Guide to Computer Forensics and Investigations Fifth Edition

Slides:



Advertisements
Similar presentations
Introduction to Computers Lecture By K. Ezirim. What is a Computer? An electronic device –Desktops, Notebooks, Mobile Devices, Calculators etc. Require.
Advertisements

Guide to Computer Forensics and Investigations Fourth Edition
Guide to Computer Forensics and Investigations Fourth Edition Chapter 13 Cell Phone and Mobile Devices Forensics.
Mobile Computing Advantages and limitations of mobile computing
Teaching and Learning with Technology  Allyn and Bacon 2002 Digital Technologies in the Classroom Chapter 4 Teaching and Learning with Technology.
Digital Tools in Today’s Classrooms.  Platform  PC (personal computer)  Mac (Apple)  Connectivity  Wired- connected to the Internet through physical.
Chapter 1 Introduction to Computers p. 6.
HOW WELL DO YOU KNOW THE BASICS OF USING YOUR COMPUTER?
COS 413 Day 21. Agenda Assignment 6 is Due Lab 6 Corrected –1 A, 4 B’s, 1 C, 2 D’s and 1 non submit LAB 7 write-up not corrected –Missing two Assignment.
Objectives Overview Discovering Computers 2014: Chapter 6 See Page 248
SAMEER NETAM RAHUL GUPTA PAWAN KUMAR SINGH ONKAR BAGHEL OM PANKAJ EKKA Submitted By:
MOBILE PHONE ARCHITECTURE & TECHNOLOGY. HISTORY  The idea of the first cellular network was brainstormed in 1947  Disadvantages  All the analogue system.
Mobile Device Forensics Rick Ayers. Disclaimer  Certain commercial entities, equipment, or materials may be identified in this presentation in order.
Computer and Internet Basics.
A+ Certification Guide Chapter 10 Mobile Devices.
Unit 3: Hardware Components & Software Concepts
COMPONENTS OF THE SYSTEM UNIT
CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.
INTRODUCTION TO MOBILE COMPUTING. MOBILE COMPUTING  Mobile computing is the act of interacting with a computer through the use of a mobile device. 
1 Copyright © 2010 Pearson Education, Inc. Publishing as Prentice Hall.
Microsoft Office 2010 Introduction to Computers and How to Purchase Computers and Mobile Devices.
Grover Kearns, PhD, CPA, CFE Class Videos 2 How works Spoofing
Chapter 6 Inside Computers and Mobile Devices Discovering Computers Technology in a World of Computers, Mobile Devices, and the Internet.
Your Interactive Guide to the Digital World Discovering Computers 2012.
INFORMATION TECHNOLOGY Personal Electronic Devices Information Technology College of Public and Community Service University of Massachusetts at Boston.
A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 20 Notebooks, Tablet PCs, and PDAs.
INTRODUCTION TO COMPUTING
COMMUNICATION SYSTEM (2) CT1401 LECTURE-9 : MOBILE PHONE BY : AFNAN ALAYYASH SUPERVISION : DR.OUIEM BCHIR.
Intro to Digital Technology HARDWARE CONCEPTS. IT-IDT-4 Identify, describe, evaluate, select, and use appropriate technology. IT-IDT-5 Understand, communicate,
Living in a Digital World Discovering Computers Fundamentals, 2010 Edition.
Technology in Action Alan Evans Kendall Martin Mary Anne Poatsy Twelfth Edition.
Discovering Computers 2012: Chapter 4
1 of6 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
