File000151

524 views
397 views

Published on

Published in: Business, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
524
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
36
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

File000151

  1. 1. Module XXXVIII – Cell Phone Forensics
  2. 2. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: Mountain of Evidence on Alleged ‘SMS-blitz’ Source: http://www.iol.co.za/
  3. 3. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: New Mobile Data Extraction Device for Forensic Investigations by Cellebrite USA Corp. Source: http://www.reuters.com/
  4. 4. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Objective • Hardware Characteristics of Mobile Devices • Cellular Network • Different OS in Mobile Phone • What a Criminal Can do with Mobiles • Mobile Forensics • Subscriber Identity Module • Cell phone Forensics steps • Cell phone Forensics Tool • Challenges for Forensic Efforts This module will familiarize you with:
  5. 5. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Flow Hardware Characteristics of Mobile Devices Cellular Network Different OS in Mobile Phone What a Criminal Can do with Mobiles Mobile Forensics Subscriber Identity Module Cell phone Forensics Steps Cell phone Forensics Tool Challenges for Forensic Efforts
  6. 6. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Mobile Phone The mobile phone or cellular phone is an electronic device used for mobile voice or data communication over a network • Voice and text messaging • Personal Information Management (PIM) • SMS and MMS messaging • Email • Chat • Store the images and videos • Games • Camera with video recorder Features:
  7. 7. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Hardware Characteristics of Mobile Devices
  8. 8. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Software Characteristics of Mobile Devices
  9. 9. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Components of Cellular Network Mobile Switching Center (MSC):It is the switching system for the cellular network Base Transceiver Station (BTS): It is a radio transceiver equipment that communicates with mobile phones Base Station Controller (BSC): It manages the transceiver’s equipment and performs channel assignment BSS: BSC and the BTS units it controls are sometimes collectively referred to as a Base Station Subystem Home Location Register (HLR): It is the database at MSC. It is the central repository system for subscriber data and service information Visitor Location Register (VLR): It is the database used in conjunction with the HLR for mobile phones roaming outside their service area
  10. 10. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Cellular Network SIM: Subscriber Identity Module BSC: Base Station Controller MSC: Mobile Services Switching Center ME: Mobile Equipment HLR: Home Location Register EIR: Equipment Identity Register BTS: Base Transceiver Station VLR: Visitor Location Register AuC: Authentication Center
  11. 11. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Different Cellular Networks Code Division Multiple Access (CDMA) Enhanced Data Rates for GSM Evolution (EDGE) Integrated Digital Enhanced Network (iDEN) General Packet Radio Service (GPRS) Global System for Mobile communications (GSM) High-Speed Downlink Packet Access (HSDPA) Time Division Multiple Access (TDMA) Unlicensed Mobile Access (UMA) Universal Mobile Telecommunications System (UMTS)
  12. 12. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Different OS in Mobile Phones Linux Symbian OS Windows Mobile
  13. 13. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited What a Criminal Can Do with Mobiles Harassing or threatening Sending viruses and Trojans to other users Distributing pornography images and videos Data theft Storing and transmitting personal and corporate information Sending dangerous or offensive SMS and MMS Cloning the SIM data for illicit use
  14. 14. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Mobile Forensics Mobile phone forensics is the science of recovering digital evidence from a mobile phone under forensically sound conditions It includes recovery and analysis of data from mobile devices and SIM cards Mobile forensics aim to catch the perpetrators of the crimes that involve the use of mobile phones
  15. 15. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Forensics Information in Mobile Phones SIM card information Phonebook Call History SMS and MMS GPRS, WAP, and Internet settings IMEI Photos and Video Sound Files Network Information, GPS location Phone Info (CDMA Serial Number) Emails, memos, calendars, documents, etc.
