GIAC GASF - GIAC Advanced Smartphone Forensics
Where are iOS Class keys stored?
Which of the following files contains details regarding the encryption state of an iTunes backup file?
Which artifact must be carved out manually when examining a file system acquisition of an Android device?
What is the MAIN difference between a Full Root and a Shell/Soft Root?
What does the data string highlighted in blue represent in the File system path?
Which artifact(s) can be extracted from a logical image only if the device the image was acquired from was jailbroken?
An analyst is reviewing the contents of a media card that was found without an associated device. Based on the image below, with which mobile device is it most likely that this device was once paired?
Review the two highlighted sections in the hex output below from the file MP0c_000.
Convert the phone number found in raw format extracted from a Chinese knock-off device.
Exhibit:
Where can an analyst find data to provide additional artifacts to support the evidence in the highlighted file?
Which file, located on the Android file system, may be examined to correlate files related to external SD cards that were once used in an Android device?
