Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mobile forensic analysis for smartphones (C) Oxygen Software, 2000-2008 ISS World Europe 2008.

Published byEustace Austin Modified over 9 years ago

Similar presentations

Presentation on theme: "Mobile forensic analysis for smartphones (C) Oxygen Software, 2000-2008 ISS World Europe 2008."— Presentation transcript:

1 Mobile forensic analysis for smartphones (C) Oxygen Software, 2000-2008 http://www.oxygen-forensic.com ISS World Europe 2008

2 (C) Oxygen Software, 2000-2008 http://www.oxygen-forensic.com Purposes of phone forensics  Extracting complete and unaltered information from cell phones, smartphones, PDA etc.  Analyzing extracted information and finding evidences.  Preparing forensic reports that can be presented in a court.  Proving data authenticity.

3 Smartphones market growth (C) Oxygen Software, 2000-2008 http://www.oxygen-forensic.com Source: Canalys estimates, © canalys.com ltd, 2008

4 Nokia 5110 Nowadays PhonebookSpeed dialsCalls historySMS messages Monophonic melodies General phone information Phonebook Calendar Tasks Notes Caller groups Speed dials Event log Profiles Gallery files Java applications and games Multiple contact fields of the same type Personal settings for contacts Messages Message folders General phone information LifeBlog GPS (C) Oxygen Software, 2000-2008 http://www.oxygen-forensic.com 8 years ago Modern smartphone Cell phones evolution

5 2008 (C) Oxygen Software, 2000-2008 http://www.oxygen-forensic.com 2000 Communication protocols evolution AT+ Contacts (simple), calls, SMS, files*, settings* Very slow Depends on implementation Developed for synchronization Nokia FBUS Almost all information Undocumented Not for smartphones Depends on implementation Developed for synchronization OBEX Contacts, calendar, files Depends on implementation Developed for files and objects exchange SyncML Contacts, organizer, settings, messages* Developed for synchronization

6 The striking discrepancy between data extracted by standard logical forensic tools and protocols and data which is stored in the devices and can be used for forensic investigations is quite obvious. (C) Oxygen Software, 2000-2008 http://www.oxygen-forensic.com Phonebook Calendar Tasks Notes Caller groups Speed dials Event log Profiles Gallery files Java applications and games Multiple contact fields of the same type Personal settings for contacts Messages Custom message folders Standard message folders General phone information LifeBlog activity Deleted messages information Full memory dump Smartphones and standard protocols

7 There are 3 ways to get forensic information from smartphones: logical analysis, physical analysis and using a special agent application working inside smartphone OS (C) Oxygen Software, 2000-2008 http://www.oxygen-forensic.com How to extract information? Physical analysis All information can be extracted Hard to perform Very hard to analyze Expensive software, special hardware needed Analysis using Agent application Most of the information can be extracted Easy to perform Easy to analyze Affordable software, no special hardware needed Logical analysis Very few information can be extracted Easy to perform Easy to analyze Affordable software, no special hardware needed

8 We at Oxygen Software use an agent application approach. The Agent works inside a smartphone, has access to all device API’s and implements custom communication protocol to extract almost all forensic information needed (C) Oxygen Software, 2000-2008 http://www.oxygen-forensic.com Phonebook Calendar Tasks Notes Caller groups Speed dials Event log Profiles Gallery files Java applications and games Multiple contact fields of the same type Personal settings for contacts Messages Custom message folders Standard message folders General phone information LifeBlog activity Deleted messages information Full memory dump Agent application usage

9 (C) Oxygen Software, 2000-2008 http://www.oxygen-forensic.com Data authenticity and other concerns Does putting agent into smartphone change its information? No. Smartphones have different memory areas for data and applications. Are there another way to extract full information from smartphones? Yes, with restrictions – physical analysis. What information can be extracted by agent application? All the information available for native OS applications. What information cannot be extracted by agent application? Memory dumps and protected system files – usually this information scarcely useful for forensic analysis. What are the main advantages of using agent application approach? Extracting complete information and presenting it in a structured and easy to analyze way. All this – using standard cables/adapters and with affordable price. Is agent application able to read deleted information? If this information is stored by operating system – yes. For example, Oxygen Forensic Suite reads information about SMS messages recently deleted from phone memory.

