Based on the image below, which file system is being examined?
Correct Answer:
A
🗳️
Reference:
https://forums.techguy.org/threads/virus-in-china-mobile.992051/
What type of acquisition is being examined in the image below?
Correct Answer:
C
🗳️
Reference:
http://www.forensicswiki.org/wiki/How_To_Decrypt_Android_Full_Disk_Encryption
Which of the following files contains details regarding the encryption state of an iTunes backup file?
Correct Answer:
C
🗳️
The Manifest.plist lists if the backup is encrypted. This will come into use and be required should the backup file need to be accessed forensically if it is locked. The Manifest.mbdb contains a listing of data stored in the backup. Even if the backup is encrypted, this data can be parsed for more information.
Reference:
http://resources.infosecinstitute.com/ios-5-backups-part-1/#gref
In addition to the device passcode, what other essential piece of information is most often required in order to decrypt the contents of BlackBerry OS 10 handsets?
Correct Answer:
C
🗳️
Special considerations when analyzing data from BlackBerry OS 10 devices:
✑ You must have the device passcode as well as the BlackBerry Link password in order to backup or view this data
✑ This requires an Internet connection on the processing machine because you are authenticating to the BlackBerry
Link Server to authenticate the username and password
✑ You may encounter issues when attempting to acquire a BES-enabled device.