SlideShare a Scribd company logo

mobile forensic.pptx

Download as PPTX, PDF
A
Ambuj Kumar

This document provides an overview of mobile forensics. It discusses key topics like the mobile forensics process, goals of mobile forensics, challenges with acquiring evidence from mobile devices, and analyzing different types of evidence. Specific techniques discussed include hashing, write protection, recovering deleted data through tools like Disk Drill, analyzing Windows and Linux event logs, and investigating malicious files. The document outlines the various components involved in a mobile forensics investigation from acquiring evidence to documenting the chain of custody.

Engineering
1 of 86
Mobile FORENSICS
Topics  Mobile Forensics Fundamentals & Process  Acquisition & Duplication  Hashing & Write Protection  Analyzing & Investigating Deleted Data  Analyzing Malicious file
WHAT IS Mobile FORENSICS? Mobile forensics is an electronic discovery technique used to determine and reveal technical criminal evidence. Mobile forensics involves the  Collection- What needs to be investigated.  Preservation  Analysis  Documentation and  Presentation of computer evidence stored on a computer.
Mobile Forensic Process
Mobile Forensics Goals • Finding legal evidence in computing devices and preserving its integrity in a way that is deemed admissible in a court of law. • Preserving and recovering evidence following court- accepted technical procedures. • Identifying data leaks within an organization. • Accessing possible damage occurring during a data breach.
Why mobile forensics
Threats targeting mobile devices
Mobile hardware and forensic • Mobile forensics highly dependent on the underlying hardware of the mobile devices. • Investigators need to take different approaches for mobile forensics depending upon the mobile hardware architecture. • Knowledge of mobile hardware also become important in case of broken device
Mobile OS and forensic
Architectural layer of mobile device environment
Android architecture stack
Android boot process
IOS Architecture
IOS boot process
Normal and DFU mode booting
Booting iPhone in DFU mode
Mobile storage and evidence location
What should you do before investigation
Build a forensic workstation
Build the investigation team
Review policies and laws
Mobile phone evidence analysis
Collecting the evidence
Document the scene
Document the evidence
Evidence preservation
Set of switching for on/off mobile phone
Faraday bag
Faraday bag
Forensic imaging
Duplication/Cloning FtkImager • https://accessdata.com/product- download/ftk-imager-version-4-5
Bypassing android phone lock
Mobile forensic analysis worksheet
Cybercrime Attack Mode • Insider attacks(most dangerous) • External attacks
How Are Computers Used in Cybercrimes? • A computing device is used as a weapon to commit a crime. • Example: Launching denial-of-service (DoS) attacks or sending • Ransomware • Gaining unauthorized access
Forensics Investigation Types • Public investigations(Public investigations involve law enforcement agencies and are conducted according to country or state law) • Private (corporate) sector investigations (Private investigations are usually conducted by enterprises to investigate policy violations, litigation dispute, wrongful termination, or leaking of enterprise secrets )
Digital Evidence Types • User-created data includes anything created by a user (human) • using a digital device. It includes the following and more: • Text files (e.g. MS Office documents, IM chat, bookmarks), • spreadsheets, database, and any text stored in digital format, • Audio and video files, • Digital images, • Webcam recordings (digital photos and videos), • Address book and calendar,
• Hidden and encrypted files (including zipped folders) created by the computer user, • Previous backups (including both cloud storage backups and offline backups like CD/DVDs and tapes), • Account details (username, picture, password), • E-mail messages and attachments (both online and client e- mails as Outlook), • Web pages, social media accounts, cloud storage, and any online accounts created by the user.
Challenge of Acquiring Digital Evidence • computer with a password, access card, or dongle. • Digital steganography techniques to conceal incriminating data in images, videos, audio files, file systems, and in plain sight (e.g. Within MS Word document). • Encryption techniques to obscure data, making it unreadable without the password.
• Full disk encryption (FDE) including system partition (e.g. BitLocker drive encryption). • Strong passwords to protect system/volume; cracking them is very time consuming and expensive. • File renaming and changing their extensions (e.g., changing DOCX into DLL, which is a known Windows system file type)
