Deck 20: Digital Evidence on Mobile Devices

A) A four-digit PIN represents 10,000 possible combinations.
B) After three failed attempts, the SIM card will become locked.
C) PIN disclosure by the offender can be required by a court order.
D) None of the above.

A) Malware
B) Spouseware
C) Trojan defense
D) None of the above

A) When the battery is removed from a mobile device, the information in memory is lost.
B) Doing so may activate security measures such as lock codes and encryption.
C) The process of removing the battering can cause a capacitive discharge, destroying the device.
D) You now have two pieces of evidence, which have to be documented.

A) ASCII
B) Unicode
C) GSM 7-bit
D) Baudot

A) MD five hashes must be calculated for data recovered from mobile devices.
B) Documentation must show continuous possession and control.
C) An investigator must make a calculated decision to either prevent or allow the device to receive new data over wireless networks.
D) Any issues encountered with processing the device should be documented.

A) Because available memory is much smaller and the operating system is much less sophisticated on mobile devices, it is much easier to develop malicious code.
B) The malware market has become very crowded and developers are looking for new avenues.
C) Since the coding is much simpler on mobile devices, many new programmers are trying at this particular platform.
D) Since mobile devices are used more and more for online banking and making purchases, they have become prime targets for computer criminals.

A) People very seldom delete information from mobile devices.
B) The process for deleting information is much more complicated than for adding information, and users frequently don't delete things correctly.
C) Flash memory is deleted block-by-block and mobile devices generally wait for a block to be full before it is deleted.
D) Manufacturers reserve a part of memory for storing deleted items.

A) FDDI
B) Telecommunication networks
C) WiFi access points
D) Bluetooth piconets

A) 2120457370F8
B) 20217345870
C) 87073452021
D) 8F0737542021

A) RG-45
B) FDDI
C) WiMAX
D) JTAG

A) May as well be thrown away, as no data will be recovered from it
B) May only indicate that the screen is damaged and it may still be possible to extract data
C) May require that the mobile device be sent out to the manufacturer for repairs
D) None of the above

A) Connected networks can contain investigatively useful information.
B) Network service providers may provide information for comparison with data extracted from a mobile device.
C) Connected networks can enable offenders to delete data remotely.
D) Network service providers may provide additional historical call records.

A) Mobile device batteries have a limited charge life span, and the device will need a charger to maintain the battery until the device can be processed.
B) To reduce owner complaints about missing cables when, at some point, seized devices are returned.
C) In those cases where evidence seized is forfeit, you want to make sure you have everything you need to operate the device.
D) None of the above.

A) Reconfigure the device to prevent communication from the network.
B) Place the device in an RF-shielded pouch.
C) Jam RF signaling in the immediate area.
D) All of the above.

A) Manual operation via user interface
B) Logical acquisition via communication port
C) Connecting the communication port directly to an output device such as a printer
D) Physical acquisition via the communication port