Presentation is loading. Please wait.

Presentation is loading. Please wait.

David Benford MSc Forensic Computing & Security David Benford MSc Blackstage Forensics Limited.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "David Benford MSc Forensic Computing & Security David Benford MSc Blackstage Forensics Limited."— Presentation transcript:

1 David Benford MSc Forensic Computing & Security David Benford MSc Blackstage Forensics Limited

2 About me: Criminal defence Corporate Security clearance The Cavell Group Charity Trustee David Benford MSc Blackstage Forensics Limited

3 ....the science of retrieving data from a mobile phone under forensically sound conditions.... David Benford MSc Blackstage Forensics Limited

4 Numbers: 5.3 billion subscriptions by end of 2010 (ITU.INT,2010) Translates to 77% of world 842 million subscribers in China Asia-Pacific region including India and China account 47% of connections globally 10 billion phones sold since ’94 Nokia 3.4 billion 30 million sold in UK annually “ Five billion phones means there are more than three times as many phones as personal computers ” Ben Wood Analyst, CCS Insight

5 David Benford MSc Blackstage Forensics Limited iPhone Sales Forecast to Hit 100 Million by 2011! (PCWorld.com, 2010)

6 David Benford MSc Blackstage Forensics Limited Digital Handheld Devices: Smartphone Basic Mobile Phone SatNav & GPS iPad, iPod & other Media Players PDA & Pocket PC

7 David Benford MSc Blackstage Forensics Limited Principle 1: No action taken by law enforcement agencies or their agents should change data held on a computer or storage media which may subsequently be relied upon in court. Principle 2: In exceptional circumstances, where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions. Principle 3: An audit trail or other record of all processes applied to computer based electronic evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result. Principle 4: The person in charge of the investigation (the case officer) has overall responsibility for ensuring that the law and these principles are adhered to. ACPO Guidelines:(www.acpo.police.uk)

8 David Benford MSc Blackstage Forensics Limited Applications: Criminal law Civil law Commercial law Corporate applications – audits & tribunals Crisis management Cyber bullying

9 Evidential data can be recovered from: Device SIM/USIM Removable Media Storage Backup David Benford MSc Blackstage Forensics Limited

10 Main Forensic Tools: Microsystemation XRY/Xact Cellebrite UFED Oxygen Forensic Suite Flasher Box – Hex dump David Benford MSc Blackstage Forensics Limited

11 SIM (Subscriber Identity Module) or USIM (Universal Subscriber Identity Module) Forensics International Mobile Subscriber Identity (IMSI) Last dialled numbers Location information Contacts Service provider name ICCID (Integrated Circuit Card ID) 18 digit number SMS text messages – including deleted

12 David Benford MSc Blackstage Forensics Limited Types of Data Extraction: Logical Usually done via vendor interface for synchronising contents of phone with PC Physical Bit-by-bit copy of device via flash memory Similar to computer extraction 2 step – dump & decode Manual Done when no available tool Chip Removal Last resort Read by commercial off the shelf memory programmer & then dump & decode

13 David Benford MSc Blackstage Forensics Limited Phone analysis: No single tool Variations in firmware versions Vendor-specific modifications

14 David Benford MSc Blackstage Forensics Limited

15

16 XRY (Logical) Process: Learn device Charge Isolate SIM clone Faraday Switch on Time/date etc Photographs SIM extraction Phone Extraction Analyse & report Manually record process

17 David Benford MSc Blackstage Forensics Limited Smartphones Social networking Instant messaging / VOIP Location based services Web Browsing activities Email activity App data

18 David Benford MSc Blackstage Forensics Limited Apple iPhone Scaled down Mac OS x based on BSD App Store iTunes iPad came first! Location Services default No one tool does it all Pin lock is easily bypassed for media files

19 David Benford MSc Blackstage Forensics Limited

20 Location Services : Friend or Foe? Geotags Social Networks Augmented Reality Blogs

21 David Benford MSc Blackstage Forensics Limited The iPhone and Fraud Modifying data Directly iTunes

22 David Benford MSc Blackstage Forensics Limited

23

24

25

26 Crossover: Phones & Computers Smartphones are mini-computers Backups Windows 7 Shadow Volume Copies

27 David Benford MSc Blackstage Forensics Limited Future: Clustering of phones to provide PC-like capabilities PC Replacements – full-blown software The Cloud Payment by phone Fully connected, location-aware devices “Situationally & contextually aware tp present information accordingly” (digitaltrends.com, 2010) Development of A.R. “ad hoc broadcast terminal at sporting events where you can view a video feed from a guy in the second row or up in the nose-bleed seats” (digitaltrends.com, 2010)

28 David Benford MSc Blackstage Forensics Limited Conclusion

29 David Benford MSc Blackstage Forensics Limited References: CCS Insight Blog » Ben Wood. Available at: http://www.ccsinsight.com/blog/?author=3 [Accessed January 16, 2011]. http://www.ccsinsight.com/blog/?author=3 Forensics. Available at: http://www.zdziarski.com/blog/?cat=8 [Accessed January 16, 2011].http://www.zdziarski.com/blog/?cat=8 iPhone Sales Forecast to Hit 100 Million by 2011 - PCWorld. Available at: http://www.pcworld.com/article/199237/iphone_sales_forecas t_to_hit_100_million_by_2011.html [Accessed January 16, 2011]. http://www.pcworld.com/article/199237/iphone_sales_forecas t_to_hit_100_million_by_2011.html Speeches and Disscussion Papers. Available at: http://www.itu.int/ITU-D/ict/papers/ [Accessed January 16, 2011]. http://www.itu.int/ITU-D/ict/papers/ The Future of Smartphones: 2010-2015 and Beyond. Available at: http://www.digitaltrends.com/features/the-future-of- smartphones-2010-2015-and-beyond/ [Accessed January 16, 2011].http://www.digitaltrends.com/features/the-future-of- smartphones-2010-2015-and-beyond/

30 David Benford MSc Blackstage Forensics Limited Any Questions?

31 David Benford MSc Blackstage Forensics Limited Blackstage Forensics Catton Hall, Catton Derbyshire DE12 8LN T: +44(0)1283 762559 E: David@Blackstage-forensics.co.ukDavid@Blackstage-forensics.co.uk W: www.Blackstage-forensics.co.ukwww.Blackstage-forensics.co.uk Charity: www.Cystinosis.org.ukwww.Cystinosis.org.uk Thank you for your attention!