• Attempts to destroy evidence through wiping the hard drive • securely using various software tools and techniques. • Removing history from the web browser upon exit and disabling
• Physically damaged digital media; for example, we cannot retrieve • deleted files from a failed HDD before repairing it. • Sensitivity of digital evidence; if not handled carefully it might be destroyed. Heat, cold, moisture, magnetic fields, and even just dropping the media device can destroy it. • Easy alteration of digital evidence; for instance, if a computer is ON, you must leave it ON and acquire its volatile memory (if possible), but if the computer is OFF, leave it OFF to avoid changing any data.
• Cybercrimes can cross boarders easily through the Internet, making the lack of cyberlaw standardization a major issue in this domain. • USB thumb drive that belongs to a suspect, but the data inside it is fully encrypted and protected with a password, the suspect can deny its ownership of this thumb, making the decryption process very difficult to achieve without the correct password/key file.
Who Should Collect Digital Evidence? • Analytical thinking: This includes the ability to make correlations between different events/facts when investigating a crime. • Solid background in IT knowledge: This includes wide knowledge about different IT technologies, hardware devices, operating systems, and applications. This does not mean that an investigator should know how each technology works in detail.
• Hacking skills: To solve a crime, you should think like a hacker. Knowing attack techniques and cybersecurity concepts is essential for a successful investigation. • Understanding of legal issues concerning digital crime investigations. • Excellent knowledge of technical skills related to digital
• forensics like data recovery and acquisition and writing technical reports. • Online searching skills and ability to gather information from publicly available sources (i.e., OSINT).
FIRST RESPONDENT TEAM The first responder is the first person to encounter a crime scene. A first responder has the expertise and skill to deal with the incident. The first responder may be an officer, security personnel, or a member of the IT staff or incident response team. Roles of First Respondent Team: 1. Identifying the crime scene 2. Protecting the crime scene 3. Preserving temporary and fragile evidence
First Responder Toolkit • Crime scene tape. • Stick-on labels and ties. • Color marker pens. • Notepad. • Gloves. • Magnifying glass. • Flashlight.
• Sealable bags of mixed size; should be antistatic bags to preserve evidence integrity. • Camera (can capture both video and images and must be configured to show the date/time when the capture happens). • Radio frequency-shielding material to prevent some types of seized devices (e.g., smartphones and tablets with SIM cards) from receiving calls or messages (also known as a Faraday shielding bag). This bag will also protect evidence against • Bootable CDs.
• Lightning strikes and electrostatic discharges. • Chain of custody forms. • Secure sanitized external hard drive to store image of any digital exhibits. • USB hub.
Locations of Electronic Evidence • Desktops • Laptops • Tablets • Servers and RAIDs • Network devices like hubs, switches, modems, routers, and wireless access points • Internet-enabled devices used in home automation (e.g., AC and smart refrigerator)
• IoT devices • DVRs and surveillance systems • MP3 players • GPS devices • Smartphones
• Game stations (Xbox, PlayStation, etc.) • Digital cameras • Smart cards • Pagers • Digital voice recorders • External hard drives • Flash/thumb drives • Printers • Scanners
Chain of Custody • What is the digital evidence? (E.g., describe the acquired digital evidence.) • Where was the digital evidence found? (E.g., computer, tablet, cell phone, etc.; also to be included is the state of the computing device upon acquiring the digital evidence–ON or OFF?)
• How was the digital evidence acquired? (E.g., tools used; you also need to mention the steps taken to preserve the integrity of evidence during the acquisition phase.) • When was the digital evidence accessed, by whom and for what reason? • How was the digital evidence used during the investigation?
• How was the digital evidence transported, preserved, and handled? • How was the digital evidence examined? (E.g., any tools and techniques used.)
Sample Chain of Custody Form
Chain of custody
Acquisition & Duplication Acquisition • Acquisition is the process of collecting digital evidence from an electronic media.
