Hong-Kong, Mar-03-05 Mobile Data in Legal Proceedings and methods for Extraction, Analysis and Delivering Yuval Ben-Moshe Forensics Technical Director.

Slides:



Advertisements
Similar presentations
Google Series Part 1: gmail Part 2: maps Part 3: talk Part 4: earth Part 5: books Part 6: picasa Part 7: sites Part x: ?
Advertisements

IPad Basic Training Everything you wanted to know but were afraid to ask a 2-year-old.
Presentation. Contemporary Communication Fast – connects us quickly without delays Reliable – works always Global – connects us with the whole world Low.
Getting to Know Your iPad. Overview Tip: the back camera is the best!
XProtect ® Professional Efficient solutions for mid-sized installations.
Getting Started. Intro Must Haves and Best Practices Demo Q&A Agenda.
Office 365 Presented by User Services of Library & Information Services.
Programming with touchdevelop touchdevelop introduction Disclaimer: This document is provided “as-is”. Information and views expressed in this document,
(C) Oxygen Software, Oxygen Forensic Suite – Premium Mobile Examination Extracting.
Advanced Techniques in Forensic Examination of Smartphones (C) Oxygen Software,
Ozeki Informatics Ltd. | | info.ozekiphone.com | Ozeki Informatics Ltd. | | +36.
What is the Internet? Internet: The Internet, in simplest terms, is the large group of millions of computers around the world that are all connected to.
Apple iPad Presentation By: Leigh Casal. Apple iPad Video.
IPhone 3.0 Presented By: Renee` Smith. Introduction iPhone OS 3.0 Most advanced mobile phone platform 100 New features Coming out this summer.
Droid by Motorola with Google. 2 Droid / Google Experience Gmail –Is not required to purchase Google experience devices, but should be activated to experience.
Advanced Techniques in Forensic Examination of Smartphones 2012 (C) Oxygen Software,
The PULSE: SAAS (Software as a Service) By Debjit Biswas, ,
MyIsagenix - Intro Class. Intro Class Agenda  MyIsagenix Overview  Getting Started  Page by Page Walkthrough  Q & A.
Towards Mobile Enhanced Digital Collections Tito Sierra and Markus Wust NCSU Libraries The Second International m-Libraries Conference June 24, 2009.
© 2012 Microsoft Corporation. All rights reserved. Amazing apps. Windows 8 comes with built-in apps for the things you do most to help get your favorite.
GXV3240 Android TM Video Phone Operating on the Android™ Operating System 4.2, the GXV3240 features a 4.3” touch screen, paired with video conferencing,
XProtect ® Enterprise. XProtect Enterprise is comprehensive IP video surveillance software with interactive monitoring capabilities The perfect match.
Company/Product Overview. You have lots of files all over the place.
© Aastra – 2013 BluStar for iPad / iPhone September 2013 BluStar for iPad/iPhone.
Settings Bluetooth> On- click on the Bluetooth device you would like to use and follow the on screen instructions. Do Not Disturb: On or Off (setting.
LRC320 SP12 Group 4 Presentation Project by: Frank Castro Jasmine Lee & German Lopez.
Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent.
Belkasoft Evidence Center Yuri Gubanov CEO, Belkasoft What the flagship Belkasoft product can do for you?
Presented by Berwick Academy ICT Technical Services
In addition to Word, Excel, PowerPoint, and Access, Microsoft Office® 2013 includes additional applications, including Outlook, OneNote, and Office Web.
What is the Internet? Internet: The Internet, in simplest terms, is the large group of millions of computers around the world that are all connected to.
Android Husam Abdel Rahman. Introduction Android Operating system is most popular operating system these days with the advance in voice communications.
 Computer News  Online Health Care records  Your Computer Problems  Website &  
Features of mobile apps. Introduction of mobile apps  FACEBOOK  Facebook is an online social networking service. Its name comes from a colloquialism.
Topic: MediaSMS Contact Backup File APPS About Speaker Name: Sorn Work: Buddhist Library Cambodia Project Org Web:
The Internet CSC September 30, History of the Internet Developed for secure military communications Evolved from Advanced Research Projects.
RM Monitor and RMAlerts Installation, Setup, and Requirements January 23, 2010 John Raffenbeul presented this live via an internet connection. These slides.
Once posted, other YouTube users can post comments about the video, post their YouTube video responses, or rate the video. Videos that are uploaded to.
Presented By: Manpreet Singh Randhawa CSc 253. Chat Forensics Traditional Chat Forensics Web-based Chat Forensics IM Comparison Skype Security Skype Communication.
 Forensics  Application of scientific knowledge to a problem  Computer Forensics  Application of the scientific method in reconstructing a sequence.
IPad Basics 101 Tuesday, October 1, 2013 Room 113W – 4pm Ms. Johnson, Instructional Coach.
 Computer News/Tip  IPAD  Disclaimer – Projector & Signal  Your Computer Problems.
© 2015 albert-learning.com Internet 101. © 2015 albert-learning.com Internet 101 Vocabulary  Browser - a program used to view the Internet.  Click -
Dextrosoft SCHEDULED PHONE BACKUP Backup your mobile life Version Copyright © 2015 Dextrosoft Private Limited. All Rights Reserved.
Mobile Device Collection More Than Just a Phone. More than just a phone… Cell phone Address book Planner & Organizer Messenger Photo & Video camera GPS.
HOW TO HACK SOMEONES CELL PHONE CAMERA. Today, mobile phone is one of the most recent things you carry with you everywhere all day dragon. It’s not just.
SARAH FRYE CEO Today, mobile phone is one of the most recent things you carry with you everywhere all day dragon. It’s not just for communication purpose.
IPad Basic Training Everything you wanted to know but were afraid to ask a 3-year-old.
Android. I. What’s Android Android is a mobile operating system (OS) based on the Linux kernel and currently developed by Google. Android is designed.
Mobile Device Data Population for Tool Testing Rick Ayers.
(OBIA) Training & Placement Program By Keen IT To request free demo session please mail us at
Telephone Call Interception System with GPS / IP based Monitoring with GPS / IP based Monitoring “TCIS”
How to Sync Android Phone to Computer (PC/Mac)? Are you a person that always has your Android phone in your hands? Nowadays, a cell phone is not just for.
IPhone to Galaxy Transfer
BEACONS HOW THEY WORK A GRAPHICAL DEMONSTRATION OF.
Office 2016 and Windows 10: Essential Concepts and Skills
Facebook privacy policy
What is WhatsApp? WhatsApp Text - Simple, reliable messaging
CaRT eCapacity Initiative Ghana Productivity Apps
Using Jabber in Global Offices
John Bordsen Technology Trainer Gail Borden Public Library District
Advanced Techniques in Forensic Examination of Smartphones
Call for Skype Help Password Recovery Skype Support.
Kind of evidence gathered by agents
FILE CARVING: Reassembling files from fragments of bytes/hex data on a digital device.
FILE CARVING: Reassembling files from fragments of bytes/hex data on a digital device.
Everything you wanted to know but were afraid to ask a 10-year-old.
Chapter 3 – part2.
DSA Standby Player App Digital Signage for Android Phones and Tablets
ncommand, pioneer’s mobile solution
Presentation transcript:

