GASFPreview

Based on the image below, which file system is being examined?

Following the introduction of iMessage with the firmware release iOS 5, devices began storing date/timestamps in which of the following formats?

The device pictured below is in Download Mode to attempt a physical acquisition. What can be ascertained by viewing the Android boot screen below?

An analyst investigating a Nokia S60 Symbian device wants to know if an Adobe Flash file on the handset is compromised. Which file in the image will best target the Adobe Flash files?

As part of your analysis of a legacy BlackBerry device, you examine the installed applications list and it appears that no third-party applications were installed on the device. Which other file may provide you with additional information on applications that were accessed with the handset?

When conducting forensic analysis of an associated media card, one would most often expect to find this particular file system format?

Cellebrite Physical Analyzer uses Bit Defender to scan for malware by flagging files who have known bad hash values. This is an example of which type of mobile malware detection?

Which of the following is required in addition to the Apple ID of the custodian to access IOS backup files that are stored in ICloud?

In 2015, Apples iTunes store was found to be hosting several malicious applications that were infected as a result of hacked version of the developer toolkit used to create applications. Which Apple developer suite was targeted?

An Android device user is known to use Facebook to communicate with other parties under examination. There is no evidence of the Facebook application on the phone. If there was Facebook usage where would an examiner expect to find these artifacts?

Physical Analyzer provides a function to narrow down a search based on a timestamp, a type, a party or date. What is the name of this advanced searching capability?

The files pictured below from a BlackBerry OS10 file system have a unique file extension. What can be concluded about these files?

Where can an analyst find data to provide additional artifacts to support the evidence in the highlighted file?

Which of the following is a unique 56 bit number assigned to a CDMA handset?

Which of the following files provides the most accurate reflection of the device’s date/timestamp related to the last device wipe?

Which of the following is the term for the SMS malware that sends text messages to a premium number generating large service bills for the user of the targeted device?

When examining the iOS device shown below the tool indicates that there are 4 chat messages recovered from the device. Which of the following locations may contain additional chat information?

Which of the following can most forensics tools crack on an iOS device?

Which cloud based system can be utilized by Android owners to backup user data?

Analyze the two tables (Albums and Photos) provided from the Facebook database on an Android device located at the path: /data/data/com.facebook.katana/ databases/fb.db.
Which photo was added to Facebook by the user of the device?

Which file will indicate if Siri was active on an iOS device?

Which of the following is one potential risk of using the ALWAYS OFF rule for handling cell phones?

What type of storage does an iOS device use for user data?

Which of the following items is found in the Kernel Space for an iOS device?