Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cell Phone Analysis.

Published by Modified over 6 years ago

Similar presentations

Presentation on theme: "Cell Phone Analysis."— Presentation transcript:

1 Cell Phone Analysis

2 In a nutshell… “Unfortunately, the reality is we don’t live on the set of CSI: Miami—and as anyone who has spent any time trying to acquire data from mobile devices knows, the general rule remains: you just never know what you will be confronted with next, and just how much data can be obtained.” “Chip-off and JTAG Analysis” by Bob Elder -

3 Cell Phone Forensics - Challenges
A smartphone is never just a smartphone. Data protection: passwords and encryption. Prepaid “burner” phones – data port disconnected (Tracphone). There’s no app for that – millions of apps exist. Accurate data, forensic soundness – boot loader installed. Some smartphone extractions remain unsupported. “6 Persistent Challenges With Cell Phone Forensics”

4 Another Issue Cell phone forensic software documentation is not always correct. It may say that it can do something – and it can’t It may say that it can’t do something – and it can Cellebrite claims is software can interpret data from 225 different applications.

5 Can This Phone Do “X?” To learn more about a phone’s capabilities use Phone Scoop –

6 Here’s what I tell clients…
What can be extracted depends on make, model and carrier What can be extracted depends on the version of the operating system Can you recover “x” from a cell phone My response – Maybe Personally, I try to keep the cost low enough so it is worth a try

7 Keys to Success When the phone is produced for analysis, it should be fully charged. If it is not fully charged, it can mean a delay in the analysis of the device. Know the make, model and carrier of the phone Many phones create backups – these backups can be recovered from computers and possibly the “cloud”

8 Marketing Name vs. Model Number
Marketing Name: Galaxy S4 Model Numbers GT-I9505G SGH-I337 SGH-M919 SCH-I545 SPH-L720 SCH-R970

9 Tools XRY, Oxygen, Lantern Cellebrite UFED4PC/ Physical Analyzer

10 Types of Cell Phone Analysis
Physical acquisition – analogous to a forensic copy of a computer hard drive File System Extraction – captures the file system, analogous to copying the “C: drive” on your computer Logical Extraction – artifact collection Password Extraction – some phones Chip-off and JTAG (Joint Test Action Group) – requires removing memory chip from phone.

11 Artifacts

12 Definitions SMS stands for Short Message Service, which is the formal name for text messaging. It's a way to send short, text-only messages from one phone to another. These messages are usually sent over a cellular data network.

13 Definitions MMS - Multimedia Messaging Service is a standard way to send messages that include multimedia content to and from a mobile phone over a cellular network.

14 Definitions UTC - Coordinated Universal Time (UTC) is the basis for civil time today. This 24-hour time standard is kept using highly precise atomic clocks combined with the Earth's rotation. For Central Time – subtract 5 hours in the summer, and 6 hours in the winter. 23:25 (UTC+0) July 15, 2018 – 18:25 July 15, 2018 Often represented as 23:25 (Z)

15 Examples of Recovered Artifacts
Keep in mind – what can be recovered depends on make, model and carrier These examples come from my personal iPhone 6 File System Extraction

16 Items in red show number of deleted items recovered
Analyzed Data Items in red show number of deleted items recovered iMessage – iPhone to iPhone Messages

17

18 Text Messages Between John Doe and Jane Doe
On both phones Only on John Doe’s phone Only on Jane Doe’s phone

19

20

21

22 Won’t get body of email from an iPhone

23

24

25

26 This is where much of the application data resides
This is where much of the application data resides. Tools can only carve out data from a small percentage of applications.

27 Millions of applications Data is stored in sqlite databases
eBird App – used to track bird sightings Millions of applications Data is stored in sqlite databases Information can be extracted from these databases

28 Sqlite file name: BirdsEyeSubmission.sqlite
Table: ZPERSONALLOCATION Total rows: 579

29

30 Sqlite file name: expense.db
Table: expense Total rows: 357

31 Web History

32 Anonymous Texting www.spoofmytextmessage.com www.smsgang.com
Plus a variety of phone Aps

33

34 “Spoofing an SMS means that you basically send a text from a number that isn't your own - as in, when the person receives their fake sms message, it will look like an entirely different sender has sent it. Think of all the fun a little text like, "I can't believe you got me pregnant!" Could cause if you sent it to one of your friends.”