Move Pictures From Your Mobile Phone to Your PC.  You never know when a photo opportunity is going to arise, which is why having a camera phone can be.
Objectives Overview Describe the various computer and mobile device cases and the contents they protect Describe multi-core processors, the components.
Digital Technologies in the Classroom Chapter 4 Teaching and Learning with Technology.
Chapter 1 1.  The computer system consists of: 1. Hardware: Physical Components, like the system unit,monitor,keyboard, mouse, camera, printer … etc.
Your Interactive Guide to the Digital World Discovering Computers 2012 Lecture -1.
Eng.Abed Al Ghani H. Abu Jabal Introduction to computers.
Guide to Computer Forensics and Investigations Third Edition Chapter 13 Cell Phone and Mobile Devices Forensics.
SKILL AREA: 1.2 MAIN ELEMENTS OF A PERSONAL COMPUTER.
Cellular Communication SNSCE - CS2402 Mobile Pervasive Computing.
Wireless Telecommunications Networks personal area network (PAN) A wireless telecommunications network for device-to-device connections within a very short.
Chapter 6 Digital Technologies in the Classroom Teaching and Learning with Technology.
Computer Hardware – System Unit
PDA Forensics Presented by: Yusra Shams. Agenda Purpose Challenges Generic structure of PDA Common Operating Systems Where to look for data Tools available.
Presented by: Gurpreet Singh Assistant Professor Department of School of Computing and Engineering Galgotias University Cellular Communication.
1 UNIT 19 Data Security 2. Introduction 2 AGENDA Hardware and Software protect ion Network protect ion Some authentication technologies :smart card Storage.
Digital Literacy: Computer Basics
Guide to Computer Forensics and Investigations Fifth Edition
Identify internal hardware devices (e. g
Mobile Phone Forensics Michael Jones. Overview Mobile phones in crime The mobile phone system Components of a mobile phone The challenge of forensics.
Sniffer for Detecting Lost Mobiles
PCs ENVIRONMENT and PERIPHERALS Lecture 4. An expansion cards: - An expansion card (expansion board) is an electronic circuit board that adds more functionality.
PCs ENVIRONMENT and PERIPHERALS Lecture 3. operating system and other system software that control the usage of the computer equipment application programs.
Digital Forensics and Hand Held Devices Robert Trimble COSC
COMPUTER SCIENCE AND THE FOUNDATION OF KNOWLEDGE NURSING INFORMATICS CHAPTER 5 1.
10. Mobile Device Forensics Part 2. Topics Collecting and Handling Cell Phones as Evidence Cell Phone Forensic Tools GPS (Global Positioning System)
TECHNOLOGY IN ACTION. Chapter 8 Digital Devices and Media: Managing a Digital Lifestyle.
Guide to Computer Forensics and Investigations Fifth Edition
Computer Hardware – System Unit
Guide to Computer Forensics and Investigations Fourth Edition
Discovering Computers 2011: Living in a Digital World Chapter 4
Technology Literacy Hardware.
UNIT 19 Data Security 2.
MOBILE COMPUTING Jitendra Patel ROLL NO :- 38 TY MSC(CA & IT)
Hardware Components & Software Concepts
Chapter 4: Hardware for Educators
Guide to Computer Forensics and Investigations Fourth Edition
Presentation transcript:

