Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mobile Forensics Presented by Dr. Amelia Phillips

Published byGodwin Rodgers Modified over 6 years ago

Similar presentations

Presentation on theme: "Mobile Forensics Presented by Dr. Amelia Phillips"— Presentation transcript:

1 Mobile Forensics Presented by Dr. Amelia Phillips
All slides for CIS 360 Mobile Forensics were created by Steve Simpson, CCE

2 Tools available •viaExtract Kali Linux
• Suggest using it bare metal and not in VM •Conflicts with via Extract when used with Windows-based VM •Great video series of NowSecure webinars Kali Linux adb - Android Debug Bridge SPF – Smartphone Pentest Framework

3 Mobile Device Growth Mobile subscribers projected to reach 8.5 billion by end of 2016

4 Mobile Forensics - Overview
Branch of Digital Forensics Recovery of digital evidence from mobile devices Smartphones, tablets, GPS, wearables Includes IOT including vehicles, appliances, utilities, etc. Forensically sound Processes Tools Mobile Forensic processes Seizure, acquisition and examination/analysis

5 Factors that make Mobile Forensics Challenging
Hardware differences multiple players, multiple markets, multiple features Mobile OS starting to standardize, but still mixture and varied Security Features built-in & 3rd party, locking, encryption, remote wipe Lack of Resources HW, equipment, people

6 Factors that make it Challenging (cont’d)
Generic state of the device Running background tasks Sudden transition between states may alter data Anti Forensics Techniques Data hiding, data obfuscation, secure wipe Dynamic Nature of the Evidence Easily altered intentionally or unintentionally Accidental Reset Accidental reset during examination may alter much or all data

7 Factors that make it Challenging (part 3)
Device Alteration Jailbreaking, rooting, moving file, changing files, etc. Passcode Recovery Knowing or getting around passcode required for evidence extraction Communication Shielding Cellular, WiFi, Bluetooth, Infrared communication may alter evidence Discontinue communications after seizure Lack of Tools Variety of devices requires a variety of tools Choosing the right tool maybe difficult Capability Expense

8 Challenges (Part 4) Malicious Programs Legal Issues
Device may contain malware that will try to spread Protect tools and other devices during extraction and examination Legal Issues Mobile devices can easily cross geographical and legal boundaries Multijurisdictional challenges

9 Evidence Extraction No “Standardized” Process
Process may differ dependent on manufacturer, service provider, OS, features

10 Evidence Extraction (Part 2)
Intake Document ownership, define investigation scope, outline data types, clarify exam goals Identification Legal Authority – document acquisition and examination legal authority and limitations Examination goals – define goals, tool selection, depth of examination Device identification – make, model, etc.; aids in tool selection Removable and external data storage – Trans Flash/Micro SD memory expansion card, sync files on other devices, etc. Other potential sources – bio evidence (finger prints, DNA). Examiners should wear gloves until bio evidence is taken

11 Evidence Extraction (part 3)
Preparation Research regarding specific phone characteristics; OS, patches, mods, etc. Isolation Faraday bag/chamber, place for in Airplane mode (shuts off device radios)

12 Evidence Extraction – Part 4
Processing Physical acquisition is preferred, but may not be possible or needed. Accepted forensic methodologies is a must Verification - authenticating the accuracy of the data Confirm extracted data with device – direct comparison, logical report comparison Compare results of multiple tools Hash value comparisons

13 Evidence Extraction – Part 5
Document and Report Peer-review required to ensure data is checked , methodology valid, investigation is complete Notes and examination report could contain any or all of the following: Examination start date and time Physical condition of device; photos and description Device status upon receipt; on, off, locked, etc. Acquisition/Extraction tools Examination tools Evidence found during examination Notes from peer-review

14 Evidence Extraction – Part 6
Presentation Documentation must be clear, concise and repeatable Summaries in laymen terms, Detail/Appendixes can be technical Ready for presentation as evidence in court Archiving Keep records for future reference Include extraction files, hard/soft copies of reports, physical devices, etc.

15 Mobile OS Overview Google Android Apple iOS Microsoft Windows Phone
Linux based, Open source Majority market share Apple iOS Evolving into OS for all Apple mobile devices Proprietary Apps controlled and distributed via Apple Store Microsoft Windows Phone Developed for smartphones and Pocket PC Similar to Windows desktop OS but optimized for mobile Research In Motion (RIM) BlackBerry OS Proprietary, exclusive for BlackBerry line of smartphones and mobile devices Corporate use over consumer Known for security

16 Mobile Tool Leveling Manual Logical Scroll through data, view, record
Tedious, error prone Works on most devices Logical Fast, easy to perform, cookie cutter methodology (little training required) Usually writes data to device Deleted data not accessible

