Mobile forensics

1,582 views

Published on

Published in: Technology, Business
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,582
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
177
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Mobile forensics

  1. 1. MobileMobileForensicsForensicsYogesh E. Sonawaneyogesh.dfe@gmail.com
  2. 2. Mobile Forensics
  3. 3. • Now-a-days mobile phones are frequently seizedas prime crime exhibits.• Mobile phones are used in the crimes like – Threatening or extortion calls To send/receive/store messages containingobscene picture images or video files Sports betting Terrorist & Naxalite activitiesMobile Forensic
  4. 4. • GSM – Global System for Mobile Communications• CDMA - Code Division Multiple Access• SIM (Subscriber Identity Module) - Essentially a smallcomputer on a card that sits within the mobile phone andcontrols various functions of call making• IMEI (International Mobile Equipment Identifier) - This isan unique number given to each handset.  This is printedsomewhere on the handset, mostly in the batterycompartment) [*#06#]Some Terms Used
  5. 5. To see our own Mobile Number
  6. 6. SpecificationsMobiles phones ranging from basic to highfunctional features models contains varyinghardware and software specifications.• Microprocessor• Random Access Memory (RAM)• Radio Module• Microphone and Speaker• Hardware Keys
  7. 7. Specifications Continued….• Wireless Communications (Infrared, Bluetooth,Wi-Fi)• The Operating System (eg. Microsoft)• Liquid Crystal Display (LCD)• Built-in Mini Secure Digital (MiniSD),MultiMedia Card• Card slots support removable memory cards
  8. 8. • Cell Brite UME (Universal Memory Exchanger)• EnCase Neutrino• Cell Dek Tech• Oxygen Forensics•MPE+•MOBILedit etc.Tools used for Mobile Forensic AnalysisMobile Forensic
  9. 9. Tools used for Mobile Forensic AnalysisCell Brite UME (Universal Memory Exchanger)• It to extract mobile phone forensic evidence,working in the field as well as in the lab.• It is a stand-alone phone memory transfer andbackup solution that transfers all forms ofcontent, including pictures, videos, ringtones,SMS, as well as phonebook contact data betweena wide range of mobile phones.Reference : www.cellebrite.com
  10. 10. Tools used for Mobile ForensicAnalysisCell Brite UME (Universal Memory Exchanger)
  11. 11. Continued….EnCase NeutrinoIt is designed for law enforcement, securityanalysts and eDiscovery specialists who need toforensically collect data from mobile devices.Reference : www.guidancesoftware.comTools used for Mobile Forensic Analysis
  12. 12. Continued….CellDek TekIt acquires data including missed calls,dialed calls, received calls, phonebook,SMS messages, deleted SMS messages from SIM,Multimedia (MMS) messages (not available fromall handsets), calendar, memos, to-do lists,pictures, video, audio and other files.Reference : www.logicubeforensic.comTools used for Mobile Forensic Analysis
  13. 13. Continued….CellDek TekTools used for Mobile Forensic Analysis
  14. 14. Continued….JammerTools used for Mobile Forensic Analysis
  15. 15. Medium used to transfer the data• Data Cable Wire• Bluetooth• Infrared
  16. 16. Scope of Mobile Forensic AnalysisWhile analyzing suspected mobile phone, for the potentialevidence following items are needed to be checked:• Location Information• Subscriber and equipment identifiers• Date/time, language, and other settings• Phonebook information• Call log information (Incoming/Outgoing/Dialed/Missed)
  17. 17. Scope of Mobile Forensic Analysis Continued….• Text Messages (Incoming/Outgoing/Deleted)• Picture Images, Video Files, Audio Files• Multimedia Messages• Emails, Web Browsing Activities• Documents, Spreadsheets and Presentations• User created Files or Folders
  18. 18. Limitations• Forensic tools – To acquire mobile phone data. To generate report of the acquired data.• The tools supports certain mobile phone models.• The tools help to extract certain informative items.
  19. 19. Limitations Continued….• The tools depend on the data cable(support) toextract information. Sometimes support is available, but still fewinformative items can be extracted.E.g. Call Log Details Sometimes data is needed to extract but nosupport is available.E.g. User Created Files or Folders• Tools are available to break PIN and passwordof the selected mobile phones.
  20. 20. SMART PHONESWhat information is stored ona modern smart phone?(C) Oxygen Software, 2000-2012http://www.oxygen-forensic.com
  21. 21. (C) Oxygen Software, 2000-2012http://www.oxygen-forensic.comSMARTPHONE IS A SMALL PC
  22. 22. SMARTPHONE : CELL PHONE
  23. 23. SMARTPHONE : ADDRESSBOOK
  24. 24. SMARTPHONE : PLANNER
  25. 25. SMARTPHONE : MESSENGER
  26. 26. SMARTPHONE : GPSNAVIGATOR
  27. 27. SMARTPHONE : WEB CLIENT* - Available for some IM clients
  28. 28. Smartphone : PC
  29. 29. EXTRACTIONWhat data extraction methods areavailable for mobile devices?
  30. 30. THERE ARE 2 STANDARD WAYS TO GET FORENSIC INFORMATION FROMSMARTPHONES: LOGICAL AND PHYSICAL ANALYSIS(C) Oxygen Software, 2000-2012http://www.oxygen-forensic.comStandard extraction methods
  31. 31. Standard extraction methods: Summary
  32. 32. Agent application usageGeneral phone information & SIM card dataContacts with all fields and custom field labelsCaller groups & Speed dialsEvent LogCalendar eventsTasks & NotesMessages from standard and custom foldersDeleted messages informationService center timestampCamera snapshots, video clips and voice recordsFile systemGPS & Location tagged informationWeb browser cache & bookmarksIM clients data3rdparty applications with their information- Protected operatingsystem files- Memory dump

×