35 How Do You Catch the Culprit?
Must have a suspect in mind Can review internet history on computer or phone Phone apps may store sent messages in a sqlite database Text Burner - example

36

37 https://support.google.com/websearch/answer/6302812?hl=en

38 Internet History and Internet Searches
Computer Artifacts Internet History and Internet Searches

39 Internet History

40 Google Searches

41 Questions? Contact info: /

Download ppt "Cell Phone Analysis."

Similar presentations

Network Systems Sales LLC

Network Systems Sales LLC
Effective Discovery Techniques In Computer Crime Cases.

Effective Discovery Techniques In Computer Crime Cases.
Investigation Myths and Facts November 29, 2011 IOT Security: Caroline Drum Bradley.

Investigation Myths and Facts November 29, 2011 IOT Security: Caroline Drum Bradley.
» Explain the way that electronic mail (e-mail) works » Configure an e-mail client » Identify e-mail message components » Create and send e-mail messages.

» Explain the way that electronic mail ( ) works » Configure an client » Identify message components » Create and send messages.
CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.

CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.
Technology at Your Finger Tip….or your Ear? Phones as Mobile Devices.

Technology at Your Finger Tip….or your Ear? Phones as Mobile Devices.
Digital Forensics and the Most Famous Egg How did Humpty Dumpty fall?

Digital Forensics and the Most Famous Egg How did Humpty Dumpty fall?
Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent.

Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent.
Getting In Control Of Today’s Information Overload 50 Ways to Use Evernote in Your Real Estate Business.

Getting In Control Of Today’s Information Overload 50 Ways to Use Evernote in Your Real Estate Business.
Software Essentials ICT 1 & 2. What is software?  software is the set of instructions stored inside a computer  These instructions tell the computer.

Software Essentials ICT 1 & 2. What is software?  software is the set of instructions stored inside a computer  These instructions tell the computer.
Technology vocabulary slides assignment. Application Definition : A program or group of programs designed for end users. Application software can be divided.

Technology vocabulary slides assignment. Application Definition : A program or group of programs designed for end users. Application software can be divided.
Pamela Wetzel ITC 525-801 Summer 2. Types of Technology How to be Safe Online Research Tools Review Game Standards Credits.

Pamela Wetzel ITC Summer 2. Types of Technology How to be Safe Online Research Tools Review Game Standards Credits.
Emily Ansell 8K viruseshackingbackups next. Viruses A virus is harmful software that can be passed to different computers. A virus can delete and damage.

Emily Ansell 8K viruseshackingbackups next. Viruses A virus is harmful software that can be passed to different computers. A virus can delete and damage.
SMARTPHONE FORENSICS 101 General Overview of Smartphone Investigations.

SMARTPHONE FORENSICS 101 General Overview of Smartphone Investigations.
 Forensics  Application of scientific knowledge to a problem  Computer Forensics  Application of the scientific method in reconstructing a sequence.

 Forensics  Application of scientific knowledge to a problem  Computer Forensics  Application of the scientific method in reconstructing a sequence.
1 REMOTE CONTROL SYSTEM V7 www.hackingteam.it. 2 Introduction.

1 REMOTE CONTROL SYSTEM V7 2 Introduction.
Electronic Evidence Seizure

Electronic Evidence Seizure
Chapter 11 Analysis Methodology Spring 2016 - Incident Response & Computer Forensics.

Chapter 11 Analysis Methodology Spring Incident Response & Computer Forensics.
Intro to Digital Technology Review for Final Introduction to Digital Technology Finals Seniors Monday, 5/16 – 2 nd Tuesday 5/17 – 1 st,3 rd Underclassmen.

Intro to Digital Technology Review for Final Introduction to Digital Technology Finals Seniors Monday, 5/16 – 2 nd Tuesday 5/17 – 1 st,3 rd Underclassmen.
10. Mobile Device Forensics Part 2. Topics Collecting and Handling Cell Phones as Evidence Cell Phone Forensic Tools GPS (Global Positioning System)

10. Mobile Device Forensics Part 2. Topics Collecting and Handling Cell Phones as Evidence Cell Phone Forensic Tools GPS (Global Positioning System)

Similar presentations

Ads by Google