Duplication • A forensic duplication is an accurate copy of data that is created with the goal of being admissible as evidence in legal proceedings. • We define forensic duplication as an image of every accessible bit from the source medium.
Types of Duplication 1. Simple duplication • Copy selected data; file, folder, partition. 2. Forensic duplication • Every bit on the source is retained • Including deleted files
Hashing & Write Protection Hashing is the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string. Hash value generation in digital forensic: • Generally, hash value is used to check the integrity of any data file but, in digital forensic it is used to check the integrity of evidence disk data. • The image of a disk is created in digital forensic for analysis so, it is necessary the image have exactly or replica of evidence disk. • The hash value generated during imaging should match when that image of evidence disk is extracted for detail analysis. In digital forensic hash value is generated for whole disk data not only single or multiple files.
Hashes • MD5: 464668D58274A7840E264E8739884247 • SHA-1: 4698215F643BECFF6C6F3D2BF447ACE0C067149E • SHA-256: F2ADD4D612E23C9B18B0166BBDE1DB839BFB8A376ED01E32 FADB03A0D1B720C7 • SHA-384: 2707F06FE57800134129D8E10BBE08E2FEB622B76537A7C42 95802FBB94755BBEE814B101ED18CC2D0126BD66E5D77B6
• SHA-512: C526BC709E2C771F9EC039C25965C91EAA3451A8CB43651A 4CD813F338235F495D37891DD25FE456FE2A8CA894576293 78BE63FB3A9A5AD54D9E11E4272D60C • RIPEMD-128: A868B98EAEC84891A7B7BA620EDDE621 • TIGER: F31A22CEED5848E69316649D4BAFBE8F9274DED53E25C02D • PANAMA: 7E703B1798A26A0AF21ECD661CBADB9C72B419455814CA7B 82E29EE0C03FA493
Hash myfiles • https://www.nirsoft.net/utils/hash_m y_files.html
Write Protection: Write protection is any physical mechanism that prevents modification or erasure of valuable data on a device.
Write protection
Analyzing & Investigating Deleted Data Data recovery is the extraction of data from damaged evidence sources in a forensically sound manner. This method of recovering data means that any evidence resulting from it can later be relied on in a court of law. Tools for recovering deleted Data:  Disk Drill  Recuva  MiniTool Power Data Recovery  Lazesoft
• https://www.cleverfiles.com/disk- drill-windows.html Disk Drill
Windows Log Analysis • In an event of a forensic investigation, Windows Event Logs serve as the primary source of evidence as the operating system logs every system activity. Windows Event Log analysis can help an investigator draw a timeline based on the logging information and the discovered artefacts. The information that needs to be logged depends upon the audit features that are turned on which means that the event logs can be turned off with the administrative privileges. From the forensic point of view, the Event Logs catch a lot of data.
• The Windows Event Logs are used in forensics to reconstruct a timeline of events. • The main three components of event logs are: – Application – System – Security • On Windows Operating System, Logs are saved in root location %System32%winevtLogs. • When Maximum Log size is reached: – Oldest Events are Overwritten – Archive the Logs when full – If do not wish to overwrite the events, clear logs manually
The type of events that are recorded can be any occurrence that affects the system: • An Incorrect Login Attempt, • A Hack, Breach, System Settings Modification, • An Application Failure, • System Failure etc. All these events are logged in the “%System32%/Winevt/Log”.
Full Event Log View • https://www.nirsoft.net/utils/full_event_log_view.html#: ~:text=FullEventLogView%20is%20a%20simple%20tool, network%2C%20and%20events%20stored%20in%20.
Linux Log analysis
Kali Linux Password Reset 1. Boot your Kali system and let the GNU Grub page will appear. 2. On the GNU GRUB page select the * Advanced options for Kali GNU/Linux option by down arrow key and press enter. 3. Now simply select the second one Recovery mode option and press E key to go to recovery mode of Kali Linux. 4. To modify it just change read-only mode (ro) to rw (write mode) and add init=/bin/bash like below screenshot then press F10 to reboot the Kali Linux. 5. After rebooting the Kali Linux system, it will bring you the bellow screen to reset Kali Linux password.
• To reset root password of Kali Linux system, simply type “passwd ” and hit the enter. Then type the new password twice for the root user. After successfully resetting Kali Linux lost password, you will see the succeed message*password update successfully*. Well reboot the system with reboot –f and log in with a newly changed password of root user.
Investigation of fake IP
Analyzing malicious File
mobile forensic.pptx

