Presentation is loading. Please wait.

Presentation is loading. Please wait.

How the heck do they know that? The state of Computer and Cell Phone Forensics Ralph Gorgal, G-C Partners, LLC David Cowen, G-C Partners, LLC Ralph Gorgal,

Published byKatrina Briggs Modified over 9 years ago

Similar presentations

Presentation on theme: "How the heck do they know that? The state of Computer and Cell Phone Forensics Ralph Gorgal, G-C Partners, LLC David Cowen, G-C Partners, LLC Ralph Gorgal,"— Presentation transcript:

1 How the heck do they know that? The state of Computer and Cell Phone Forensics Ralph Gorgal, G-C Partners, LLC David Cowen, G-C Partners, LLC Ralph Gorgal, G-C Partners, LLC David Cowen, G-C Partners, LLC

2 Who the heck are you?  Author of Hacking Exposed: Computer Forensics (1 st – 3 rd editions)  Author of Infosec Pro Guide to Computer Forensics  Co-Author of Anti Hacker Toolkit 3 rd Edition  Expert Witness in Computer Forensics  Captain of the National Collegiate Cyber Defense Competition Redteam  Developer of Triforce ANJP  Author of Hacking Exposed: Computer Forensics (1 st – 3 rd editions)  Author of Infosec Pro Guide to Computer Forensics  Co-Author of Anti Hacker Toolkit 3 rd Edition  Expert Witness in Computer Forensics  Captain of the National Collegiate Cyber Defense Competition Redteam  Developer of Triforce ANJP

3 What the heck are we talking about?  Computers and cell phones  The state of smart phones as computers  Standard Forensics on phones  Recovery of deleted data  The Cloud  Device Specific data sources  Computers and cell phones  The state of smart phones as computers  Standard Forensics on phones  Recovery of deleted data  The Cloud  Device Specific data sources

4 Ask Questions!  As we go ask questions, this talk is for you.. I already know this stuff

5 Cell phones as computers  Smart phones have more processing power than your first computer  Smart phones have their own operating systems  Manufacturers control who gets to be the administrator of the OS  Forensic examiners work within their confines, unless they can break out jail  Smart phones have more processing power than your first computer  Smart phones have their own operating systems  Manufacturers control who gets to be the administrator of the OS  Forensic examiners work within their confines, unless they can break out jail

6 Standard Forensics on Cell Phones  Logical Extraction  Support by almost every manufacturer  Same function as a standard backup  Physical Extraction  Requires a ‘jailbreak’ or some other bypass technique  Allows full access to the underlying device  Logical Extraction  Support by almost every manufacturer  Same function as a standard backup  Physical Extraction  Requires a ‘jailbreak’ or some other bypass technique  Allows full access to the underlying device

7 Recovery of Deleted Data  Deleted database records (Logical and Physical)  Deleted Files (Physical)  Old Backups, we talk more about this later  Deleted database records (Logical and Physical)  Deleted Files (Physical)  Old Backups, we talk more about this later

8 Advanced Recovery Techniques  JTAG  Chip Off  MicroRead  JTAG  Chip Off  MicroRead

9 Cloud Storage  iCloud, OneDrive, Google Drive its all in the cloud  Cloud Storage  Cloud Backups  iCloud, OneDrive, Google Drive its all in the cloud  Cloud Storage  Cloud Backups

10 Computer and Cell Phone interaction  Data Transfer  Backups  Data Transfer  Backups

11 iPhone  iTunes  Backups  Data Transfer  iCloud  Generational Backups  Data Transfer  iTunes  Backups  Data Transfer  iCloud  Generational Backups  Data Transfer

12 Android  Google Drive  Backups  Data Transfer  History Sync  User data  Data from all other Google connected devices  Google Drive  Backups  Data Transfer  History Sync  User data  Data from all other Google connected devices

13 Windows Phone  OneDrive  Backup  Encryption Keys  Data Transfer  Search History  Desktop sync  OneDrive  Backup  Encryption Keys  Data Transfer  Search History  Desktop sync

14 Blackberry  Blackberry Desktop Manager  Backups  Data Transfer  Blackberry Desktop Manager  Backups  Data Transfer

15 Questions?  Email: dcowen@g-cpartners.comdcowen@g-cpartners.com  Twitter: @hecfblog  Blog: www.learndfir.comwww.learndfir.com  Email: dcowen@g-cpartners.comdcowen@g-cpartners.com  Twitter: @hecfblog  Blog: www.learndfir.comwww.learndfir.com

Download ppt "How the heck do they know that? The state of Computer and Cell Phone Forensics Ralph Gorgal, G-C Partners, LLC David Cowen, G-C Partners, LLC Ralph Gorgal,"

Similar presentations

Working Smarter: Using Smart Phones & Mobile Work Dino Martinez Student Involvement & Leadership Development.