Guide to Computer Forensics and Investigations Fifth Edition Chapter 12 Mobile Device Forensics All slides copyright Cengage Learning with additional info from G.M. Santoro

Understanding Mobile Device Forensics People store a wealth of information on cell phones People don’t think about securing their phones Items stored on cell phones: Incoming, outgoing, and missed calls Multimedia Message Service (MMS; text messages) and Short Message Service (SMS) messages E-mail accounts Instant-messaging (IM) logs Web pages Pictures, video, and music files Guide to Computer Forensics and Investigations, Fifth Edition

Understanding Mobile Device Forensics Items stored on cell phones: (cont’d) Calendars and address books Social media account information GPS data Voice recordings and voicemail A search warrant is needed to examine mobile devices because they can contain so much information However a mobile device may be seized, and a search warrant obtained before examination. Guide to Computer Forensics and Investigations, Fifth Edition

Understanding Mobile Device Forensics Investigating cell phones and mobile devices is one of the more challenging tasks in digital forensics No single standard exists for how and where phones store messages New phones come out about every six months and they are rarely compatible with previous models Guide to Computer Forensics and Investigations, Fifth Edition

Mobile Phone Basics Mobile phone technology has advanced rapidly By the end of 2008, mobile phones had gone through three generations: Analog Digital personal communications service (PCS) Third-generation (3G) Fourth-generation (4G) was introduced in 2009 Several digital networks are used in the mobile phone industry Guide to Computer Forensics and Investigations, Fifth Edition

Mobile Phone Basics Most Code Division Multiple Access (CDMA) networks conform to IS-95 These systems are referred to as CDMAOne When they went to 3G services, they became CDMA2000 Global System for Mobile Communications (GSM) uses the Time Division Multiple Access (TDMA) technique Multiple phones take turns sharing a channel Guide to Computer Forensics and Investigations, Fifth Edition

Mobile Phone Basics The 3G standard was developed by the International Telecommunications Union (ITU) under the United Nations It is compatible with CDMA, GSM, and TDMA The Enhanced Data GSM Environment (EDGE) standard was developed specifically for 3G Guide to Computer Forensics and Investigations, Fifth Edition

Mobile Phone Basics 4G networks can use the following technologies: Orthogonal Frequency Division Multiplexing (OFDM) Mobile WiMAX Ultra Mobile Broadband (UMB) Multiple Input Multiple Output (MIMO) Long Term Evolution (LTE) Guide to Computer Forensics and Investigations, Fifth Edition

Mobile Phone Basics Main components used for communication: Base transceiver station (BTS) Base station controller (BSC) Mobile switching center (MSC) Guide to Computer Forensics and Investigations, Fifth Edition

Inside Mobile Devices Mobile devices can range from simple phones to small computers Also called smart phones Hardware components Microprocessor, ROM, RAM, a digital signal processor, a radio module, a microphone and speaker, hardware interfaces, and an LCD display Most basic phones have a proprietary OS Although smart phones use the same OSs as PCs Guide to Computer Forensics and Investigations, Fifth Edition

Inside Mobile Devices Phones store system data in electronically erasable programmable read-only memory (EEPROM) Enables service providers to reprogram phones without having to physically access memory chips OS is stored in ROM Nonvolatile memory Available even if the phone loses power Guide to Computer Forensics and Investigations, Fifth Edition

Inside Mobile Devices Personal digital assistants (PDAs) have been mostly replaced by iPods, iPads, and other mobile devices Their use has shifted to more specific markets Such as medical or industrial PDAs Peripheral memory cards used with PDAs: Compact Flash (CF) MultiMediaCard (MMC) Secure Digital (SD) Guide to Computer Forensics and Investigations, Fifth Edition

Inside Mobile Devices Subscriber identity module (SIM) cards Found most commonly in GSM devices Consist of a microprocessor and internal memory GSM refers to mobile phones as “mobile stations” and divides a station into two parts: The SIM card and the mobile equipment (ME) SIM cards come in two sizes Portability of information makes SIM cards versatile Guide to Computer Forensics and Investigations, Fifth Edition

Inside Mobile Devices Subscriber identity module (SIM) cards (cont’d) The SIM card is necessary for the ME to work and serves these additional purposes: Identifies the subscriber to the network Stores service-related information Can be used to back up the device Guide to Computer Forensics and Investigations, Fifth Edition

Understanding Acquisition Procedures for Cell Phones and Mobile Devices The main concerns with mobile devices are loss of power, synchronization with cloud services, and remote wiping All mobile devices have volatile memory Making sure they don’t lose power before you can retrieve RAM data is critical Mobile device attached to a PC via a USB cable should be disconnected from the PC immediately Helps prevent synchronization that might occur automatically and overwrite data Guide to Computer Forensics and Investigations, Fifth Edition

Understanding Acquisition Procedures for Cell Phones and Mobile Devices Depending on the warrant or subpoena, the time of seizure might be relevant Messages might be received on the mobile device after seizure Isolate the device from incoming signals with one of the following options: Place the device in airplane mode Place the device in a paint can Use the Paraben Wireless StrongHold Bag Turn the device off Guide to Computer Forensics and Investigations, Fifth Edition

