








Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
SANs 4 585 Smart Phone Forensic Analysis exams with verified solutions 2026/2027 study set
Typology: Exams
1 / 14
This page cannot be seen from the preview
Don't miss anything!









Under which iOS sub-directory folder would an examiner expect to find Internet history, caches, keyboards, and Cookies? Library The /private/var/mobile/Library folder (physical acquisition), Backup Service/mobile/Library (File System acquisition) or Library folder (Logical acquisition) contains most of the data of interest for forensic examiners. The Library folder contains a vast amount of folders including those containing data pertaining to communication, Internet history, Preferences, Keyboard, Caches and more. Tools like Physical Analyzer provide access to all of these folders and database files. Another location for the Library folder may be the Data/Data/mobile/Library for physical acquisition. Answer Options: •Health •Library •Applications •Media What SQLite data type can be exported in order to be opened with a compatible program? BLOB
Like the name suggests, BLOBs are comprised of binary data. Embedded files are stored as BLOBs. This data can be exported and then opened with a compatible program. Answer Options: •PLIST •TIFE •BLOB •JPEG What can be concluded from a folder named "00e456d65498137b76ec5b4137a70821df4afdbf" found in a device's MobileSync directory? The backup was made prior to fall 2018 The backup files from an iOS device prior to September 2018 changed from the 40 digit alphanumeric GUID to a format of 8 characters for the ChipID padded with zeros followed by 16 characters of ECID in hex padded with zeros on the left. Similar to [Opadding] CHIP-[0padding]ECID. An iPhone XS/XR series phone will have the Chip ID of 8020 and an iPhone 11 will have a ChipID of 8030. Answer Options:
perform a similar hardware-based key storage, but are found on computers and not mobile devices. Answer Options:
Answer Options:
Answer Options:
Answer Options:
can be decrypted, typically through a brute force attack. Answer Options: