Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mobile Device Collection More Than Just a Phone. More than just a phone… Cell phone Address book Planner & Organizer Messenger Photo & Video camera GPS.

Published byBernice Nash Modified over 8 years ago

Similar presentations

Presentation on theme: "Mobile Device Collection More Than Just a Phone. More than just a phone… Cell phone Address book Planner & Organizer Messenger Photo & Video camera GPS."— Presentation transcript:

1 Mobile Device Collection More Than Just a Phone

2 More than just a phone… Cell phone Address book Planner & Organizer Messenger Photo & Video camera GPS navigator Web client Platform for 3 rd party apps

3 Tech is where the evidence is at… Widespread Adoption of legal forensics has increased –quickly moved from primarily federal use to local level law enforcement and now business in the enterprise, prisons and schools. 92% of AAML divorce attorneys cited an increase in cases using evidence taken from smart phones during the past three years. In the same survey, 94% noted an increase in text message evidence. 81% of AAML members say they have seen increased use of evidence from social networking websites during the past five years (with Facebook being cited as the primary culprit).

4

5

6

7

8 Mobile Forensics 101 Mobile Device Data Acquisition Today is Used Widely Around the World. 80% of All Criminal Investigations in Europe Involve Mobile Device Acquisition. 90% of All Criminal Investigations in UK. 70% in US (estimate and growing). Quickly Becoming The Necessary Part of Every Investigation.

9 Mobile Forensics 101 Types of data available for forensic exam can be different based on the type of device, but typically: Call logs Texts (MMS, SMS) Contacts Calendar items Photos Music Videos “Snapchat” data

10 Mobile Forensics 101 And more… Facebook Contacts, Skype, YouTube data MySpace Usernames and Passwords Locations from GPS, Cell Tower and Wi-Fi networks Memos Notes Email Geolocation data (phone, pictures) Map histories Wireless access history Deleted information

11 The Mobile Forensic Process Seizure. If device is found off, leave off, place in Faraday Bag. If device is found on, leave on, place in Faraday Bag, and if possible, place in Airplane Mode. Document everything. Maintain a clear Chain of Custody.

12 Post-Seizure Process

13 Mobile Forensics 101 Data Collection Tools Constantly evolving. May lag behind device introduction Contribute to cost consideration. Importance of validation.

14 Example: UFED Touch Ultimate Favorite of LE, can download entire contents of a phone in ~2 minutes.

15 “I need __________ to prove ____________.” Need to have the end goal (somewhat) defined. May affect acquisition strategy And cost Will affect the overall discovery plan Essentially answering the following question: Discovery Plan Checklist

16 Are there any issues that require a Meet & Confer? After deciding on type of evidence needed, you need to specify the form or “filetype” you’re going to receive it in after collection. Does collected data need further processing? Metadata extraction Hashing

17 Discovery Plan Checklist Does the collected data need further review? How do you intend to produce? Or is production even needed? How intend to use data? If intending to introduce in Court, you still have to meet fundamental evidentiary foundations of authenticity and relevance.

18 Authentication and Hashing How do you know that you have an exact forensically- sound copy of the target device? Hashing: A cryptographic hash function is an algorithm that takes data and returns a hash value so that any accidental or intentional change to the data will (with very high probability) change the hash value. The data to be encoded are often called the "message," and the hash value is sometimes called the message digest or simply digest.

19 Hash Example Comparison

20 One Pixel is Different

21

22 Practical Considerations Difficult to define an industry standard. Cost. Length of time necessary. Expiration of data/time elapsed since “incident”. BYOD. Explanation of technical terms to the Court.

23 Really Deleting Mobile Device Data Perform a Factory Reset. Wipes out the device’s existing encryption key, meaning that even if a file has survived, the phone will no longer be able to read it. Physically Destroy. Remotely Wipe. The importance of a Faraday Bag. Use a phone with a Chinese chipset—generally difficult to extract due to poor build quality.

24 The Future?

25 Contact Information sschaffer@watermarklabs.com sschaffer@bladetechinc.com @sschaffer www.linkedin.com/in/scottschaffer314

26 Questions?

Download ppt "Mobile Device Collection More Than Just a Phone. More than just a phone… Cell phone Address book Planner & Organizer Messenger Photo & Video camera GPS."

Similar presentations

Electronic Evidence Joe Kashi. Todays Program Types of Electronically stored information Types of Electronically stored information Accessibility and.

Electronic Evidence Joe Kashi. Todays Program Types of Electronically stored information Types of Electronically stored information Accessibility and.
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
3.04 Understand the use of direct marketing to attract attention and to build a brand.

3.04 Understand the use of direct marketing to attract attention and to build a brand.
Security for Mobile Devices

Security for Mobile Devices
Smartphone and Mobile Device Security IT Communication Liaisons Meeting October 11, 2012 Theresa Semmens, CITSO.

Smartphone and Mobile Device Security IT Communication Liaisons Meeting October 11, 2012 Theresa Semmens, CITSO.
Mobile technologies Bunch of disparate technologies Many cases of successful use in firms (000s) Costly to implement because mostly once off bespoke development.

Mobile technologies Bunch of disparate technologies Many cases of successful use in firms (000s) Costly to implement because mostly once off bespoke development.
MNO Cloud Use Case 3 Source: Rogers Wireless Contact: Ed O’Leary George Babut 3GPP/SA3-LI#43Tdoc SA3LI11_116.

MNO Cloud Use Case 3 Source: Rogers Wireless Contact: Ed O’Leary George Babut 3GPP/SA3-LI#43Tdoc SA3LI11_116.
Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.

Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.
BYOD: Privacy and Security Andrew Paterson, Senior Technology Officer.

BYOD: Privacy and Security Andrew Paterson, Senior Technology Officer.
No Nonsense File Collection Presented by: Pinpoint Labs Presenter: Jon Rowe, CCE, ISFCE Certified Computer Examiner Members: The International Society.

No Nonsense File Collection Presented by: Pinpoint Labs Presenter: Jon Rowe, CCE, ISFCE Certified Computer Examiner Members: The International Society.
We’ve got what it takes to take what you got! NETWORK FORENSICS.

We’ve got what it takes to take what you got! NETWORK FORENSICS.
(C) Oxygen Software, 2000-2008 Oxygen Forensic Suite – Premium Mobile Examination Extracting.

(C) Oxygen Software, Oxygen Forensic Suite – Premium Mobile Examination Extracting.
Advanced Techniques in Forensic Examination of Smartphones (C) Oxygen Software, 2000-2010 2010.

Advanced Techniques in Forensic Examination of Smartphones (C) Oxygen Software,
MD5 Summary and Computer Examination Process Introduction to Computer Forensics.

MD5 Summary and Computer Examination Process Introduction to Computer Forensics.
BACS 371 Computer Forensics

BACS 371 Computer Forensics
Hong-Kong, Mar-03-05 Mobile Data in Legal Proceedings and methods for Extraction, Analysis and Delivering Yuval Ben-Moshe Forensics Technical Director.

Hong-Kong, Mar Mobile Data in Legal Proceedings and methods for Extraction, Analysis and Delivering Yuval Ben-Moshe Forensics Technical Director.
Apple iPhone. Visual Voicemail allows you to go directly to any of your messages without listening to the prior messages. So you can quickly select the.

Apple iPhone. Visual Voic allows you to go directly to any of your messages without listening to the prior messages. So you can quickly select the.
Technological Convergence for Institutions & Audiences

Technological Convergence for Institutions & Audiences
IPhone 3.0 Presented By: Renee` Smith. Introduction iPhone OS 3.0 Most advanced mobile phone platform 100 New features Coming out this summer.

IPhone 3.0 Presented By: Renee` Smith. Introduction iPhone OS 3.0 Most advanced mobile phone platform 100 New features Coming out this summer.
CS691 Robin Kimzey Cell Phone Security a little computer in your pocket an easy target for malcontents.

CS691 Robin Kimzey Cell Phone Security a little computer in your pocket an easy target for malcontents.

Similar presentations

Ads by Google