Understanding Acquisition Procedures for Cell Phones and Mobile Devices The drawback of using these isolating options is that the mobile device is put into roaming mode Accelerates battery drainage SANS DFIR Forensics recommends: If device is on and unlocked - isolate it from the network, disable the screen lock, remove passcode If device is on and locked - what you can do varies depending on the type of device If device is off - attempt a physical static acquisition and turn the device on Guide to Computer Forensics and Investigations, Fifth Edition

Understanding Acquisition Procedures for Cell Phones and Mobile Devices Check these areas in the forensics lab : Internal memory SIM card Removable or external memory cards Network provider Checking network provider requires a search warrant or subpoena A new complication has surfaced because backups might be stored in a cloud provided by the carrier or third party Guide to Computer Forensics and Investigations, Fifth Edition

Understanding Acquisition Procedures for Cell Phones and Mobile Devices Due to the growing problem of mobile devices being stolen, service providers have started using remote wiping to remove a user’s personal information stored on a stolen device Memory storage on a mobile device is usually a combination of volatile and nonvolatile memory The file system for a SIM card is a hierarchical structure Guide to Computer Forensics and Investigations, Fifth Edition

Understanding Acquisition Procedures for Cell Phones and Mobile Devices Information that can be retrieved falls into four categories: Service-related data, such as identifiers for the SIM card and the subscriber Call data, such as numbers dialed Message information Location information If power has been lost, PINs or other access codes might be required to view files Guide to Computer Forensics and Investigations, Fifth Edition

Mobile Forensics Equipment Mobile forensics is an evolving science Biggest challenge is dealing with constantly changing phone models Procedures for working with mobile forensics software: Identify the mobile device Make sure you have installed the mobile device forensics software Attach the phone to power and connect cables Start the forensics software and download information Guide to Computer Forensics and Investigations, Fifth Edition

Mobile Forensics Equipment SIM card readers A combination hardware/software device used to access the SIM card You need to be in a forensics lab equipped with appropriate antistatic devices General procedure is as follows: Remove the back panel of the device Remove the battery Remove the SIM card from holder Insert the SIM card into the card reader Guide to Computer Forensics and Investigations, Fifth Edition

Mobile Forensics Equipment SIM card readers (cont’d) A variety of SIM card readers are available Some are forensically sound and some are not Documenting messages that haven’t been read yet is critical Use a tool that takes pictures of each screen Mobile forensics tools AccessData FTK Imager MacLockPick 3.0 Guide to Computer Forensics and Investigations, Fifth Edition

Mobile Forensics Equipment NIST guidelines list six types of mobile forensics methods: Manual extraction Logical extraction Hex dumping and Joint Test Action Group (JTAG) extraction Chip-off Micro read Guide to Computer Forensics and Investigations, Fifth Edition

Mobile Forensics Equipment Roughly half of Facebook users access their accounts via mobile devices Following standard procedures, doing a logical acquisition followed by a physical acquisition, can yield solid evidence Guide to Computer Forensics and Investigations, Fifth Edition

Mobile Forensics Tools in Action Many mobile forensics tools are available Most aren’t free Methods and techniques for acquiring evidence will change as market continues to expand and mature Subscribe to user groups and professional organizations to stay abreast of what’s happening in the industry Guide to Computer Forensics and Investigations, Fifth Edition

Mobile Forensics Tools in Action New Technologies and Challenges Type 2 hypervisors for mobile devices are under development and will add another level of complexity to forensics investigations The number of devices that connect to the Internet is higher than the amount of people That number is expected to grow even larger as more devices are being developed to attach to the Internet Wearable computers will pose many new challenges for investigators Guide to Computer Forensics and Investigations, Fifth Edition

This concludes the lecture for Topic 12

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.