Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mobile Device Data Population for Tool Testing Rick Ayers.

Published byMarion Warner Modified over 8 years ago

Similar presentations

Presentation on theme: "Mobile Device Data Population for Tool Testing Rick Ayers."— Presentation transcript:

1 Mobile Device Data Population for Tool Testing Rick Ayers

2 Disclaimer Certain commercial entities, equipment, or materials may be identified in this presentation in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose.

3 Agenda Mobile Device Forensics Challenges Computer Forensic Tool Testing (CFTT) Program Setup and Test Procedures Mobile Device Data Population Data Types Population Techniques Factors

4 Challenges Multiple interfaces Acquisition support for old and current models Quality control Closed mobile device operating systems Damaged devices

5 Disk Imaging Disk Imaging String Searching File Carving Forensic Media Prep Write Blockers Deleted File Recovery Mobile Device Forensics

6 Setup and Test Procedures Objective: Documentation on data population of target media and test procedures providing third parties with information for an independent evaluation or replication of posted test results. Contents: Data types Test case execution procedures Data population techniques

7 Mobile Device Data Population Factors Fresh / Unused mobile device PII on device with existing user data Connectivity: Cellular, WiFi, Bluetooth, PC synchronization

8 Mobile Device Data Subscriber / Equipment related data Useful for uniquely identifying a cellular subscription and physical identification of a mobile device IMEI, ESN/MEID, ICCID, MSISDN, SPN Address Book / Contacts Contact name, associated number, metadata Long, Regular, Special character, Blank, Non-Latin character entries Contact metadata: email, address, URL, birthdates, pictures, ring-tones, notes

9 Mobile Device Data Personal Information Management (PIM) data Datebook / Calendar, Memo (long, regular, special character entries) Call Logs Incoming, outgoing, missed Date / time and duration SMS / Chat / MMS Messages Incoming, outgoing, drafts, deleted Long, Regular, Special character, non-Latin character entries Audio, graphic, video attachments

10 Mobile Device Data Stand-alone files Audio: wav, aiff, mp3, flac, mp4 Graphic: jpg, gif, bmp, png, tiff Video: 3gp, mov, flv, avi, wmv Email Incoming, outgoing, drafts, deleted Attachments: audio, graphic, video, txt, doc, pdf, etc. Native / Third-party applications Vary based on manufacturer

11 Mobile Device Data Internet related data Browsing history Bookmarks Social media data Profile data Status updates PMs GPS data Longitude / Latitude coordinates Geotagged pictures / video

12 Data Population Techniques Manual input E-mail client pairing PC synchronization Bluetooth

13 Mobile Device Population Techniques Manual input (time consuming) SMS/MMS messages (incoming, outgoing, read, unread, active/deleted, drafts) Call logs (incoming, outgoing, missed, date/time/duration, active/deleted) Third-party application data Social media data GPS related data E-mail client pairing Contacts, calendar entries, memos, stand-alone files (audio, graphic, video, docs)

14 Mobile Device Population Techniques PC Synchronization Stand-alone files (audio, graphic, video, documents) Bluetooth pairing Supported data objects e.g., Contacts, calendar entries, memos Photos, video, audio files

15 Mobile Device Population Techniques Subscriber / Equipment Data IMEI – battery cavity, *#06# ICCID – printed on UICC MSISDN – mobile device settings

16 Conclusions Challenges of Mobile Forensics Overview of CFTT Setup and Test Procedures documentation Goal: provide techniques for populating mobile devices used for testing mobile forensic data extraction tools Data Population Factors Common Mobile Device Data Elements Mobile Device Data Population Techniques

17 Thank You! Contact Information: Rick Ayers richard.ayers@nist.gov www.cftt.nist.gov/mobile_devices.htm

Download ppt "Mobile Device Data Population for Tool Testing Rick Ayers."

Similar presentations

MMS pictures to the people Johan Montelius

MMS pictures to the people Johan Montelius
Principles of Information Technology

Principles of Information Technology
Social Media.

Social Media.
Objectives Overview Identify the general categories of programs and apps Describe how an operating system interacts with applications and hardware Differentiate.

Objectives Overview Identify the general categories of programs and apps Describe how an operating system interacts with applications and hardware Differentiate.
(C) Oxygen Software, 2000-2008 Oxygen Forensic Suite – Premium Mobile Examination Extracting.

(C) Oxygen Software, Oxygen Forensic Suite – Premium Mobile Examination Extracting.
Advanced Techniques in Forensic Examination of Smartphones (C) Oxygen Software, 2000-2010 2010.

Advanced Techniques in Forensic Examination of Smartphones (C) Oxygen Software,
Hong-Kong, Mar-03-05 Mobile Data in Legal Proceedings and methods for Extraction, Analysis and Delivering Yuval Ben-Moshe Forensics Technical Director.

Hong-Kong, Mar Mobile Data in Legal Proceedings and methods for Extraction, Analysis and Delivering Yuval Ben-Moshe Forensics Technical Director.
Chapter 20 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Forensic Examination of Mobile Devices (online only)

Chapter 20 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Forensic Examination of Mobile Devices (online only)
5 th Nov 2003 Mobile Technical Internet Architecture Terminals and Terminal software Samuli Lahnamäki Martta Seppälä

5 th Nov 2003 Mobile Technical Internet Architecture Terminals and Terminal software Samuli Lahnamäki Martta Seppälä
Droid by Motorola with Google. 2 Droid / Google Experience Gmail –Is not required to purchase Google experience devices, but should be activated to experience.

Droid by Motorola with Google. 2 Droid / Google Experience Gmail –Is not required to purchase Google experience devices, but should be activated to experience.
Graphic File Carving Tool Testing Jenise Reyes-Rodriguez National Institute of Standards and Technology AAFS - February 19 th, 2015.

Graphic File Carving Tool Testing Jenise Reyes-Rodriguez National Institute of Standards and Technology AAFS - February 19 th, 2015.
I have lost all my vacation pictures due to memory card corruption. Can I get them back? I have accidently deleted some important Photos, Music files.

I have lost all my vacation pictures due to memory card corruption. Can I get them back? I have accidently deleted some important Photos, Music files.
Mobile Device Forensics Rick Ayers. Disclaimer  Certain commercial entities, equipment, or materials may be identified in this presentation in order.

Mobile Device Forensics Rick Ayers. Disclaimer  Certain commercial entities, equipment, or materials may be identified in this presentation in order.
Mobile Device Forensics - Tool Testing Richard Ayers.

Mobile Device Forensics - Tool Testing Richard Ayers.
Advanced Techniques in Forensic Examination of Smartphones 2012 (C) Oxygen Software, 2000-2012

Advanced Techniques in Forensic Examination of Smartphones 2012 (C) Oxygen Software,
Creating Online Class Communities Jennifer Dorman Discovery Education

Creating Online Class Communities Jennifer Dorman Discovery Education
Boxee Box by D-Link. Agenda What’s Boxee Box Appearance Applications Positioning Brief Introduction Supported Media Formats Selling Points Comparison.

Boxee Box by D-Link. Agenda What’s Boxee Box Appearance Applications Positioning Brief Introduction Supported Media Formats Selling Points Comparison.
Skill Area 212 Introduction to Multimedia Internet and MultiMedia for SC 2.

Skill Area 212 Introduction to Multimedia Internet and MultiMedia for SC 2.
CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.

CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.
WINDOWS APPLICATIONS by Jane Cable Also called Accessories Also called Components.

WINDOWS APPLICATIONS by Jane Cable Also called Accessories Also called Components.

Similar presentations

Ads by Google