Your SlideShare is downloading. ×
Trends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and Artifacts
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Trends in Mobile Device Data and Artifacts

1,023

Published on

Data and artifacts from mobile devices reside in so many places that no single approach can yield everything. This session will review some of the latest observations on where artifacts and critical …

Data and artifacts from mobile devices reside in so many places that no single approach can yield everything. This session will review some of the latest observations on where artifacts and critical pieces of data can reside on the device, as well as the available tools and methodologies to extract and decode them.

Published in: Mobile, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,023
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
16
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • This is an example of location database
  • Transcript

    • 1. Trends in Mobile Devices Data and Artifacts Inbar Ries, Senior Director, Forensics Products June, 2014
    • 2. Trends Much More Data • Variety • Amount • Initiator - user and device New Data Management • Multiple locations • Multiple types
    • 3. Mobile Apps Dominate Contacts – friends, favorites, groups Call logs Chats – messages, attachments Emails Location Images Malware Over 2 Million Apps in App Store & Google Play 102 Billion downloads in 2013
    • 4. Device Internal Data Locations Media files metadata User ID (e.g. Apple ID) Tethering information Cloud backup indication Device power log (off/on) Installed applications & usage Application permissions
    • 5. Locations ■Cell towers ■WiFi networks ■Applications location ■Media files ■Journeys taken from GPS applications/devices
    • 6. The Device Knows Where his Owner has been ■The location data is derived by the cell towers and Wi-Fi hotspots the devices encountered ■The location service is enabled by default ■The data is stored in SQLite database for future use ■ Deleted data can be recovered
    • 7. Locations in Android Devices Location reporting is available on devices running Android 2.3 or higher
    • 8. Locations in iOS Devices ■iOS 4 and above ■Location accuracy Location service uses a combination of cellular, Wi-Fi, Bluetooth, and GPS to determine your location. ■System location service ■ iPhone will periodically send locations of where you have purchased or used Apps in an anonymous and encrypted form to Apple ■ iPhone will keep track of places you have recently been, as well as how often and when you visited them. This data is kept solely on your device
    • 9. Location in Applications ■User location per activity ■Friend’s locations ■Other people nearby
    • 10. Locations from TomTom devices The potential Detailed location info including Lat/Lon and timestamps Data stored on the device Encrypted triplog files
    • 11. Image carving ■File carving is a powerful tool for recovering files and fragments of files ■Recovery of images that have a full or partial or corrupted header ■ Quick scan ■ Less false positive ■ Recovery of blocks of JPEG data without header information ■ Longer duration ■ Much more results ■ More false positive Internal & Confidential 13
    • 12. Media files ■ Video and image files ■ Where – Latitude and longitude ■ When - capture time ■ Which camera - device make and model ■ Device owner ■ Other camera ■ How the area looks like
    • 13. Malware ■Mobile malware increasing by 1000% in the last year ■Mainly on Android and BlackBerry platforms ■2013 - 143K malicious programs targeting mobile devices were detected ■Devices are affected by: ■ A fake version of a real site ■ Infected legit app ■ Unofficial websites where users can freely download apps
    • 14. The Real Danger of Malware ■ Stealing of ■ Private information ■ Bank account information and password ■ Credit card numbers ■ Company intellectual property ■ Deleting data ■ Forcing the use of premium content ■ Bricking the device
    • 15. Trends Much More Data • Variety • Amount • Initiator - User and device New Data Management • Multiple locations • Multiple types
    • 16. SQLite Databases – Standard ■SQLite database is already installed in many devices including Android, Apple and Blackberry ■Multiple data types ■ Text, date and time, numbers ■ Files (image, audio, documents) ■ Deleted data can be recovered
    • 17. SQLite Databases – Content ■Applications data ■ The data is per application and cannot be accessed by other applications ■ Data: User profile, messages, locations, contacts, images and more ■Device native applications including SMS, MMS, contact ■Device internal usage ■ The amount of data that is saved but not exposed to the user is massive ■Data: configuration, cached information, locations and more
    • 18. Logs ■Logs can include errors but also valuable system information ■Transactions status ■Device information
    • 19. Configuration files ■What can be found: ■ Date, time and time zone configuration ■ Applications permissions ■ Tethering data - Hotspot name, password and last activation time ■ Location service status - on/off ■Configuration files: ■ Apple – Plist, bplist ■ Android – XML preference files
    • 20. Thank You www.cellebrite.com

    ×