Recommended

Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensicsprimeteacher32
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDr Raghu Khimani
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics abdullah roomi
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic toolsParsons Corporation
 
Digital Forensic
Digital ForensicDigital Forensic
Digital ForensicCleverence Kombe
 
Incident response process
Incident response processIncident response process
Incident response processBhupeshkumar Nanhe
 
Email Forensics
Email ForensicsEmail Forensics
Email ForensicsGol D Roger
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidencerakesh mishra
 

Recommended

Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensicsprimeteacher32
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDr Raghu Khimani
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics abdullah roomi
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic toolsParsons Corporation
 
Digital Forensic
Digital ForensicDigital Forensic
Digital ForensicCleverence Kombe
 
Incident response process
Incident response processIncident response process
Incident response processBhupeshkumar Nanhe
 
Email Forensics
Email ForensicsEmail Forensics
Email ForensicsGol D Roger
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidencerakesh mishra
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1Manu Mathew Cherian
 
First Responder Officer in Cyber Crime
First Responder Officer in Cyber CrimeFirst Responder Officer in Cyber Crime
First Responder Officer in Cyber CrimeApplied Forensic Research Sciences
 
Forensic imaging
Forensic imagingForensic imaging
Forensic imagingDINESH KAMBLE
 
Mobile forensic
Mobile forensicMobile forensic
Mobile forensicDINESH KAMBLE
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber ForensicsKathirvel Ayyaswamy
 
Audio and Video Forensics
Audio and Video ForensicsAudio and Video Forensics
Audio and Video ForensicsDipika Sengupta
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkitMilap Oza
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logsanilinvns
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic pptPriya Manik
 
Cyber evidence at crime scene
Cyber evidence at crime sceneCyber evidence at crime scene
Cyber evidence at crime sceneApplied Forensic Research Sciences
 
Search & Seizure of Electronic Evidence by Pelorus Technologies
Search & Seizure of Electronic Evidence by Pelorus TechnologiesSearch & Seizure of Electronic Evidence by Pelorus Technologies
Search & Seizure of Electronic Evidence by Pelorus Technologiesurjarathi
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolsN.Jagadish Kumar
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensicsnoorashams
 
Electornic evidence collection
Electornic evidence collectionElectornic evidence collection
Electornic evidence collectionFakrul Alam
 
Cybercrime And Cyber forensics
Cybercrime And Cyber forensics Cybercrime And Cyber forensics
Cybercrime And Cyber forensics sunanditaAnand
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - NotesKranthi
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsMithileysh Sathiyanarayanan
 
Presentation cyber forensics & ethical hacking
Presentation cyber forensics & ethical hackingPresentation cyber forensics & ethical hacking
Presentation cyber forensics & ethical hackingAmbuj Kumar
 
Best Cyber Crime Investigation Service Provider | Fornsec Solutions
Best Cyber Crime Investigation Service Provider | Fornsec SolutionsBest Cyber Crime Investigation Service Provider | Fornsec Solutions
Best Cyber Crime Investigation Service Provider | Fornsec SolutionsFORnSECSolutions
 

More Related Content

What's hot

Audio and Video Forensics
Audio and Video ForensicsAudio and Video Forensics
Audio and Video ForensicsDipika Sengupta
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkitMilap Oza
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logsanilinvns
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic pptPriya Manik
 
Search & Seizure of Electronic Evidence by Pelorus Technologies
Search & Seizure of Electronic Evidence by Pelorus TechnologiesSearch & Seizure of Electronic Evidence by Pelorus Technologies
Search & Seizure of Electronic Evidence by Pelorus Technologiesurjarathi
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolsN.Jagadish Kumar
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensicsnoorashams
 
Electornic evidence collection
Electornic evidence collectionElectornic evidence collection
Electornic evidence collectionFakrul Alam
 
Cybercrime And Cyber forensics
Cybercrime And Cyber forensics Cybercrime And Cyber forensics
Cybercrime And Cyber forensics sunanditaAnand
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - NotesKranthi
 

What's hot (20)

Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1
 
First Responder Officer in Cyber Crime
First Responder Officer in Cyber CrimeFirst Responder Officer in Cyber Crime
First Responder Officer in Cyber Crime
 
Forensic imaging
Forensic imagingForensic imaging
Forensic imaging
 
Mobile forensic
Mobile forensicMobile forensic
Mobile forensic
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
 
Audio and Video Forensics
Audio and Video ForensicsAudio and Video Forensics
Audio and Video Forensics
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logs
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic ppt
 
Cyber evidence at crime scene
Cyber evidence at crime sceneCyber evidence at crime scene
Cyber evidence at crime scene
 
