10. Mobile Device Forensics Part 2. Topics Collecting and Handling Cell Phones as Evidence Cell Phone Forensic Tools GPS (Global Positioning System)

Slides:



Advertisements
Similar presentations
Introduction to Computers Lecture By K. Ezirim. What is a Computer? An electronic device –Desktops, Notebooks, Mobile Devices, Calculators etc. Require.
Advertisements

Guide to Computer Forensics and Investigations Fourth Edition
Guide to Computer Forensics and Investigations Fourth Edition Chapter 13 Cell Phone and Mobile Devices Forensics.
1 Alcatel Onetouch Antivirus. 2 Thinking about security on your smartphone Alcatel OneTouch? We have the solution. Among the applications on your smartphone,
HOW WELL DO YOU KNOW THE BASICS OF USING YOUR COMPUTER?
Chapter 20 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Forensic Examination of Mobile Devices (online only)
COS 413 Day 21. Agenda Assignment 6 is Due Lab 6 Corrected –1 A, 4 B’s, 1 C, 2 D’s and 1 non submit LAB 7 write-up not corrected –Missing two Assignment.
GPS. Meet the Bad Elf GPS Pro The Bad Elf GPS Pro offers the first Apple approved GPS with an informative user interface.
Capturing Computer Evidence Extracting Information.
Alternative Input Devices. Digital Camcorder View recordings on a regular TV or copy them to VHS tape Send MPEG video clips by way of to a mobile.
G OO GLE GLASS For more notes and topics visit: eITnotes.com.
CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.
Guide to Computer Forensics and Investigations Fifth Edition
Grover Kearns, PhD, CPA, CFE Class Videos 2 How works Spoofing
Damien Leake. Definition To examine digital media to identify and analyze information so that it can be used as evidence in court cases Involves many.
Module Designing Computer-based Information Systems
Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent.
Phones and fieldTask. Session Objective Be familiar with: – selecting smart phones for a survey, – configuring them – and using them – fieldTask (c) Smap.
1 of6 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
Computer and Information Science Ch1.3 Computer Networking Ch1.3 Computer Networking Chapter 1.
Guide to Computer Forensics and Investigations Third Edition Chapter 13 Cell Phone and Mobile Devices Forensics.
Chapter 2 Hardware. Learning Objectives Upon successful completion of this chapter, you will be able to: describe information systems hardware; identify.
Lesson 3 Data Storage. Objectives Define data storage Identify the difference between short-term and long-term data storage Understand cloud storage and.
Chapter 5 Processing Crime and Incident Scenes Guide to Computer Forensics and Investigations Fourth Edition.
Thomas Schwarz, S.J. SCU Comp. Eng COEN 252 Collection of Evidence.
SMARTPHONE FORENSICS 101 General Overview of Smartphone Investigations.
Hardware/Software Basics Test
Computer Forensics Presented By:  Anam Sattar  Anum Ijaz  Tayyaba Shaffqat  Daniyal Qadeer Butt  Usman Rashid.
Computer Hardware – System Unit
Chapter 8: Installing Linux The Complete Guide To Linux System Administration.
Guide to Computer Forensics and Investigations Fifth Edition
SOFTWARE. Software… Instructions that are stored electronically that tell the computer what to do.
Hardware/Software Basics Test Get out your DIY Test Review.
Electronic Evidence Seizure
Mobile Phone Forensics Michael Jones. Overview Mobile phones in crime The mobile phone system Components of a mobile phone The challenge of forensics.
Sniffer for Detecting Lost Mobiles
Mobile Device Security Management Leyna Belinsky.
Intro to Digital Technology Review for Final Introduction to Digital Technology Finals Seniors Monday, 5/16 – 2 nd Tuesday 5/17 – 1 st,3 rd Underclassmen.
CHAP 6 – COMPUTER FORENSIC ANALYSIS. 2 Objectives Of Analysis Process During Investigation: The purpose of this process is to discover and recover evidences.
Guide to Computer Forensics and Investigations Fifth Edition
Voice Controlled Robot by Cell Phone with Android App
Use of CAPI for agricultural surveys
Digital Fingerprints and Footprints - Privacy in the Digital Age
Section II Terms Emily Stepp.
Computer Hardware – System Unit
HOW WELL DO YOU KNOW THE BASICS OF USING YOUR COMPUTER?
Guide to Computer Forensics and Investigations Fourth Edition
Technology Literacy Hardware.
ANALYSIS OF CELL PHONES
Advanced Techniques in Forensic Examination of Smartphones
Computer Basics Section 2.1 YOU WILL LEARN TO… Identify hardware
Ch 8- Digital devices and media: managing a digital lifestyle
Swipe 3G Mobile with Gorilla Glass Experience the Difference!
Personal Computers and Applications
Ian Ramsey C of E School GCSE ICT On the move Keeping in touch.
CHFI & Digital Forensics [Part.1] - Basics & FTK Imager
Chapter 1 – Introduction to Computers
Lesson 3 Data Storage.
Product Overview.
Cell Phone Analysis.
COMP1321 Digital Infrastructures
Mobile Phone Technology
A451: Computer Systems and Programming
Introduction To Computing BBA & MBA
Chapter 4: Hardware for Educators
Digital Forensics Andrew Schierberg, Fort Mitchell Police, Schierberg LAw Jay Downs, Kenton County Police.
Guide to Computer Forensics and Investigations Fourth Edition
By Anwar Campbell.
Product Overview.
Chapter 1: Introduction to Computers and Programming
Presentation transcript:

10. Mobile Device Forensics Part 2

Topics Collecting and Handling Cell Phones as Evidence Cell Phone Forensic Tools GPS (Global Positioning System)

Collecting and Handling Cell Phones as Evidence

Isolate the Phone Use a Faraday bag or a paint can to block radio signals to the phone This prevents o Remote wiping o inbound s, texts, and calls, which could overwrite evidence If phone is on, leave it on o Turning off the ohone will preserve the battery charge, but it might require a PIN when it’s turned back on o A dead battery might trigger the security function, locking up the phone

If Phone is Off Leave it off Remove the battery and SIM card Photograph the phone, front and back Record identifying numbers under the battery o IMEI/ESN/MEID Isolate the phone from the network, just like a powered-on phone

Imaging the Phone Best procedure Identify make & model of phone Create a forensic image Examine the image

Manual Examination If there’s no alternative, you can examine the live phone by hand Take good notes Explain why this was necessary o Hostage situation or to prevent a violent act Navigate through the phone, taking photographs

Voic You will need the password-reset code from the carrier Or, carrier may provide you with the data itself

Other Items Look for o Additional handsets o SIM cards o Power and data cables A phone in isolation drains its battery rapidly, seeking a signal

SIM (Subscriber Identity Module) Numbers on SIM card IMSI (International Mobile Subscriber Identity) o Identifies the subscriber’s account information ICC-ID (Integrated Circuit Card Identifier) o Serial number of the SIM card itself

Evidence on SIM Card Subscriber identification (IMSI) Service provider Card identity (ICC-ID) Language preferences Phone location when powered off User stored phone numbers Numbers dialed by the user SMS text messages (potentially) Deleted SMS text messages (potentially) o Only a small number of SMS messages are usually stored on the SIM card (link Ch 12e)

SIM Components CPU RAM Flash memory Crypto-chip

Cell Phone Acquisition Physical and Logical Physical o Bit-for-bit copy o Includes latent data Logical o Only files and folders, no deleted data Can be performed with nonforensic tools like backup utilities No write blocker is used

Cell Phone Forensic Tools

Limitations of Tools A tool can’t support all phones Two tools may not recover the same information from the same phone Multiple tools will be required

BitPim Free, open- source software Allows you to view and manipulate data from CDMA phones from Samsung and other manufacturers Link Ch 10p

Oxygen Forensic Suite Supports more than 6500 devices $2500 Claims to extract more data than other tools Link Ch 10q

Paraben Hardware and software products for mobile device forensics Link Ch 10r

AccessData MPE+ Supports 6800 devices May be a free version Link Ch 10s

Cellebrite UFED Hardware device that extracts data from mobile devices They also make devices top copy data from one phone to another in phone stores Link Ch 10u

EnCase Forensic v7 Includes smartphone acquisition Automatically detects device type—just plug it in Link Ch 10t

GPS (Global Positioning System)

Evidence on GPSs Physical location log Some have o Mobile phone logs o SMS messages o Images Remembered places and routes o Waypoints o Tracks o Routes Link Ch 10u

Four Categories of GPS Simple o Can store trackpoints & logs Smart o Automotive or USB storage devices o 2 GB or more storage o Can play MP3s, store photos, & favorite places

Four Categories of GPS Hybrid o Feature-rich. Ike a smartphone o Bluetooth connection to phone o May have SMS messages, call logs, address book Connected o GSM radio; real-time Internet o Google searches, traffic information o Subscription-based service o Information available from provider

Data on GPS Devices System data o Trackpoints are automatically generated and can’t be altered by the user o The track log records where the unit has been User data o Waypoints are locations the user saved o The user may not have gone there o Points Of Interest are supplied by GPS manufacturer

GPS Handling Like cell phones May have volatile data Are constantly interacting with satellites