10 Oxygen Software Feodosiyskaya st. 1, Moscow, 117216, Russia Phones: +1 (877) 9-OXYGEN (USA) +44 020 8133 8450 (UK) +7-495-222-9278 (Russia) www. oxygensoftware.com www. oxygen-forensic.com (C) Oxygen Software, 2000-2008 http://www.oxygen-forensic.com Interested in more details?

Download ppt "Mobile forensic analysis for smartphones (C) Oxygen Software, 2000-2008 ISS World Europe 2008."

Similar presentations

Operating-System Structures

Operating-System Structures
UNDERSTANDING YOUR DEVICE (GADGET). A new, often expensive, and relatively unknown hardware device or accessory that makes your life easier or more.

UNDERSTANDING YOUR DEVICE (GADGET). A new, often expensive, and relatively unknown hardware device or accessory that makes your life easier or more.
Presented By Krypto Security Software, LLC. What is BackStopp is a simple but effective tool to help an organization protect its mobile data in the event.

Presented By Krypto Security Software, LLC. What is BackStopp is a simple but effective tool to help an organization protect its mobile data in the event.
Mobile Computing Advantages and limitations of mobile computing

Mobile Computing Advantages and limitations of mobile computing
Uniworld Wire-less Wireless E-Mail at Your Fingertips.

Uniworld Wire-less Wireless at Your Fingertips.
The next generation in digital forensics Mobile Phones A New Frontier in Digital Forensics BK Forensics.

The next generation in digital forensics Mobile Phones A New Frontier in Digital Forensics BK Forensics.
By : Versha Thakur Shravani Aishwarya

By : Versha Thakur Shravani Aishwarya
(C) Oxygen Software, 2000-2008 Oxygen Forensic Suite – Premium Mobile Examination Extracting.

(C) Oxygen Software, Oxygen Forensic Suite – Premium Mobile Examination Extracting.
Advanced Techniques in Forensic Examination of Smartphones (C) Oxygen Software, 2000-2010 2010.

Advanced Techniques in Forensic Examination of Smartphones (C) Oxygen Software,
New in Oxygen Forensic Suite 2011 (C) Oxygen Software, 2000-2011 2011.

New in Oxygen Forensic Suite 2011 (C) Oxygen Software,
Computer Forensic Tools. Computer Forensics: A Brief Overview Scientific process of preserving, identifying, extracting, documenting, and interpreting.

Computer Forensic Tools. Computer Forensics: A Brief Overview Scientific process of preserving, identifying, extracting, documenting, and interpreting.
Page 1 of 29 Net-Scale Technologies, Inc. Network Based Personal Information and Messaging Services Urs Muller Beat Flepp

Page 1 of 29 Net-Scale Technologies, Inc. Network Based Personal Information and Messaging Services Urs Muller Beat Flepp
Hong-Kong, Mar-03-05 Mobile Data in Legal Proceedings and methods for Extraction, Analysis and Delivering Yuval Ben-Moshe Forensics Technical Director.

Hong-Kong, Mar Mobile Data in Legal Proceedings and methods for Extraction, Analysis and Delivering Yuval Ben-Moshe Forensics Technical Director.
Chan pak lim chau ho chit cheung tak ching yip pak ho g2

Chan pak lim chau ho chit cheung tak ching yip pak ho g2
Student Name: Group.  Developed by Microsoft  Alliance with Nokia in 2011  4 main functions:  Outlook Mobile  Windows Media Player for Windows Mobile.

Student Name: Group.  Developed by Microsoft  Alliance with Nokia in 2011  4 main functions:  Outlook Mobile  Windows Media Player for Windows Mobile.
File Management Systems

File Management Systems
5 th Nov 2003 Mobile Technical Internet Architecture Terminals and Terminal software Samuli Lahnamäki Martta Seppälä

5 th Nov 2003 Mobile Technical Internet Architecture Terminals and Terminal software Samuli Lahnamäki Martta Seppälä
SM3121 Software Technology Mark Green School of Creative Media.

SM3121 Software Technology Mark Green School of Creative Media.
Chapter 3 Software Two major types of software

Chapter 3 Software Two major types of software
Advanced Techniques in Forensic Examination of Smartphones 2012 (C) Oxygen Software, 2000-2012

Advanced Techniques in Forensic Examination of Smartphones 2012 (C) Oxygen Software,

Similar presentations

Ads by Google