Download ppt "David Benford MSc Forensic Computing & Security David Benford MSc Blackstage Forensics Limited."

Similar presentations

Term 2, 2011 Week 1. CONTENTS Sending and receiving devices Mobile devices connected to networks – Smart phones – Personal digital assistants – Hand-held.

Term 2, 2011 Week 1. CONTENTS Sending and receiving devices Mobile devices connected to networks – Smart phones – Personal digital assistants – Hand-held.
OC RIMS Cyber Safety & Security Incident Response.

OC RIMS Cyber Safety & Security Incident Response.
The next generation in digital forensics Mobile Phones A New Frontier in Digital Forensics BK Forensics.

The next generation in digital forensics Mobile Phones A New Frontier in Digital Forensics BK Forensics.
Tracy Wang Computer8 December 2010 Apple. 1.Apple company 2.Mac 3.iPod 4.iPhone 5.iPad 6. Apple TV.

Tracy Wang Computer8 December 2010 Apple. 1.Apple company 2.Mac 3.iPod 4.iPhone 5.iPad 6. Apple TV.
(C) Oxygen Software, 2000-2008 Oxygen Forensic Suite – Premium Mobile Examination Extracting.

(C) Oxygen Software, Oxygen Forensic Suite – Premium Mobile Examination Extracting.
Advanced Techniques in Forensic Examination of Smartphones (C) Oxygen Software, 2000-2010 2010.

Advanced Techniques in Forensic Examination of Smartphones (C) Oxygen Software,
Guide to Computer Forensics and Investigations, Second Edition

Guide to Computer Forensics and Investigations, Second Edition
MD5 Summary and Computer Examination Process Introduction to Computer Forensics.

MD5 Summary and Computer Examination Process Introduction to Computer Forensics.
Fundamentals of Computer Forensics Fundamentals of Computer Forensics by Jim Bates,published Feb 1997, International Journal of Forensic Computing “…This.

Fundamentals of Computer Forensics Fundamentals of Computer Forensics by Jim Bates,published Feb 1997, International Journal of Forensic Computing “…This.
Hong-Kong, Mar-03-05 Mobile Data in Legal Proceedings and methods for Extraction, Analysis and Delivering Yuval Ben-Moshe Forensics Technical Director.

Hong-Kong, Mar Mobile Data in Legal Proceedings and methods for Extraction, Analysis and Delivering Yuval Ben-Moshe Forensics Technical Director.
Computing Fundamentals Module A © CCI Learning Solutions Inc. 1 Unit 1: Recognizing Computers Lesson Topic 1Computers All Around Us 2Elements of a Personal.

Computing Fundamentals Module A © CCI Learning Solutions Inc. 1 Unit 1: Recognizing Computers Lesson Topic 1Computers All Around Us 2Elements of a Personal.
Student Name: Group.  Developed by Microsoft  Alliance with Nokia in 2011  4 main functions:  Outlook Mobile  Windows Media Player for Windows Mobile.

Student Name: Group.  Developed by Microsoft  Alliance with Nokia in 2011  4 main functions:  Outlook Mobile  Windows Media Player for Windows Mobile.
Chapter 20 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Forensic Examination of Mobile Devices (online only)

Chapter 20 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Forensic Examination of Mobile Devices (online only)
A smartphone from Apple that integrates cellphone, iPod, camera, text messaging, e-mail and Web browsing. Data and applications can be sent to the phone.

A smartphone from Apple that integrates cellphone, iPod, camera, text messaging, and Web browsing. Data and applications can be sent to the phone.
 Forensic examination of smartphone mobile devices is hindered not only by the amount of information stored on the device itself, but also the location.

 Forensic examination of smartphone mobile devices is hindered not only by the amount of information stored on the device itself, but also the location.
Computer Forensics Mr.PRAWEE PROMPONMUANG M.Sc(Forensic Science) NO.515020181-9.

Computer Forensics Mr.PRAWEE PROMPONMUANG M.Sc(Forensic Science) NO
Advanced Techniques in Forensic Examination of Smartphones 2012 (C) Oxygen Software, 2000-2012

Advanced Techniques in Forensic Examination of Smartphones 2012 (C) Oxygen Software,
L EE & A LLEN F ORENSIC C OMPUTING S ERVICES A CAREER IN FORENSIC COMPUTING CRAIG G EARNSHAW L EE & A LLEN F ORENSIC C OMPUTING S ERVICES.

L EE & A LLEN F ORENSIC C OMPUTING S ERVICES A CAREER IN FORENSIC COMPUTING CRAIG G EARNSHAW L EE & A LLEN F ORENSIC C OMPUTING S ERVICES.
Computer and Internet Basics.

Computer and Internet Basics.
Introduction to Data Forensics CIS302 Harry R. Erwin, PhD School of Computing and Technology University of Sunderland.

Introduction to Data Forensics CIS302 Harry R. Erwin, PhD School of Computing and Technology University of Sunderland.

Similar presentations

Ads by Google