Search & Seizure of Electronic Evidence by Pelorus Technologies
Search & Seizure of Electronic Evidence by Pelorus TechnologiesSearch & Seizure of Electronic Evidence by Pelorus Technologies
Search & Seizure of Electronic Evidence by Pelorus Technologies
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software tools
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensics
 
Electornic evidence collection
Electornic evidence collectionElectornic evidence collection
Electornic evidence collection
 
Cybercrime And Cyber forensics
Cybercrime And Cyber forensics Cybercrime And Cyber forensics
Cybercrime And Cyber forensics
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 

Similar to mobile forensic.pptx

Presentation cyber forensics & ethical hacking
Presentation cyber forensics & ethical hackingPresentation cyber forensics & ethical hacking
Presentation cyber forensics & ethical hackingAmbuj Kumar
 
Best Cyber Crime Investigation Service Provider | Fornsec Solutions
Best Cyber Crime Investigation Service Provider | Fornsec SolutionsBest Cyber Crime Investigation Service Provider | Fornsec Solutions
Best Cyber Crime Investigation Service Provider | Fornsec SolutionsFORnSECSolutions
 
Most promising cyber forensic solution providers from india forn sec solut...
Most promising cyber forensic solution providers from india forn sec solut...Most promising cyber forensic solution providers from india forn sec solut...
Most promising cyber forensic solution providers from india forn sec solut...FORnSECSolutions
 
Mobile_Forensics- General Introduction & Software.pptx
Mobile_Forensics- General Introduction & Software.pptxMobile_Forensics- General Introduction & Software.pptx
Mobile_Forensics- General Introduction & Software.pptxgouriuplenchwar63
 
Uncover important digital evidence with digital forensic tools
Uncover important digital evidence with digital forensic toolsUncover important digital evidence with digital forensic tools
Uncover important digital evidence with digital forensic toolsParaben Corporation
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Damir Delija
 
Computer crimes and forensics
Computer crimes and forensics Computer crimes and forensics
Computer crimes and forensics Avinash Mavuru
 
Investigative Tools and Equipments for Cyber Crime by Raghu Khimani
Investigative Tools and Equipments for Cyber Crime by Raghu KhimaniInvestigative Tools and Equipments for Cyber Crime by Raghu Khimani
Investigative Tools and Equipments for Cyber Crime by Raghu KhimaniDr Raghu Khimani
 
Computer Forensics (1).pptx
Computer Forensics (1).pptxComputer Forensics (1).pptx
Computer Forensics (1).pptxGautam708801
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidenceOnline
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
Diving into Digital Forensics
Diving into Digital Forensics Diving into Digital Forensics
Diving into Digital Forensics Pranjal Vyas
 
Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handlingnewbie2019
 

Similar to mobile forensic.pptx (20)

Presentation cyber forensics & ethical hacking
Presentation cyber forensics & ethical hackingPresentation cyber forensics & ethical hacking
Presentation cyber forensics & ethical hacking
 
Best Cyber Crime Investigation Service Provider | Fornsec Solutions
Best Cyber Crime Investigation Service Provider | Fornsec SolutionsBest Cyber Crime Investigation Service Provider | Fornsec Solutions
Best Cyber Crime Investigation Service Provider | Fornsec Solutions
 
Most promising cyber forensic solution providers from india forn sec solut...
Most promising cyber forensic solution providers from india forn sec solut...Most promising cyber forensic solution providers from india forn sec solut...
Most promising cyber forensic solution providers from india forn sec solut...
 
Mobile_Forensics- General Introduction & Software.pptx
Mobile_Forensics- General Introduction & Software.pptxMobile_Forensics- General Introduction & Software.pptx
Mobile_Forensics- General Introduction & Software.pptx
 
Uncover important digital evidence with digital forensic tools
Uncover important digital evidence with digital forensic toolsUncover important digital evidence with digital forensic tools
Uncover important digital evidence with digital forensic tools
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
CYBERFORENSICS
CYBERFORENSICSCYBERFORENSICS
CYBERFORENSICS
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science
 
Computer crimes and forensics
Computer crimes and forensics Computer crimes and forensics
Computer crimes and forensics
 
Investigative Tools and Equipments for Cyber Crime by Raghu Khimani
Investigative Tools and Equipments for Cyber Crime by Raghu KhimaniInvestigative Tools and Equipments for Cyber Crime by Raghu Khimani
Investigative Tools and Equipments for Cyber Crime by Raghu Khimani
 
