Presentation is loading. Please wait.

Presentation is loading. Please wait.

10. Mobile Device Forensics Part 2. Topics Collecting and Handling Cell Phones as Evidence Cell Phone Forensic Tools GPS (Global Positioning System)

Published byPatrick Hill Modified over 8 years ago

Similar presentations

Presentation on theme: "10. Mobile Device Forensics Part 2. Topics Collecting and Handling Cell Phones as Evidence Cell Phone Forensic Tools GPS (Global Positioning System)"— Presentation transcript:

1 10. Mobile Device Forensics Part 2

2 Topics Collecting and Handling Cell Phones as Evidence Cell Phone Forensic Tools GPS (Global Positioning System)

3 Collecting and Handling Cell Phones as Evidence

4 Isolate the Phone Use a Faraday bag or a paint can to block radio signals to the phone This prevents o Remote wiping o inbound emails, texts, and calls, which could overwrite evidence If phone is on, leave it on o Turning off the ohone will preserve the battery charge, but it might require a PIN when it’s turned back on o A dead battery might trigger the security function, locking up the phone

5 If Phone is Off Leave it off Remove the battery and SIM card Photograph the phone, front and back Record identifying numbers under the battery o IMEI/ESN/MEID Isolate the phone from the network, just like a powered-on phone

6 Imaging the Phone Best procedure Identify make & model of phone Create a forensic image Examine the image

7 Manual Examination If there’s no alternative, you can examine the live phone by hand Take good notes Explain why this was necessary o Hostage situation or to prevent a violent act Navigate through the phone, taking photographs

8 Voicemail You will need the password-reset code from the carrier Or, carrier may provide you with the data itself

9 Other Items Look for o Additional handsets o SIM cards o Power and data cables A phone in isolation drains its battery rapidly, seeking a signal

10 SIM (Subscriber Identity Module) Numbers on SIM card IMSI (International Mobile Subscriber Identity) o Identifies the subscriber’s account information ICC-ID (Integrated Circuit Card Identifier) o Serial number of the SIM card itself

11 Evidence on SIM Card Subscriber identification (IMSI) Service provider Card identity (ICC-ID) Language preferences Phone location when powered off User stored phone numbers Numbers dialed by the user SMS text messages (potentially) Deleted SMS text messages (potentially) o Only a small number of SMS messages are usually stored on the SIM card (link Ch 12e)

12 SIM Components CPU RAM Flash memory Crypto-chip

13 Cell Phone Acquisition Physical and Logical Physical o Bit-for-bit copy o Includes latent data Logical o Only files and folders, no deleted data Can be performed with nonforensic tools like backup utilities No write blocker is used

14 Cell Phone Forensic Tools

15 Limitations of Tools A tool can’t support all phones Two tools may not recover the same information from the same phone Multiple tools will be required

16 BitPim Free, open- source software Allows you to view and manipulate data from CDMA phones from Samsung and other manufacturers Link Ch 10p

17 Oxygen Forensic Suite Supports more than 6500 devices $2500 Claims to extract more data than other tools Link Ch 10q

18 Paraben Hardware and software products for mobile device forensics Link Ch 10r

19 AccessData MPE+ Supports 6800 devices May be a free version Link Ch 10s

20 Cellebrite UFED Hardware device that extracts data from mobile devices They also make devices top copy data from one phone to another in phone stores Link Ch 10u

21 EnCase Forensic v7 Includes smartphone acquisition Automatically detects device type—just plug it in Link Ch 10t

22 GPS (Global Positioning System)

23 Evidence on GPSs Physical location log Some have o Mobile phone logs o SMS messages o Images Remembered places and routes o Waypoints o Tracks o Routes Link Ch 10u

24 Four Categories of GPS Simple o Can store trackpoints & logs Smart o Automotive or USB storage devices o 2 GB or more storage o Can play MP3s, store photos, & favorite places

25 Four Categories of GPS Hybrid o Feature-rich. Ike a smartphone o Bluetooth connection to phone o May have SMS messages, call logs, address book Connected o GSM radio; real-time Internet o Google searches, traffic information o Subscription-based service o Information available from provider

26 Data on GPS Devices System data o Trackpoints are automatically generated and can’t be altered by the user o The track log records where the unit has been User data o Waypoints are locations the user saved o The user may not have gone there o Points Of Interest are supplied by GPS manufacturer

27 GPS Handling Like cell phones May have volatile data Are constantly interacting with satellites

Download ppt "10. Mobile Device Forensics Part 2. Topics Collecting and Handling Cell Phones as Evidence Cell Phone Forensic Tools GPS (Global Positioning System)"

Similar presentations

Introduction to Computers Lecture By K. Ezirim. What is a Computer? An electronic device –Desktops, Notebooks, Mobile Devices, Calculators etc. Require.

