1 / 32

Mobile Device Digital Forensics

Mobile Device Digital Forensics. Brent Williams, PhD Director, KSU iTeach Center brent@iteachcenter.org. Objectives. Introduce Topic & Concepts Establish Basic Procedures Describe and Discuss Tools Discuss Need in School Systems Take- Aways. History.

marvin
Download Presentation

Mobile Device Digital Forensics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mobile Device Digital Forensics Brent Williams, PhD Director, KSU iTeach Center brent@iteachcenter.org

  2. Objectives • Introduce Topic & Concepts • Establish Basic Procedures • Describe and Discuss Tools • Discuss Need in School Systems • Take-Aways

  3. History • Driver: Mobile phones involved in crimes • Genesis: 1990’s • Explosive growth exposes need

  4. History • Early efforts involve screen viewing and photographing • Tools developed for direct access

  5. Anti-Forensics • Features purposely added to prevent forensic access • Protect data from prying eyes • Theft • Hacking • Constantly Changing/Evolving

  6. Where Will Evidence Come From? • SIM Card • Additional memory • Internal / Removable • SMS messages, logs, contact list • Audio and video recordings • Data from apps • Email

  7. Device Seizure • Reasonable expectation of privacy • Written, signed policy • Warrants and subpoenas • Seized in “on” state • Must preserve state • Transport in Faraday cage or bag

  8. Device Acquisition

  9. Device Examination and Analysis • We don’t image like a PC • No Magic Boot Disk • We retrieve data • Sophisticated Utilties • File viewer, hex editor • Commercial tools

  10. Data Acquisition Types

  11. Manual Acquisition • Examine via user interface • Photograph Screen • Adequate for many K-12 situations

  12. SoftwareAcquisition • Ideally, bit by bit copy of memory • Access available internal memory • Special cable and software • SD flash card(s) • Decode and examine • Decrypt if necessary

  13. Logical Acquisition • Extract and organize information • Find logical units • Records, entries • Not deleted items

  14. Acquisition Tools

  15. SIM Card • Subscriber Identity Module • Serial Number – ICCID • Intl Mobile Subscriber Identity • And more • SMS Messages • Contacts • SIM Card Readers

  16. External Memory • SD, CF, etc memory cards • Write block if possible

  17. Internal Memory • JTAG -Joint Test Action Group • Special connector on circuit board • May require soldering connector • Destruction possible • All memory can be read

  18. Recovery Sticks • ParabeniRecovery Stick • iPhone • SMS, Call History, Pics, etc. • $169 • Paraben Phone Recovery Stick • Android • SMS, Call History, File System, etc. • $169

  19. Field Kits and Software • Paraben Device Seizure • Over 30 of Most Popular Devices • SMS, file system, GPS, Email, etc. • $1,795 • Mobile Field Kit • Software • Cables, adapters, etc. • $3,495

  20. SoftwareTools • Radio Tactics, eDEC • Dell Digital Forensics • Dell Spektor • Cellebrite UFED • Micro Systemation XRY • Oxygen Forensic Suite 2011 • MOBILedit! Forensic

  21. Unusual Tools • RF-proof exam box (Faraday cage) • $1,595 • Stronghold Bag • $39.95 • Project a Phone • $895

  22. Issues • Lack of standards • Tools may or may not work • Creativity of investigator important

  23. iOS Device Handling • Get the SIM card out – get it off cellular and wifi - Turn on Airplane Mode • Use a Faraday Bag if available • Remember, User May Use “Find My iPhone” via iCloud.com • Can lock iOS device • Can wipe iOS device • Turn off Auto-Lock

  24. iOS Passcode • Some Info Not Accessible Unless Passcode Entered • Email Messages • Keychain • Some 3rd Party Application Data • Passcode MAYbe brute-forced • By software • Ex: Elcomsoft

  25. iOS Backup • Backup storage location well know • User\username\appdata\roaming\AppleComputer\MobileSync\Backup • Backup Attack Tools • Sync Certificates (.plist) • Can help in breaking passcodes

  26. iOS Forensics Tools • Lantern – katanaforensics.com • XRY – www.msab.com • Paraben • Secure View – www.secureview.us • Elcomsoft

  27. Oxygen Forensics • Example of Typical Tool • About $1500

  28. Lantern 2 • iOS Specific • Mac OSX Required • About $600

  29. Useful Links • www.paraben.com • www.radiotactics.com • www.edecdigitalforensics.com • www.cellebrite.com • www.msab.com • www.oxygen-forensic.com

  30. More Useful Links • www.forensicpeople.com • www.digitalintelligence.com • http://www.e-evidence.info

  31. Take-Aways • Mobile Device Forensics is VERY Doable • It is a Rapidly Moving Target! • Be prepared for ongoing R&D • There are Plenty of Tools Available • Free Tools • Inexpensive Tools • Expensive Tools • Procedures are Documented

  32. Slides atKSU iTeach Centerwww.iteachcenter.orgClick on Downloads

More Related