File000117
File000117File000117
File000117
 
Computer Forensics (1).pptx
Computer Forensics (1).pptxComputer Forensics (1).pptx
Computer Forensics (1).pptx
 
Sujit
SujitSujit
Sujit
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidence
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
 
Diving into Digital Forensics
Diving into Digital Forensics Diving into Digital Forensics
Diving into Digital Forensics
 
css ppt.ppt
css ppt.pptcss ppt.ppt
css ppt.ppt
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handling
 

Recently uploaded

VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionDr.Costas Sachpazis
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort servicejennyeacort
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...srsj9000
 
Application of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptxApplication of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptx959SahilShah
 
Current Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLCurrent Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLDeelipZope
 
Introduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptxIntroduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptxvipinkmenon1
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.eptoze12
 
Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxbritheesh05
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidNikhilNagaraju
 

Recently uploaded (20)

VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
 
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 
Application of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptxApplication of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptx
 
Current Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLCurrent Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCL
 
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
Introduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptxIntroduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptx
 
POWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examplesPOWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examples
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.
 
Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptx
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfid
 

mobile forensic.pptx

  • 2. Topics  Mobile Forensics Fundamentals & Process  Acquisition & Duplication  Hashing & Write Protection  Analyzing & Investigating Deleted Data  Analyzing Malicious file
  • 3. WHAT IS Mobile FORENSICS? Mobile forensics is an electronic discovery technique used to determine and reveal technical criminal evidence. Mobile forensics involves the  Collection- What needs to be investigated.  Preservation  Analysis  Documentation and  Presentation of computer evidence stored on a computer.
  • 5. Mobile Forensics Goals • Finding legal evidence in computing devices and preserving its integrity in a way that is deemed admissible in a court of law. • Preserving and recovering evidence following court- accepted technical procedures. • Identifying data leaks within an organization. • Accessing possible damage occurring during a data breach.
  • 8. Mobile hardware and forensic • Mobile forensics highly dependent on the underlying hardware of the mobile devices. • Investigators need to take different approaches for mobile forensics depending upon the mobile hardware architecture. • Knowledge of mobile hardware also become important in case of broken device
  • 9. Mobile OS and forensic
  • 10. Architectural layer of mobile device environment
  • 15. Normal and DFU mode booting
  • 16. Booting iPhone in DFU mode
  • 18. What should you do before investigation
  • 27. Set of switching for on/off mobile phone
  • 34. Cybercrime Attack Mode • Insider attacks(most dangerous) • External attacks
  • 35. How Are Computers Used in Cybercrimes? • A computing device is used as a weapon to commit a crime. • Example: Launching denial-of-service (DoS) attacks or sending • Ransomware • Gaining unauthorized access
  • 36. Forensics Investigation Types • Public investigations(Public investigations involve law enforcement agencies and are conducted according to country or state law) • Private (corporate) sector investigations (Private investigations are usually conducted by enterprises to investigate policy violations, litigation dispute, wrongful termination, or leaking of enterprise secrets )
  • 37. Digital Evidence Types • User-created data includes anything created by a user (human) • using a digital device. It includes the following and more: • Text files (e.g. MS Office documents, IM chat, bookmarks), • spreadsheets, database, and any text stored in digital format, • Audio and video files, • Digital images, • Webcam recordings (digital photos and videos), • Address book and calendar,
  • 38. • Hidden and encrypted files (including zipped folders) created by the computer user, • Previous backups (including both cloud storage backups and offline backups like CD/DVDs and tapes), • Account details (username, picture, password), • E-mail messages and attachments (both online and client e- mails as Outlook), • Web pages, social media accounts, cloud storage, and any online accounts created by the user.