Introduction to Computers Lecture By K. Ezirim. What is a Computer? An electronic device –Desktops, Notebooks, Mobile Devices, Calculators etc. Require.
Guide to Computer Forensics and Investigations Fourth Edition

Guide to Computer Forensics and Investigations Fourth Edition
Guide to Computer Forensics and Investigations Fourth Edition Chapter 13 Cell Phone and Mobile Devices Forensics.

Guide to Computer Forensics and Investigations Fourth Edition Chapter 13 Cell Phone and Mobile Devices Forensics.
1 Alcatel Onetouch Antivirus. 2 Thinking about security on your smartphone Alcatel OneTouch? We have the solution. Among the applications on your smartphone,

1 Alcatel Onetouch Antivirus. 2 Thinking about security on your smartphone Alcatel OneTouch? We have the solution. Among the applications on your smartphone,
HOW WELL DO YOU KNOW THE BASICS OF USING YOUR COMPUTER?

HOW WELL DO YOU KNOW THE BASICS OF USING YOUR COMPUTER?
Chapter 20 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Forensic Examination of Mobile Devices (online only)

Chapter 20 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Forensic Examination of Mobile Devices (online only)
COS 413 Day 21. Agenda Assignment 6 is Due Lab 6 Corrected –1 A, 4 B’s, 1 C, 2 D’s and 1 non submit LAB 7 write-up not corrected –Missing two Assignment.

COS 413 Day 21. Agenda Assignment 6 is Due Lab 6 Corrected –1 A, 4 B’s, 1 C, 2 D’s and 1 non submit LAB 7 write-up not corrected –Missing two Assignment.
GPS. Meet the Bad Elf GPS Pro The Bad Elf GPS Pro offers the first Apple approved GPS with an informative user interface.

GPS. Meet the Bad Elf GPS Pro The Bad Elf GPS Pro offers the first Apple approved GPS with an informative user interface.
Capturing Computer Evidence Extracting Information.

Capturing Computer Evidence Extracting Information.
Alternative Input Devices. Digital Camcorder View recordings on a regular TV or copy them to VHS tape Send MPEG video clips by way of e-mail to a mobile.

Alternative Input Devices. Digital Camcorder View recordings on a regular TV or copy them to VHS tape Send MPEG video clips by way of to a mobile.
G OO GLE GLASS For more notes and topics visit: www.eITnotes.com eITnotes.com.

G OO GLE GLASS For more notes and topics visit: eITnotes.com.
CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.

CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.
Guide to Computer Forensics and Investigations Fifth Edition

Guide to Computer Forensics and Investigations Fifth Edition
Grover Kearns, PhD, CPA, CFE Class 11 1. Videos 2 How works Spoofing

Grover Kearns, PhD, CPA, CFE Class Videos 2 How works Spoofing
Damien Leake. Definition To examine digital media to identify and analyze information so that it can be used as evidence in court cases Involves many.

Damien Leake. Definition To examine digital media to identify and analyze information so that it can be used as evidence in court cases Involves many.
Module Designing Computer-based Information Systems

Module Designing Computer-based Information Systems
Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent.

Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent.
Phones and fieldTask. Session Objective Be familiar with: – selecting smart phones for a survey, – configuring them – and using them – fieldTask (c) Smap.

Phones and fieldTask. Session Objective Be familiar with: – selecting smart phones for a survey, – configuring them – and using them – fieldTask (c) Smap.
1 of6 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of6 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
Computer and Information Science Ch1.3 Computer Networking Ch1.3 Computer Networking Chapter 1.

Computer and Information Science Ch1.3 Computer Networking Ch1.3 Computer Networking Chapter 1.

Similar presentations

Ads by Google