Working Smarter: Using Smart Phones & Mobile Work Dino Martinez Student Involvement & Leadership Development.
Intuit QuickBooks Connect Intuit ® QuickBooks ® Connect/Mobile Extending the power of QuickBooks to the web and smart phones.

Intuit QuickBooks Connect Intuit ® QuickBooks ® Connect/Mobile Extending the power of QuickBooks to the web and smart phones.
MOBILE DEVICES & THEIR IMPACT IN THE ENTERPRISE Michael Balik Assistant Director of Technology Perkiomen Valley School District.

MOBILE DEVICES & THEIR IMPACT IN THE ENTERPRISE Michael Balik Assistant Director of Technology Perkiomen Valley School District.
Cloud Computing EDT 7860. Cloud Computing Overview Cloud Computing can be defined as a network of applications, services, and infrastructure that are.

Cloud Computing EDT Cloud Computing Overview Cloud Computing can be defined as a network of applications, services, and infrastructure that are.
Portable Device Operating Systems. Portable Device OS Portable devices use scaled down operating systems, which are smaller than those found in notebook.

Portable Device Operating Systems. Portable Device OS Portable devices use scaled down operating systems, which are smaller than those found in notebook.
6218 Mobile Devices- Are They Secure Enough for our Patient's Data? Presented By Aaron Hendriks, CISSP Other: Employee of University Health Network, Toronto,

6218 Mobile Devices- Are They Secure Enough for our Patient's Data? Presented By Aaron Hendriks, CISSP Other: Employee of University Health Network, Toronto,
Effective Discovery Techniques In Computer Crime Cases.

Effective Discovery Techniques In Computer Crime Cases.
Fall 2014 student background survey results. 2. Which section are you in? ValuePercentCount Day48.8%21 Evening51.2%22 Total43.

Fall 2014 student background survey results. 2. Which section are you in? ValuePercentCount Day48.8%21 Evening51.2%22 Total43.
HNA-Drive Familiarization Presentation. From the address bar in your preferred internet browser, navigate to www.hnadrive.com Site supports: Internet.

HNA-Drive Familiarization Presentation. From the address bar in your preferred internet browser, navigate to Site supports: Internet.
OneDrive for Business Introduction First Time Use First Time Use Access from Computer Access from Computer Access from Internet Access from Internet Access.

OneDrive for Business Introduction First Time Use First Time Use Access from Computer Access from Computer Access from Internet Access from Internet Access.
Donna Thompsson For Tech Tips - Facebook: Debbie Jarrett – Ed Tech PD https://www.facebook.com/DJarrettPD

Donna Thompsson For Tech Tips - Facebook: Debbie Jarrett – Ed Tech PD
Tracking, Privacy, You & The 21 st Century When you talk online the internet listens.

Tracking, Privacy, You & The 21 st Century When you talk online the internet listens.
Discovering Computers 2010

Discovering Computers 2010
Microsoft Office 2013 ®® Appendix A Introduction to Cloud Computing.

Microsoft Office 2013 ®® Appendix A Introduction to Cloud Computing.
How to transfer data from computer to computer USB Thumb Drive E-mail Cloud.

How to transfer data from computer to computer USB Thumb Drive Cloud.
ENCRYPTION Coffee Hour for August 2014. HISTORY OF ENCRYPTION Scytale Ciphers – paper wrapped around rod, receiver needed same size rod to get the message.

ENCRYPTION Coffee Hour for August HISTORY OF ENCRYPTION Scytale Ciphers – paper wrapped around rod, receiver needed same size rod to get the message.
From: FileRescure Studio

From: FileRescure Studio
SHARESYNCPage 1 of 2 ShareSync is a business-grade file sync and share service Sync files across devices Share files and folders easily and securely Business-grade.

SHARESYNCPage 1 of 2 ShareSync is a business-grade file sync and share service Sync files across devices Share files and folders easily and securely Business-grade.
CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.

CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.
E VALUATE M ICROSOFT O FFICE SUITE, CALLED O FFICE 365, WHICH IS BASED IN THE CLOUD FOR APPLICATION TO THE S TAR G AZER V IDEO S TORE, Microsoft Office.

E VALUATE M ICROSOFT O FFICE SUITE, CALLED O FFICE 365, WHICH IS BASED IN THE CLOUD FOR APPLICATION TO THE S TAR G AZER V IDEO S TORE, Microsoft Office.

Similar presentations

Ads by Google