  • 39. Challenge of Acquiring Digital Evidence • computer with a password, access card, or dongle. • Digital steganography techniques to conceal incriminating data in images, videos, audio files, file systems, and in plain sight (e.g. Within MS Word document). • Encryption techniques to obscure data, making it unreadable without the password.
  • 40. • Full disk encryption (FDE) including system partition (e.g. BitLocker drive encryption). • Strong passwords to protect system/volume; cracking them is very time consuming and expensive. • File renaming and changing their extensions (e.g., changing DOCX into DLL, which is a known Windows system file type)
  • 41. • Attempts to destroy evidence through wiping the hard drive • securely using various software tools and techniques. • Removing history from the web browser upon exit and disabling
  • 42. • Physically damaged digital media; for example, we cannot retrieve • deleted files from a failed HDD before repairing it. • Sensitivity of digital evidence; if not handled carefully it might be destroyed. Heat, cold, moisture, magnetic fields, and even just dropping the media device can destroy it. • Easy alteration of digital evidence; for instance, if a computer is ON, you must leave it ON and acquire its volatile memory (if possible), but if the computer is OFF, leave it OFF to avoid changing any data.
  • 43. • Cybercrimes can cross boarders easily through the Internet, making the lack of cyberlaw standardization a major issue in this domain. • USB thumb drive that belongs to a suspect, but the data inside it is fully encrypted and protected with a password, the suspect can deny its ownership of this thumb, making the decryption process very difficult to achieve without the correct password/key file.
  • 44. Who Should Collect Digital Evidence? • Analytical thinking: This includes the ability to make correlations between different events/facts when investigating a crime. • Solid background in IT knowledge: This includes wide knowledge about different IT technologies, hardware devices, operating systems, and applications. This does not mean that an investigator should know how each technology works in detail.
  • 45. • Hacking skills: To solve a crime, you should think like a hacker. Knowing attack techniques and cybersecurity concepts is essential for a successful investigation. • Understanding of legal issues concerning digital crime investigations. • Excellent knowledge of technical skills related to digital
  • 46. • forensics like data recovery and acquisition and writing technical reports. • Online searching skills and ability to gather information from publicly available sources (i.e., OSINT).
  • 47. FIRST RESPONDENT TEAM The first responder is the first person to encounter a crime scene. A first responder has the expertise and skill to deal with the incident. The first responder may be an officer, security personnel, or a member of the IT staff or incident response team. Roles of First Respondent Team: 1. Identifying the crime scene 2. Protecting the crime scene 3. Preserving temporary and fragile evidence
  • 48. First Responder Toolkit • Crime scene tape. • Stick-on labels and ties. • Color marker pens. • Notepad. • Gloves. • Magnifying glass. • Flashlight.
  • 49. • Sealable bags of mixed size; should be antistatic bags to preserve evidence integrity. • Camera (can capture both video and images and must be configured to show the date/time when the capture happens). • Radio frequency-shielding material to prevent some types of seized devices (e.g., smartphones and tablets with SIM cards) from receiving calls or messages (also known as a Faraday shielding bag). This bag will also protect evidence against • Bootable CDs.
  • 50. • Lightning strikes and electrostatic discharges. • Chain of custody forms. • Secure sanitized external hard drive to store image of any digital exhibits. • USB hub.
  • 51. Locations of Electronic Evidence • Desktops • Laptops • Tablets • Servers and RAIDs • Network devices like hubs, switches, modems, routers, and wireless access points • Internet-enabled devices used in home automation (e.g., AC and smart refrigerator)
  • 52. • IoT devices • DVRs and surveillance systems • MP3 players • GPS devices • Smartphones
  • 53. • Game stations (Xbox, PlayStation, etc.) • Digital cameras • Smart cards • Pagers • Digital voice recorders • External hard drives • Flash/thumb drives • Printers • Scanners
  • 54. Chain of Custody • What is the digital evidence? (E.g., describe the acquired digital evidence.) • Where was the digital evidence found? (E.g., computer, tablet, cell phone, etc.; also to be included is the state of the computing device upon acquiring the digital evidence–ON or OFF?)
  • 55. • How was the digital evidence acquired? (E.g., tools used; you also need to mention the steps taken to preserve the integrity of evidence during the acquisition phase.) • When was the digital evidence accessed, by whom and for what reason? • How was the digital evidence used during the investigation?