  16. 16. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Subscriber Identity Module (SIM) SIM is a removable component that contains essential information about the subscriber SIM’s main function entails authenticating the user of the cell phone to the network to gain access to subscribed services It has both volatile and non-volatile memory The file system of a SIM resides in nonvolatile memory
  17. 17. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited SIM File System
  18. 18. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Integrated Circuit Card Identification (ICCID) The ICCID of the (U)SIM can be up to 20 digits long It consists of an industry identifier prefix (89 for telecommunications), followed by a country code, an issuer identifier number, and an individual account identification number This code helps to identify the country and network operator’s name If ICCID does not exist on the SIM, get it by using a (U)SIM acquisition tool such as ForensicSIM Toolkit
  19. 19. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited International Mobile Equipment Identifier (IMEI) IMEI is a 15-digit number that indicates the manufacturer, model type, and country of approval for GSM devices First 8-digits, known as the Type Allocation Code (TAC), gives the model and origin For powered on GSM and UMTS phones, the International Mobile Equipment Identifier (IMEI) can be obtained by keying in *#06#
  20. 20. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Electronic Serial Number (ESN) ESN is a unique 32-bit identifier recorded on a secure chip in a mobile phone by the manufacturer First 8-14 bits identify the manufacturer and the remaining bits identify the assigned serial number
  21. 21. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Precautions to be Taken Before Investigation Handle cell phone evidence properly to maintain physical evidence such as fingerprints To avoid unwanted interaction with devices found on the scene, turn off wireless interfaces such as Bluetooth and Wi-Fi radios, on equipment brought into the search area Photograph the crime scene including mobile phones, cables, cradles, power connectors, removable media, and connections If the device’s display is on, the screen’s contents should be photographed and, if necessary, recorded manually, capturing the time, service status, battery level, and other displayed icons Collect other sources of evidence such as (U)SIM, media, and other hardware in the phone but do not remove them from the device
  22. 22. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Precautions to be Taken Before Investigation (cont’d) If the phone is in a cradle or connected to the PC with cable, then seize the phone with cable and cradles, because unplugging the device from the computer may eliminate the data transfer or overwrite the synchronization If the phones are found in a compromised state such as immersed in a liquid, remove the battery to prevent electrical shorting and seal the remainder of the mobile phone in a proper container filled with the same liquid, which should not be caustic Isolate the phone from the radio network, which helps to keep new traffic from overwriting the existing data Isolate the phones from other synchronized devices, which keeps the new data from affecting the existing data
  23. 23. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Precaution to be Taken Before Investigation (cont’d) Some of the mobile communication devices use alkaline batteries as a power source; replace such batteries in transit to minimize the risk of data loss due to complete battery discharge Investigator should not perform any action which alters the data in evidence All the actions including seizure, access, storage, or transfer of evidence must be fully documented, preserved, and available for review
  24. 24. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Points to Remember while Collecting the Evidence • Turning it "OFF" could activate lockout feature • Write down all information on display (photograph if possible) • Keep it charged and protect it from tampering • Do not press any key, it may lose the data in the device If the device is "ON", do NOT turn it "OFF" • Turning it on could alter evidence on device • Do not remove the battery that may cause the contents of some devices to be lost If the device is "OFF", leave it "OFF"
  25. 25. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Acquire the Information Acquisition of data at the scene avoids loss of information due to battery depletion, damage during transportation and storage Data acquisition process at crime scene is hampered due to lack of controlled settings, appropriate equipment, and other prerequisites Try to acquire the data from images of the evidence such as SIM cards and device itself Use data acquiring tools such as SIM Card Data Recovery and SIMCon to recover the data from evidence or SIM cards
  26. 26. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Acquire Data from SIM Cards • Service related information such as unique identifiers for the (U)SIM, the Integrated Circuit Card Identification (ICCID), and the subscriber, the International Mobile Subscriber Identity (IMSI) • Phonebook and call information such as Abbreviated Dialling Numbers (ADN) and Last Numbers Dialled (LND) • Messaging information including SMS, EMS, and multimedia messages • Location Information, including Location Area Information (LAI) for voice communications and Routing Area Information (RAI) for data communications SIM contains important information related to the forensics investigation:
