Cellebrite Physical Analyzer uses Bit Defender to scan for malware by flagging files who have known bad hash values. This is an example of which type of mobile malware detection?

Which artifact(s) can be extracted from a logical image only if the device the image was acquired from was jailbroken?

An Android device user is known to use Facebook to communicate with other parties under examination.

There is no evidence of the Facebook application on the phone. If there was Facebook usage where would an examiner expect to find these artifacts?

As part of your analysis of a legacy BlackBerry device, you examine the installed applications list and it

appears that no third-party applications were installed on the device. Which other file may provide you with additional information on applications that were accessed with the handset?

When examining a file system acquisition of an Android device Which artifact must be carved out manually?

An analyst investigating a Nokia S60 Symbian device wants to know if an Adobe Flash file on the handset is compromised.

Which file in the image will best target the Adobe Flash files?

Property list (Plist) files are used by iOS devices to store datA. Which of the file formats below is common to

plist files?

What is often more of a challenge with mobile forensics than other areas of forensics?

During the forensic analysis of a Nokia Symbian phone, you receive a SD card with files in the Nokia\Content

Copier folder. What data is present to examine?

Which of the following is of most concern when attempting to root an Android device such as Google Glass

when conducting a forensic acquisition?

Where would an examiner find evidence of an iOS update to device from one version to another?