to guess the password.

Assuming you have obtained permission and have the relevant authority to do so, what is needed to access and download an iCloud backup?

Apple ID and password

A different iCloud account to transfer the backup to

A local backup stored on a computer

The phone from which the backup was created

Which of the following libraries is victim to the exploit used by the Stagefright malware?

LibCorefright

LibStagefright

CoreLibStagefright

LibVideoCodec

Which of the following is a potential malware infection indicator?

FBI warning label

Unusually large phone bills

Data plan usage reduction

Ads linked to search activity

If an analyst wants to find out whether a backup is encrypted, what file could they look in?

Manifest.mbdb

Info.plist

Info.mbdb

Manifest.plist

What are the forensic implications if a user decides not to encrypt backups of their iOS 13+ device?

The backups will not contain Contact data.

The backups will not contain Keychain data.

The backups will not contain Notes data.

The backups will not contain Message data.

During analysis of a Windows PC, an iOS backup is found. Which backup file do you need to check to see whether the backup is encrypted?

Info.plist

Status.plist

Encryption.plist

Manifest.plist

How can an analyst get access to the .ipa files for an iOS device?

Jailbreak the device.

Perform an advanced logical acquisition.

Retrieve the files via an iCloud backup.

Retrieve the files via an iTunes backup.

As with traditional computing platforms, there are mobile malware versions of backdoors, Trojans, and worms. Which of the following best describes a mobile malware backdoor?

A program that collects data about the user's activity and content from a mobile device

A program that purports to be one thing but additionally performs other functions

A program that replicates itself, creating similar or exact copies

A program that provides unauthorized remote access to a mobile device

An analyst is examining an Android device that may contain malware. Which operating system folder should they examine to view the downloaded .apk files for suspicious applications on the device?

Root/system

Root/data

Root/app-cache

Data/App

After an analyst unpacks the contents of an Android Application Package file, which resulting file is needed to create a jar file for analysis?

Modules.dex

Modules.apk

Classes.dex

Classes.apk

Which kernel vulnerability on iOS devices, if exploited, allows an attacker to send specially crafted WiFi packets and install malware?

AWDL

AFC

Sysdiagnose

CrashReporter

What should a forensic analyst be aware of when collecting data from iCloud?

Multiple data pulls may result in an iCloud password reset request.

There are no tools that support iCloud extractions.

ICloud services do not offer strong authentication mechanisms.

Too many incorrect logon attempts may wipe data from a mobile device.

A forensic analyst is performing static analysis on an Android application to determine its capabilities. What should be examined to identify what the user has allowed the application to access?

Services

Activities

Content providers

Requested permissions

During analysis of an iOS device, you need to investigate for suspicious profiles. Where should you go on the device to find provisioning profiles?

Settings > Control Center > Device Management

Settings > Device Management > Profiles

Settings > General > Profiles

Settings > General > Device Management

You are asked to examine an iOS backup of an iPhone 7 device. The device is currently locked. The investigator wants to know what applications are on the backup to determine whether this is the correct phone before asking for the PIN to unlock the device. What can you examine in the iOS backup to find this information?

Info.plist

Manifest.db

Sessions.plist

Status.plist

Which of the following tools can be used to access an iCloud Backup?

Andriller

UFED Physical Analyzer

FTK Imager

Elcomsoft Phone Breaker

You are analyzing an iOS device and want to locate all the IPA files for installed applications. Which folder should you investigate in a full file system extraction?

/private/var/containers/Bundle/Application//.app

/private/var/mobile/Containers/Data// .app

/private/var/mobile/Containers/Shared/AppStore//.app

/private/var/mobile/Bundle/Application//.app

Quiz 4

Mobile Forensics Quiz

More Quizzes