  27. 27. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Acquire Data from SIM Cards (cont’d) To access the SIM, PIN code (Personal Identification Number) is required Failure to enter a valid PIN in three attempts blocks the card and then 8 digit PUK (Personal Unlock Number) must be entered PUK is provided by the network operator and cannot be changed by the user Failure to get correct PUK in 10 attempts disables the SIM permanently Investigator should ask the network operator for PUK to gain access to the SIM
  28. 28. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Acquire Data from Unobstructed Mobile Devices An unobstructed device means the devices that do not require a password or other authentication technique to access to the device and perform an acquisition Unobstructed devices include mainly CDMA phones, freestanding (U)SIMs, and GSM phones containing a (U)SIM Note down the time and date in the phones Check with the contacts, SMS, and other entries Use different data recovery tools such as Cell Phone Analyzer to recover the deleted information from the device
  29. 29. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Acquire the Data from Obstructed Mobile Devices Obstructed devices typically refer to devices that are shut off and require successful authentication to gain access • Ask the victim or suspect for PIN • Review the seized non-electronics materials such as notes or print outs • Contact the service provider • Contact the device manufacturer and service provider for information on known backdoors and vulnerabilities that might be exploited • Contact the device maintenance and repair companies, as well as commercial organizations that provide architecture information on handheld device products • Use different forensics tools such as Cell Phone Analyzer • Use some data recovery tool such as SIM Analyzer and SIMCon Recover the information from such devices using the following techniques:
  30. 30. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Memory Considerations in Mobiles A mobile phone contains various types of volatile and non-volatile memory • Operating system code • Kernel • Device drivers • System libraries • Stores and executes user applications onto the device • Text • Image, audio, video • Other data files, including PIM application data It stores several kinds of data, including:
  31. 31. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Acquire Data from Memory Cards Removable media extends the storage capacity of mobile phones, allowing individuals to store additional files beyond the device’s built-in capacity and to share data between compatible devices Mobile phone supports Secure Digital (SD), MultiMedia Cards (MMC), and other types of removable media containing significant amounts of data Recover the data from removable media and memory cards with the use of a media reader and a Memory Card Data Recovery
  32. 32. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Memory Cards
  33. 33. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Acquire Data from Synched Devices Mobile phones are generally synched with the computer to save the data as another backup copy A significant amount of evidence on a mobile phone may also be present on the suspect’s laptop or personal computer Search for various evidence including contacts, SMS, email details, images, and videos
  34. 34. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Gather Data from Network Operator Gather the detailed information from the network operator including calls made/received, message traffic, data transferred, and connection location/timing • Customer’s name and address • Billing name and address (if other than customer) • User’s name and address (if other than customer) • Billing account details • Telephone Number (MSISDN) • IMSI • SIM serial number (as printed on the SIM-card) • PIN/PUK for the SIM • Subscriber Services allowed Home Location Register (HLR) provides:
  35. 35. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Check Call Data Records (CDRs) • Originating MSISDN • Terminating MSISDN • Originating and terminating IMEI • Initial serving Base Station (BTS) • Connection time • Time the call was disconnected • Disconnecting reason • DLCI (data link connection identifier) field to identify the originating PRI, and the bearer (B) channel used CDR files created in the MSC, records information about:
  36. 36. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Analyze the Information • Subscriber and equipment identifiers • Date/time, language, and other settings • Phonebook information • Appointment calendar information • Text messages • Dialed, incoming, and missed call logs • Electronic mail • Photos • Audio and video recordings • Multi-media messages • Instant messaging and web browsing activities • Electronic documents • Location information Analyze the following information:
  37. 37. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Analyze the Information (cont’d) Identify the individuals who created, modified, or accessed a file Determine when events occurred by analyzing call logs, the date/time, and content of messages and email Create the timeline of the events Recover the hidden information If the entries such as SMS, contacts, emails, etc. are encrypted then use cryptanalysis tools such as crank Use password cracking tools such as Hydra to read the password protected information Try to find out the geographical location of the attacker
  38. 38. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Cell Phone Forensic Tools
