nerdexam
(ISC)2

CISSP · Question #454

Why are mobile devices something difficult to investigate in a forensic examination?

The correct answer is C. They may contain cryptographic protection.. Mobile device forensics is challenging primarily because modern devices often employ strong cryptographic protection (full-disk or file-based encryption) that can make data inaccessible without proper keys or credentials.

Submitted by chen.hong· Mar 5, 2026Security Operations

Question

Why are mobile devices something difficult to investigate in a forensic examination?

Options

  • AThere are no forensics tools available for examination.
  • BThey may have proprietary software installed to protect them.
  • CThey may contain cryptographic protection.
  • DThey have password-based security at logon.

How the community answered

(36 responses)
  • A
    6% (2)
  • B
    3% (1)
  • C
    78% (28)
  • D
    14% (5)

Why each option

Mobile device forensics is challenging primarily because modern devices often employ strong cryptographic protection (full-disk or file-based encryption) that can make data inaccessible without proper keys or credentials.

AThere are no forensics tools available for examination.

This is factually incorrect; numerous mature forensic tools exist specifically for mobile devices, such as Cellebrite UFED, Oxygen Forensic Detective, and Magnet AXIOM, making tool availability a non-issue.

BThey may have proprietary software installed to protect them.

While some devices may have proprietary software, this is not the primary forensic challenge; proprietary software alone does not prevent data extraction the way cryptographic protection does.

CThey may contain cryptographic protection.Correct

Modern mobile devices implement full-disk or file-based encryption using strong cryptographic algorithms (e.g., AES-256), meaning that even if a forensic examiner can physically access the storage medium, the data remains unreadable without the decryption key. This encryption is often tied to the user's PIN, password, or biometric, and hardware-backed key storage (like a Secure Enclave or Trusted Execution Environment) actively resists brute-force and bypass attempts. This makes acquisition and analysis of evidentiary data significantly more difficult compared to traditional unencrypted media.

DThey have password-based security at logon.

Password-based logon security is a relatively weak barrier in forensics because many tools can bypass or exploit the logon mechanism, and it does not protect the underlying data storage the way encryption does.

Concept tested: Mobile device encryption challenges in forensic investigations

Source: https://www.nist.gov/publications/guidelines-mobile-device-forensics

Topics

#mobile forensics#digital forensics#encryption#incident response

Community Discussion

No community discussion yet for this question.

Full CISSP Practice