Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hong-Kong, Mar-03-05 Mobile Data in Legal Proceedings and methods for Extraction, Analysis and Delivering Yuval Ben-Moshe Forensics Technical Director.

Published byBaldric Craig Modified over 9 years ago

Similar presentations

Presentation on theme: "Hong-Kong, Mar-03-05 Mobile Data in Legal Proceedings and methods for Extraction, Analysis and Delivering Yuval Ben-Moshe Forensics Technical Director."— Presentation transcript:

1 Hong-Kong, Mar-03-05 Mobile Data in Legal Proceedings and methods for Extraction, Analysis and Delivering Yuval Ben-Moshe Forensics Technical Director

2 Relevance

3 Why Mobile ESI?  A treasure trove of information User accounts Contacts Call history SMS Messages Messages Google Mail and Yahoo! Messenger Skype Chat History of Google Maps, Dynamic Dictionary Automatic Screen Shots Apps stored data  Deleted

4 Mobile Evidence is Admissible in Court  Sihlali v. South African Broadcasting Corporation, Ltd. (J700/08) [2010] ZALC  Rash text message: "I Quit"  Employment resignation by SMS text message was a legally-effective notice in “writing”

5 Mobile Evidence may need to be Preserved  Regas Christou v. Beatport, LLC (D. Colo. January 23, 2013),Regas Christou v. Beatport  Court sanctioned the defendants for taking “no steps to preserve text messages” leading to a spoliation sanction.

6 Concepts and Challenges of Mobile Device Forensics

7 Yet Another Computer

8 Not

9 Extraction Methods Logical Extraction File System Extraction Physical Extraction

10 Logical Extraction Results  A well formatted report:  Call logs, Contacts, SMS messages, Videos, Photos, Audio, Music

11 Logical Extraction File System Extraction Physical Extraction Extraction Methods

12 File System Extraction Results  SMS, Contacts, Call Logs, MMS, Notes, Applications, Voice Mails, Calendar, Bluetooth, GPS, Notes, Bookmarks, Skype, Chat, Cookies, Facebook Content .plist files containing great forensic data ‘keychain-2.db’ - Networks the user connected to including Wi-Fi, VPN, Bluetooth and the Apple iTunes Store ID. Other databases contain information from Apps

13 Logical Extraction File System Extraction Physical Extraction Extraction Methods

14 Contacts Including Deleted

15 Detailed Call Log, Including Deleted

16 Skype Contacts Including Deleted

17 Application Usage Details

18 WiFi Access History

19 GPS Locations History

20 User Pattern Lock 2020

21 3->2->1->4->7->8->9 2121

22 Timeline Analysis

23 Graphical Timeline Analysis

24 Real life Case - Logical Vs Physical  Additional evidence recovered using Physical:  22,000+ images  59 videos  1000+ audio files  16,000+ locations  60+ chats (included Facebook and Skype)  30+ MMS  3300+ text files

25 Changing the “Undue Burden” and Proportionality Equations  Gathering information from mobile devices is easy and intuitive  Mobile stored information has many unique artifacts; just one can tip your case  The bar for “Undue burden” argument has been raised  It is more likely to be “Proportionate”

26 UFED Touch

27

28 Decoding, Analysis & Reporting UFED Reader UFED Logical Analyzer UFED Physical Analyzer Multilingual User Interface Advanced Search Bookmarks and Tags Timeline view Multiple Project Instant Search Conversational View Generate and customized Reporting.ufd Support Watch List Hex Image view and search Advanced Carving Chain Manager Python Scripting Shell Advanced Decoding SQLite DB browser Installation License FreeUFED LogicalUFED Ultimate

29 Mobile Data as a Piece in the Puzzle  Mobile data is only as valuable as it can be weighted within the whole dataset  UFED output is already available for processing with: Exterro Fusion, Nuix, Palantir.  More integration projects are on-going

30 Recap

31

32 RAPRAP

33 Richer Accessible Proportionate

34 Questions

35 Thank You Yuval Ben-Moshe Yuvalbm@Cellebrite.com

Download ppt "Hong-Kong, Mar-03-05 Mobile Data in Legal Proceedings and methods for Extraction, Analysis and Delivering Yuval Ben-Moshe Forensics Technical Director."

Similar presentations

Google Series Part 1: gmail Part 2: maps Part 3: talk Part 4: earth Part 5: books Part 6: picasa Part 7: sites Part x: ?