Hong-Kong, Mar Mobile Data in Legal Proceedings and methods for Extraction, Analysis and Delivering Yuval Ben-Moshe Forensics Technical Director

Relevance

Why Mobile ESI?  A treasure trove of information User accounts Contacts Call history SMS Messages Messages Google Mail and Yahoo! Messenger Skype Chat History of Google Maps, Dynamic Dictionary Automatic Screen Shots Apps stored data  Deleted

Mobile Evidence is Admissible in Court  Sihlali v. South African Broadcasting Corporation, Ltd. (J700/08) [2010] ZALC  Rash text message: "I Quit"  Employment resignation by SMS text message was a legally-effective notice in “writing”

Mobile Evidence may need to be Preserved  Regas Christou v. Beatport, LLC (D. Colo. January 23, 2013),Regas Christou v. Beatport  Court sanctioned the defendants for taking “no steps to preserve text messages” leading to a spoliation sanction.

Concepts and Challenges of Mobile Device Forensics

Yet Another Computer

Not

Extraction Methods Logical Extraction File System Extraction Physical Extraction

Logical Extraction Results  A well formatted report:  Call logs, Contacts, SMS messages, Videos, Photos, Audio, Music

Logical Extraction File System Extraction Physical Extraction Extraction Methods

File System Extraction Results  SMS, Contacts, Call Logs, MMS, Notes, Applications, Voice Mails, Calendar, Bluetooth, GPS, Notes, Bookmarks, Skype, Chat, Cookies, Facebook Content .plist files containing great forensic data ‘keychain-2.db’ - Networks the user connected to including Wi-Fi, VPN, Bluetooth and the Apple iTunes Store ID. Other databases contain information from Apps

Logical Extraction File System Extraction Physical Extraction Extraction Methods

Contacts Including Deleted

Detailed Call Log, Including Deleted

Skype Contacts Including Deleted

Application Usage Details

WiFi Access History

GPS Locations History

User Pattern Lock 2020

3->2->1->4->7->8->9 2121

Timeline Analysis

Graphical Timeline Analysis

Real life Case - Logical Vs Physical  Additional evidence recovered using Physical:  22,000+ images  59 videos  audio files  16,000+ locations  60+ chats (included Facebook and Skype)  30+ MMS  text files

Changing the “Undue Burden” and Proportionality Equations  Gathering information from mobile devices is easy and intuitive  Mobile stored information has many unique artifacts; just one can tip your case  The bar for “Undue burden” argument has been raised  It is more likely to be “Proportionate”

UFED Touch

Decoding, Analysis & Reporting UFED Reader UFED Logical Analyzer UFED Physical Analyzer Multilingual User Interface Advanced Search Bookmarks and Tags Timeline view Multiple Project Instant Search Conversational View Generate and customized Reporting.ufd Support Watch List Hex Image view and search Advanced Carving Chain Manager Python Scripting Shell Advanced Decoding SQLite DB browser Installation License FreeUFED LogicalUFED Ultimate

Mobile Data as a Piece in the Puzzle  Mobile data is only as valuable as it can be weighted within the whole dataset  UFED output is already available for processing with: Exterro Fusion, Nuix, Palantir.  More integration projects are on-going

Recap

RAPRAP

Richer Accessible Proportionate

Questions

Thank You Yuval Ben-Moshe

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.