Networking 978-0123742681 Chapter 20 Quiz

Unlock access to all the studying documents.

View Full Document

Chapter 20

Digital Evidence on Mobile Devices

On completion of this chapter, the student will:

– Recognize that the use of cell phones and smart phones is an integral part of modern society.

– Recognize that mobile devices can contain vast amounts of personal information.

– Be familiar with the terminology used with mobile devices.

– Be aware that criminals will use and store information on mobile devices, providing an additional

source for evidence.

– Be aware that characteristics of Flash memory chips may result in the recovery of user-deleted

information.

– Be aware that mobile devices have become a new target for malware developers.

– Recognize that mobile devices can connect to various networks via cellular towers, WiFi access

points, and Bluetooth, and those connected networks may also contain notable data.

– Recognize that handheld devices may be synchronized to desktop applications, and notable data

may be found there, as well.

– Recognize that information from mobile devices can assist the investigator in discovering the

– Be aware that, while the same forensic principles apply to mobile devices as they do to regular

computers, the dynamic, connected nature of mobile devices can present challenges.

– Be aware of various mobile device forensic tools currently on the market.

– Be aware of various methods of applying the forensic examination and analysis methodology to

mobile devices.

– Be aware of various methods for data recovery on mobile devices.

– Be aware of the variety of formats used on mobile devices.

– Be aware of the issues involved with the acquisition and examination of SIM cards.

– Be aware of the forensic challenges relating to SIM card security.

– Recognize the value and the need to apply investigative reconstruction techniques to mobile

devices.

Class Notes

The instructor should convey to the student that, because mobile devices are so pervasive and becoming

more so every day, they should both expect and be prepared to deal with the ever growing variety of

mobile devices. It would, in fact, be reasonable to expect to find a mobile device involved in nearly every

type of case that law enforcement would counter.

Multiple Choice Questions

1. Which of the following is NOT one of the methods mobile devices use to communicate?

2. One major advantage of mobile devices from a forensic perspective is that:

3. The reason that malware developers are beginning to target mobile devices is:

4. Software designed to monitor activities on mobile devices has come to be called:

5. One of the dangers (from a forensic standpoint) of mobile devices is:

6. One of the difficulties unique to forensic processing of mobile devices is:

7. Powering down a mobile device and removing the battery may cause problems in that:

8. Which of the following are methods for preserving mobile devices by isolating them from the

networks?

9. Why is it important to collect charging cables when seizing mobile devices?

10. Which of the following is NOT one of the currently available methods for extracting data from

mobile devices?

11. Forensic examiners should be aware that a mobile device with a blank or broken display:

12. The IEEE standard that specifies a standardized interface for testing integrated circuits,

interconnections between components, and a means of observing and modifying circuit activity

13. A peculiarity of mobile devices is the format that they store SMS messages, which is:

14. Certain data on mobile devices, in particular

format. In that case, the phone number 12025437078 would be displayed as:

15. The primary reason that brute-force methods are not used when trying to access an SIM card with

the PIN set is:

True or False Questions

1. Since mobile devices consist of a CPU, memory, storage, and software, the same as traditional

computers, they are processed in exactly the same way.

2. Mobile devices are considered to be a type of embedded system.

3. Given the small amount of usable data obtainable from mobile devices, the forensic investigator

needs to weigh the value of investing time examining mobile devices.

4. One drawback of mobile device examination is that when a user deletes data on a mobile device

that data is never recoverable.

5. Mobile devices have become a promising new target for malware developers.

6. The dynamic nature of mobile device communications presents additional challenges for the

forensic examiner.

7. Although mobile devices may connect to networks, WiFi and Bluetooth connections, and

desktops synchronizing software, the forensic examiner should focus entirely on the mobile

device itself.

8. There are currently no forensic tools available for processing mobile devices.

9. st complete collection of data from a mobile

device is to make a physical acquisition.

10. One of the difficulties in processing mobile devices is that the manufacturers always use

proprietary storage formats.

11. When analyzing a GPS-enabled mobile device, it is often possible to recover location

information, import it into mapping software, and display the locations on a map.

12. Something forensic examiners need to keep in mind when trying to brute force an SIM card that

has had a PIN set is that the card will lock after the second failed attempt.

13. Best practices for seizing a mobile device is to power the device off and remove the battery so

that no new connections are made over the network.

14. Certain data on mobile devices, particularly phone numbers, are stored in nibble-reversed format.

15. It is often possible to perform a forensic analysis of a physical duplicate of mobile devices using

file system forensic tools.

Essay Questions

1. Discuss the preservation, examination, and analysis issues that make processing mobile devices

unique.

2. Discuss methodologies for processing a crime scene involving mobile devices. Take into

account the special issues relating to mobile devices.