Google Series Part 1: gmail Part 2: maps Part 3: talk Part 4: earth Part 5: books Part 6: picasa Part 7: sites Part x: ?
IPad Basic Training Everything you wanted to know but were afraid to ask a 2-year-old.

IPad Basic Training Everything you wanted to know but were afraid to ask a 2-year-old.
Presentation. Contemporary Communication Fast – connects us quickly without delays Reliable – works always Global – connects us with the whole world Low.

Presentation. Contemporary Communication Fast – connects us quickly without delays Reliable – works always Global – connects us with the whole world Low.
Getting to Know Your iPad. Overview Tip: the back camera is the best!

Getting to Know Your iPad. Overview Tip: the back camera is the best!
XProtect ® Professional Efficient solutions for mid-sized installations.

XProtect ® Professional Efficient solutions for mid-sized installations.
Getting Started. Intro Must Haves and Best Practices Demo Q&A Agenda.

Getting Started. Intro Must Haves and Best Practices Demo Q&A Agenda.
Office 365 Presented by User Services of Library & Information Services.

Office 365 Presented by User Services of Library & Information Services.
Programming with touchdevelop touchdevelop introduction Disclaimer: This document is provided “as-is”. Information and views expressed in this document,

Programming with touchdevelop touchdevelop introduction Disclaimer: This document is provided “as-is”. Information and views expressed in this document,
(C) Oxygen Software, 2000-2008 Oxygen Forensic Suite – Premium Mobile Examination Extracting.

(C) Oxygen Software, Oxygen Forensic Suite – Premium Mobile Examination Extracting.
Advanced Techniques in Forensic Examination of Smartphones (C) Oxygen Software, 2000-2010 2010.

Advanced Techniques in Forensic Examination of Smartphones (C) Oxygen Software,
Ozeki Informatics Ltd. | | info.ozekiphone.com | +36 52 532 731 Ozeki Informatics Ltd. | | +36.

Ozeki Informatics Ltd. | | info.ozekiphone.com | Ozeki Informatics Ltd. | | +36.
What is the Internet? Internet: The Internet, in simplest terms, is the large group of millions of computers around the world that are all connected to.

What is the Internet? Internet: The Internet, in simplest terms, is the large group of millions of computers around the world that are all connected to.
Apple iPad Presentation By: Leigh Casal. Apple iPad Video.

Apple iPad Presentation By: Leigh Casal. Apple iPad Video.
IPhone 3.0 Presented By: Renee` Smith. Introduction iPhone OS 3.0 Most advanced mobile phone platform 100 New features Coming out this summer.

IPhone 3.0 Presented By: Renee` Smith. Introduction iPhone OS 3.0 Most advanced mobile phone platform 100 New features Coming out this summer.
Droid by Motorola with Google. 2 Droid / Google Experience Gmail –Is not required to purchase Google experience devices, but should be activated to experience.

Droid by Motorola with Google. 2 Droid / Google Experience Gmail –Is not required to purchase Google experience devices, but should be activated to experience.
Advanced Techniques in Forensic Examination of Smartphones 2012 (C) Oxygen Software, 2000-2012

Advanced Techniques in Forensic Examination of Smartphones 2012 (C) Oxygen Software,
The PULSE: SAAS (Software as a Service) By Debjit Biswas, +91-9903805663,

The PULSE: SAAS (Software as a Service) By Debjit Biswas, ,
MyIsagenix - Intro Class. Intro Class Agenda  MyIsagenix Overview  Getting Started  Page by Page Walkthrough  Q & A.

MyIsagenix - Intro Class. Intro Class Agenda  MyIsagenix Overview  Getting Started  Page by Page Walkthrough  Q & A.
Towards Mobile Enhanced Digital Collections Tito Sierra and Markus Wust NCSU Libraries The Second International m-Libraries Conference June 24, 2009.

Towards Mobile Enhanced Digital Collections Tito Sierra and Markus Wust NCSU Libraries The Second International m-Libraries Conference June 24, 2009.
© 2012 Microsoft Corporation. All rights reserved. Amazing apps. Windows 8 comes with built-in apps for the things you do most to help get your favorite.

© 2012 Microsoft Corporation. All rights reserved. Amazing apps. Windows 8 comes with built-in apps for the things you do most to help get your favorite.

Similar presentations

Ads by Google