  • 56. • How was the digital evidence transported, preserved, and handled? • How was the digital evidence examined? (E.g., any tools and techniques used.)
  • 57. Sample Chain of Custody Form
  • 58.
  • 60. Acquisition & Duplication Acquisition • Acquisition is the process of collecting digital evidence from an electronic media.
  • 61. Duplication • A forensic duplication is an accurate copy of data that is created with the goal of being admissible as evidence in legal proceedings. • We define forensic duplication as an image of every accessible bit from the source medium.
  • 62. Types of Duplication 1. Simple duplication • Copy selected data; file, folder, partition. 2. Forensic duplication • Every bit on the source is retained • Including deleted files
  • 63. Hashing & Write Protection Hashing is the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string. Hash value generation in digital forensic: • Generally, hash value is used to check the integrity of any data file but, in digital forensic it is used to check the integrity of evidence disk data. • The image of a disk is created in digital forensic for analysis so, it is necessary the image have exactly or replica of evidence disk. • The hash value generated during imaging should match when that image of evidence disk is extracted for detail analysis. In digital forensic hash value is generated for whole disk data not only single or multiple files.
  • 64. Hashes • MD5: 464668D58274A7840E264E8739884247 • SHA-1: 4698215F643BECFF6C6F3D2BF447ACE0C067149E • SHA-256: F2ADD4D612E23C9B18B0166BBDE1DB839BFB8A376ED01E32 FADB03A0D1B720C7 • SHA-384: 2707F06FE57800134129D8E10BBE08E2FEB622B76537A7C42 95802FBB94755BBEE814B101ED18CC2D0126BD66E5D77B6
  • 65. • SHA-512: C526BC709E2C771F9EC039C25965C91EAA3451A8CB43651A 4CD813F338235F495D37891DD25FE456FE2A8CA894576293 78BE63FB3A9A5AD54D9E11E4272D60C • RIPEMD-128: A868B98EAEC84891A7B7BA620EDDE621 • TIGER: F31A22CEED5848E69316649D4BAFBE8F9274DED53E25C02D • PANAMA: 7E703B1798A26A0AF21ECD661CBADB9C72B419455814CA7B 82E29EE0C03FA493
  • 67. Write Protection: Write protection is any physical mechanism that prevents modification or erasure of valuable data on a device.
  • 68.
  • 69.
  • 71. Analyzing & Investigating Deleted Data Data recovery is the extraction of data from damaged evidence sources in a forensically sound manner. This method of recovering data means that any evidence resulting from it can later be relied on in a court of law. Tools for recovering deleted Data:  Disk Drill  Recuva  MiniTool Power Data Recovery  Lazesoft
  • 73. Windows Log Analysis • In an event of a forensic investigation, Windows Event Logs serve as the primary source of evidence as the operating system logs every system activity. Windows Event Log analysis can help an investigator draw a timeline based on the logging information and the discovered artefacts. The information that needs to be logged depends upon the audit features that are turned on which means that the event logs can be turned off with the administrative privileges. From the forensic point of view, the Event Logs catch a lot of data.
  • 74. • The Windows Event Logs are used in forensics to reconstruct a timeline of events. • The main three components of event logs are: – Application – System – Security • On Windows Operating System, Logs are saved in root location %System32%winevtLogs. • When Maximum Log size is reached: – Oldest Events are Overwritten – Archive the Logs when full – If do not wish to overwrite the events, clear logs manually
  • 75. The type of events that are recorded can be any occurrence that affects the system: • An Incorrect Login Attempt, • A Hack, Breach, System Settings Modification, • An Application Failure, • System Failure etc. All these events are logged in the “%System32%/Winevt/Log”.
  • 76.
  • 77.
  • 78.
  • 79. Full Event Log View • https://www.nirsoft.net/utils/full_event_log_view.html#: ~:text=FullEventLogView%20is%20a%20simple%20tool, network%2C%20and%20events%20stored%20in%20.
  • 81. Kali Linux Password Reset 1. Boot your Kali system and let the GNU Grub page will appear. 2. On the GNU GRUB page select the * Advanced options for Kali GNU/Linux option by down arrow key and press enter. 3. Now simply select the second one Recovery mode option and press E key to go to recovery mode of Kali Linux. 4. To modify it just change read-only mode (ro) to rw (write mode) and add init=/bin/bash like below screenshot then press F10 to reboot the Kali Linux. 5. After rebooting the Kali Linux system, it will bring you the bellow screen to reset Kali Linux password.
  • 82. • To reset root password of Kali Linux system, simply type “passwd ” and hit the enter. Then type the new password twice for the root user. After successfully resetting Kali Linux lost password, you will see the succeed message*password update successfully*. Well reboot the system with reboot –f and log in with a newly changed password of root user.
  • 83.