  39. 39. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited SIM Analyzer http://cpa.datalifter.com/ SIM Analyzer is a cell phone forensics tool that recovers the contents from SIM card of different mobiles It recovers: • Last Number Dialed, Abbreviated Dialing Numbers • Active and Deleted text (SMS) messages • All the general files found in the Telecom group as defined in the GSM 11.11v6 standards
  40. 40. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited SIMCon & SIM Card Data Recovery SIMCon is a program that allows the user to securely image all files on a GSM/3G SIM card to a computer file with the SIMCon forensic SIM card reader SIM Card Data Recovery software recovers accidentally deleted data from mobile phone SIM card
  41. 41. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Memory Card Data Recovery http://www.datadoctor.in/ Memory Card Data Recovery recovers lost deleted pictures, lost images/photos, formatted audio/video files and folders, encrypted data from the corrupted memory card storage devices • Reveals missing files and directories lost due to battery failure, formats or corruption caused by hardware or software malfunction • Restores all wav, mpg, mpeg, mp3, jpg, jpeg, bmp, midi etc. graphical files • Supports all major memory card devices including compact flash, multimedia card, secure digital card, PDA, Pocket PC drive, external Mobile phone storage card and other similar flash drives • Compatible with all major memory card brands like Kodak, Konica, Minolta, Nikon, Ricoh, Samsung, Sony, Toshiba etc • Support of all types of USB port memory card reader • Support memory card in major storage capacity drives including 128MB, 256MB, 512MB, 1GB, 2 GB, 4GB and other higher capacity drives Features:
  42. 42. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Memory Card Data Recovery: Screenshot
  43. 43. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Device Seizure & SIM Card Seizure Device Seizure is a digital forensics tool that supports GSM SIM cards with use of a SIM card reader SIM Card Seizure recovers deleted SMS/text messages and performs comprehensive analysis of SIM card data
  44. 44. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Cell Phone Analyzer http://cpa.datalifter.com/ Cell Phone Analyzer is a cell phone forensics tool that recovers deleted items Features: • Process Blackberry IPD files - includes date and time support for Call logs, Email and Hotlists • Nokia - both PM (Permanent memory) and Full flash support • SIM Card analysis • Create "Safety SIM"(TM) to preserve call log data and keep the phone off the network • LIVE Video capture support
  45. 45. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Oxygen Forensic Suite is a mobile forensic software that recovers data from cell phones, smartphones, and PDAs BitPim is a program that allows you to view and manipulate data on many CDMA phones from LG, Samsung, Sanyo etc. Oxygen Forensic Suite & BitPim
  46. 46. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited MOBILedit! Forensic http://www.mobiledit.com/ MOBILedit! Forensic collects all possible data from the mobile phone and generates an extensive report Features: • Analyze phonebook, last dialed numbers, missed calls, received calls, SMS messages, multimedia messages, photos, files, phone details, calendar, notes, tasks and more • Reads deleted messages from the SIM card • Direct SIM analyzer through SIM readers • Make backup now and reports when needed
  47. 47. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited MOBILedit! Forensic: Screenshot
  48. 48. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited PhoneBase http://www.phonebase.info/ PhoneBase extracts data from any Standard SIM card using a SIM Card Reader It recovers contents of SIM cards and phone memories, including lists of phone numbers and associated names, recently made calls, and text messages
  49. 49. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Secure View http://mobileforensicsnew.susteen.com/ Secure View for Forensics is the software and hardware solution that provides logical data extraction of the content stored in the mobile phone It acquires cell phone data via USB, Bluetooth, IrDA, and SIM card reader • Serial Numbers: IMEI (for GSM phones), and ESN (for CDMA) phones· • Recent Calls: Received Calls, Dialed Calls & Missed Calls • Contacts (internal phone memory, as well as SIM card on supported GSM phones) • Calendar and To Do lists • Pictures & Wallpapers • Ring tones & Music • Video & Movies It acquires:
  50. 50. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited XACT enables you to perform “physical” data investigations from confiscated phones and allows recovery of deleted information It allows you to acquire data from locked phones and deleted information It recovers deleted SMS recovered from the SIM card and other information XACT http://www.msab.com/
  51. 51. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited CellDEK http://www.forensic.gov.uk/ CellDEK is the portable handset data extraction kit designed for use at the scene of a crime and all working environments associated with on-going investigations It can access, read, and copy stored data from GSM, CDMA, TDMA, iDen handsets, SIM cards, PDAs, and 15 types of flash cards • Extracts handset time and date, serial numbers (IMEI, IMSI), dialed calls, missed calls, received calls, phonebook (both handset and SIM), SMS (both handset and SIM), deleted SMS from SIM, calendar, memos, and to do lists • Built-in SIM card reader and SIM card-reading software • Connection and control of external jammer to prevent loss of data • Time-stamped forensic audit trail records data sent and received from target device Features:
  52. 52. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Forensic Card Reader (FCR) http://www.bkforensics.com/ Forensic Card Reader (FCR) allows a forensic method of extracting data from a SIM card It does not alter any data including data and time stamps of SMS, and read/unread tags FCR reads deleted flagged SMS It reads following entries on SIM card: • ICC-ID • IMSI • ADN • FDN (Fixed Dialing Numbers) • Hidden entries • LND • MSISDN • Deleted SMS • TMSI (Temporary Mobile Subscriber Identity) • LAI information indicating a cell or a set of cells
  53. 53. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited ForensicSIM Toolkit http://www.radio-tactics.com/ ForensicSIM Toolkit recovers digital evidence from GSM SIM and 3G USIM cards It allows acquisition, analysis, and reporting • Recovers Operator identity number • Recovers Start / end time and date stamp • Perform MD5 checksum of acquired data • Recovers Data storage card serial number and production batch date Features:
  54. 54. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited SIMIS 3G http://www.3gforensics.co.uk/ SIMIS 3G is a tool for the recovery of data from SIM card SIMIS 3G allows the examiner to view recovered data including phonebook contacts and numbers, SMS text messages, deleted text messages, time and date information, and more Secured the recovered data against tampering using both MD5 and SHA-1 hashing techniques
  55. 55. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited UME-36Pro - Universal Memory Exchanger http://www.cellebrite.com/ Cellebrite's UME-36Pro is the phone memory transfer and backup solution • Supports transfer of content across all mobile handset technologies • Transfer of phones internal memory and SIM card content • Integrated SIM/Smart Card reader • Transfer, backup and restore of mobile phone content Features:
  56. 56. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Cellebrite UFED System - Universal Forensic Extraction Device http://www.cellebrite.com/ The Cellebrite UFED Forensics system is the device that can be used in the field as well as in the forensic lab • It extracts data from all cell phones or PDAs: phonebook, pictures, videos, text messages, call logs, ESN and IMEI information • It is a standalone kit, with no computer required for extraction • It generates complete, MD5 verified evidence reports • It supports over 1,400 handset models Features:
  57. 57. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited ZRT http://www.fernico.com/zrt.html ZRT is the cell phone forensic investigation solution that supports all phones and can be used on its own or in conjunction with existing tools Features: • It completely streamlines the process of taking high-resolution photographs of screen displays • It merges photos into custom designed report templates
  58. 58. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Neutrino http://www.forensics.ie/ Neutrino is the mobile device acquisition tool that integrates with EnCase v6, allows to analyze both mobile devices and computer evidence at the same time • Examine multiple devices and correlate with computer evidence at the same time • Share Neutrino acquired Logical Evidence Files with other EnCase v6 examiners • Carry entire tool set, organized and stored in a single field kit Features:
  59. 59. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited ICD 5005 http://www.projectaphone.com ICD 5005 is a project-a-Phone product designed for forensic investigations of cell phone With USB 2.0 camera, it captures display screen at up to 3 megapixel resolution Features: • It captures evidence in cell phone forensics • It offers live meetings where you want to present from a computer • It provides web-based demonstrations • It can take screen shots for print marketing materials or documentation
  60. 60. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited ICD 1300 http://www.projectaphone.com ICD 1300 is a project-a-Phone product designed for forensic investigations of cell phones It captures display screen at up to 1.3 megapixel resolution • It offers recording forensic evidence • If offers screenshots for digital marketing materials or documentation Features:
  61. 61. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Challenges for Forensic Efforts Often a disposable solution for criminals Devices are not widely supported by forensic solutions No contract and no identity tied to the device or service contract No single standardized approach to investigate mobile devices Different forensic tools are only able to operate on a particular handset, specific platforms for a specific product, a distinct operating system, or specific hardware architecture Ever-changing advancement of mobile devices increases the complexity of mobile device examinations
  62. 62. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Summary Mobile phone forensics is the process of recovering digital evidence from a mobile phone under forensically sound conditions using the accepted methods SIM is a removable component that contains essential information about the subscriber IMEI is a 15-digit number that indicates the manufacturer, model type, and country of approval for GSM devices Network operator provides the information including calls made/received, message traffic, data transferred, and connection location/timing ESN is a unique 32-bit identifier recorded on a secure chip in a mobile phone by the manufacturer
  63. 63. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  64. 64. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited

×