SMARTPHONE FORENSICS 101 General Overview of Smartphone Investigations
About McCann Total Security Solutions McCann Investigations Private Investigations Digital Forensics Background Research Litigation Support McCann Security TSCM (Bug Sweeps) Cyber Security Solutions Cyber Security Audits Physical Security Systems Remote Monitoring
Cases Family Law Contentious Divorce Child Custody Domestic Violence Fraud Intellectual Property Theft Embezzlement Non Compete Enforcement Network Breach Hack Spyware Malware
Smart Phones are SMART! Smart phones are essentially small handheld computers They have become essential to communication in both personally and professionally Retain more data than you realize
Forensic Imaging…. Is NOT a simple copy of all of the information on the phone Is a complete “snap shot” of all of the data on the phone, including the operating system and files that can’t be seen easily PRESERVE THE DATA Power the phone off If possible, remove the battery If it’s an iPhone, power it down **If you are afraid of a remote wipe, wrap in several layers of aluminum foil**
Passwords iPhone 6 and up Android phones are easier to get, unless they encrypt the entire phone Some Blackberries are on Android platform, however has a lot of encryption. Are most secure. Passwords can be sometimes be bypassed on older phones. NOTE: Our ability to forensically image a phone is dependent on the updates from developers. If the user keep their phones updated, chances are we can’t get into it without a password.
Evidence in Backups Key evidence from a mobile device can sometimes be found on the computer in the form of a backup. Most mobile device backups can be parsed by the same analysis tools used for mobile devices. Backups are typically unencrypted and have no password protection.
Spyware and Malware on Smart Phones iPhones Relatively difficult to remotely install spyware/malware Security apps such as Lookout work well Spyware turns on iCloud back-ups every 15 minutes, GPS, text iPhones asks a lot of questions and prompts that prevents an automated install Androids and Windows-based Phones Only partially locked down out of the box Can click on a link to download spyware automatically Spyware can be remotely erased (can send a kill signal), but leaves tell tale signs.
What Data is Obtainable? Mobile Device Forensics: A Deeper Dive
What Can Be Pulled from the Device (Best case scenario from logical tools) Phone hardware information Network information Text messages sent, received, deleted, origination number (depends on phone) GPS GeoLocation Contacts Call History and Details (To/From) Call Durations Text Messages with identifiers (sent-to, and originating) Sent, received, deleted messages Multimedia Text Messages with identifiers Photos and Video Sound Files s and attachments, memos, calendars, documents, etc. Social Networking Data Cached login credentials (sometimes, but not always)
QUESTIONS?
Malisa Vincenti Private Investigator Office: (800) Mobile: (832)