17 Mobile Tool Leveling – Part 2
Hex Dump – also called Physical Pushes unsigned code or bootloader onto phone Memory dump is in binary format Retrieves deleted data Chip Off – book’s terminology Reads data directly from memory chip Joint Test Action Group (JTAG) Micro Read – book’s terminology Electron microscope to read gates status No commercial tools at this time

18 Data Acquisition Methods
Physical – best method Acquires data by direct access to flash memory Bit-by-bit copy of flash device All data including deleted, but not overwritten Logical – second best Uses device APIs May only acquire some of data Will not get unallocated data Manual – last resort before physically altering device Scroll through device pages Take photos

19 Data Acquisition Methods

20 Potential Evidence found on Mobile devices
Address Book Call History SMS, MMS, EMS data and logs Web browser history Photos, Videos Music, audio Documents Calendar Network Communications, GPS Maps Social networking Deleted data

21 Rules of Evidence Mobile devices play some part on most, if not all electronic crimes Follow all acceptable legal processes when dealing with mobile devices 5 general rules apply to all digital forensic cases including mobile forensics cases: 1. Admissible Must follow Rules of Evidence for appropriate jurisdiction International, Federal, State, Local 2. Authentic Valid and important 3. Complete Should reflect the whole story, or play a part in whole story reflection 4. Reliable Acceptable use of tools and methodologies 5. Believable Examiner must be able to explain evidence, methodologies, tools, etc.

22 Rules of Evidence per (ISC)2
Sufficient Persuasive enough to convince one of the validity of the findings Reliable Consistent with fact Relevant Relationship to the findings must be reasonable and sensible Permissible Legally connected

Download ppt "Mobile Forensics Presented by Dr. Amelia Phillips"

Similar presentations

Introduction to Computers Lecture By K. Ezirim. What is a Computer? An electronic device –Desktops, Notebooks, Mobile Devices, Calculators etc. Require.

Introduction to Computers Lecture By K. Ezirim. What is a Computer? An electronic device –Desktops, Notebooks, Mobile Devices, Calculators etc. Require.
OC RIMS Cyber Safety & Security Incident Response.

OC RIMS Cyber Safety & Security Incident Response.
Objectives Overview Define an operating system

Objectives Overview Define an operating system
Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.

Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.
BACS 371 Computer Forensics

BACS 371 Computer Forensics
Chung Man Ho Willims Chow Man Kei Gary Kwok Pak Wai Lion.

Chung Man Ho Willims Chow Man Kei Gary Kwok Pak Wai Lion.
Student Name: Group.  Developed by Microsoft  Alliance with Nokia in 2011  4 main functions:  Outlook Mobile  Windows Media Player for Windows Mobile.

Student Name: Group.  Developed by Microsoft  Alliance with Nokia in 2011  4 main functions:  Outlook Mobile  Windows Media Player for Windows Mobile.
Mobile Device Forensics Rick Ayers. Disclaimer  Certain commercial entities, equipment, or materials may be identified in this presentation in order.

Mobile Device Forensics Rick Ayers. Disclaimer  Certain commercial entities, equipment, or materials may be identified in this presentation in order.
OPERATING SYSTEMS AND SYSTEMS SOFTWARE. SYSTEMS SOFTWARE Systems software consists of the programs that control the operations of the computer and its.

OPERATING SYSTEMS AND SYSTEMS SOFTWARE. SYSTEMS SOFTWARE Systems software consists of the programs that control the operations of the computer and its.
Smartphones. Lesson Objectives To understand and demonstrate an understanding of Smartphones.

Smartphones. Lesson Objectives To understand and demonstrate an understanding of Smartphones.
COEN 252 Computer Forensics

COEN 252 Computer Forensics
Operating Systems Chapter 4.

Operating Systems Chapter 4.
Presentation By Deepak Katta

Presentation By Deepak Katta
CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.

CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.
By Alessandro Disfano, Gianluigi Me, Francesco Pace 11/08/2013 Fri. Daun Jeong.

By Alessandro Disfano, Gianluigi Me, Francesco Pace 11/08/2013 Fri. Daun Jeong.
Damien Leake. Definition To examine digital media to identify and analyze information so that it can be used as evidence in court cases Involves many.

Damien Leake. Definition To examine digital media to identify and analyze information so that it can be used as evidence in court cases Involves many.
Computer and Information Sciences

Computer and Information Sciences
TEMPLATE DESIGN © 2008 www.PosterPresentations.com Android Data Confidentiality Alex Mayer University of Houston Abstract Employees are increasingly relying.

TEMPLATE DESIGN © Android Data Confidentiality Alex Mayer University of Houston Abstract Employees are increasingly relying.
Explain the purpose of an operating system

Explain the purpose of an operating system
 Saundra Speed  Mariela Esparza  Kevin Escalante.

 Saundra Speed  Mariela Esparza  Kevin Escalante.

Similar presentations

Ads by Google