Marsha’s iPhone X - iOS 14.6
Question 44 – 10pts
Criminals tend to keep their business private. The suspects used an App that hides data (photos/video/contacts) behind an ordinary calculator. Provide icloud address used to purchase this app.
The iCLoud address used by Marsha can be found on the Physical Analyzer homepage.
It’s a clever email address as well, [email protected] is the correct solution.
Question 45 – 10pts
What is the device vendor’s internal model name?
The internal model name can also be found on the homepage.
The internal model name is D22AP.
Question 46 – 10pts
Which 3rd party app had the longest active session? provide app identifier such as: com.ubercab.UberClient
We can go to the Aggregated Application Usage tab to how long applications were used for and when. Then, we can sort by Active time to see the longest sessions.
The longest active session belongs to com.apple.SleepLockScreen, however, that is not a third party app. The longest session on a third party app was 01:12:24 spent in com.google.photos.
Question 47 – 10pts
What is the MD5 hash value for the file classified as Type: Images with a file size of 68147 bytes?
Once again, we need to use the Images tab. From there, we can simply search for the filesize!
Using the returned results, we can see the exact image and the file hash. The hash and solution is d9777bb03efb817bb6eaeec026a5b0c2.
Question 48 – 20pts
The suspect had Pizza for lunch, what was the date and time of the order? Format: MM-DD-YYYY HH:MM, e.g. 01-22-2019 19:46
For this question, I got lucky and had stumbled across a photo of a receipt earlier. I’m sure there is a way to find it via Cellebrite’s image classification.
The data and time she had lunch was 03-08-2021 12:11.
Question 49 – 20pts
The investigators were looking for a specific Kia stolen by the gang. They were missing 3 digits of the license plate (left most). Find the first 3 digits they were missing.
Once again, I got lucky and stumbled upon this solution while looking for another challenge’s solution. The intended solution is probably more image categorization using a vehicle/license plate number filter. Remember, always read all of the questions in a section before grinding to solve the first one, it can pay off.
The first three digits are 508.
Question 50 – 20pts
What is the most frequently interacted phone number over a call? format should be +[country_code][number] for example: +97243501234
First, we need to go to the Call Log tab. Then we can select the Parties tab to allow us to sort by the calls. This dialog also shows a count of repeated incoming or outgoing calls.
By quickly scrolling the list, we can see the most frequently interacted with number is +15162879924.