SlideShare a Scribd company logo

Mobile_Forensics- General Introduction & Software.pptx

G
gouriuplenchwar63

This ppt is related with mobile forensic science where there is general introduction mobile forensics and associated terms. Some information regarding software used in mobile forensics.

Education
1 of 25
Download to read offline
Content • Definition • Principle • Understanding Mobile Forensics • Inside Mobile Devices • Steps in mobile forensics process • Mobile Device Tool Classification System • Mobile Phone Data Preservation
Definition • Mobile forensics is the process of acquisition and analysis of electronically stored information to support or contest a premise in court proceedings and civil or criminal investigations.
Principle: • The purpose of mobile forensics is to extract digital evidence or relevant data from a mobile device while maintaining forensic integrity.
Understanding Mobile Forensics People store a wealth of information on cell phones and mobile devices. • People don’t think about securing their mobile devices.  Items stored on mobile devices: • Incoming, outgoing, and missed calls , contact lists • SMS , application based text, and multimedia messaging content, Instant-messaging (IM) logs, E-mail • Pictures, videos, and audio files and sometimes voice mail messages, Voice recordings • Internet browsing history, Web pages , web content, cookies, search history, analytics information • To-do lists, notes, calendar entries, User dictionary content, ringtones • Documents, spreadsheets, presentation files and other user-created data • Passwords, passcodes, swipe codes, user account credentials • Historical geolocation data, cell phone tower related location data, Wi-Fi connection information • Data from various installed apps • System files, usage logs, error messages • Deleted data from all of the above Investigating cell phones and mobile devices is one of the most challenging tasks in digital forensics
Inside Mobile Devices  IMEI and IMSI • International Mobile Equipment Identifier • International Mobile Subscriber Identifier  Also MEID (Mobile Equipment Identifier) or ESN (electronic serial number)  Phones store system data in electronically erasable programmable read-only memory (EEPROM) • Enables service providers to reprogram phones without having to physically access memory chips  OS is stored in ROM • Nonvolatile memory
Inside Mobile Devices  Subscriber Identity Module (SIM) cards • Found most commonly in GSM (Global System for Mobile Communications) devices • GSM refers to mobile phones as “mobile stations” and divides a station into two parts: • The SIM card and the mobile equipment (ME) • Portability of information makes SIM cards versatile • Integrated Circuit Card Identifier(ICCID) • Identifies the subscriber to the network Stores service-related information • PIN – unlock the device • PUK – reset the PIN • Wipes phone is incorrectly entered > 10 time • Cipher Algorithm
Steps in the Mobile Forensics Process 1. Seizure • Digital forensics operates on the principle that evidence should always be adequately preserved, processed, and admissible in a court of law. Some legal consideration go hand in hand with the confiscation of mobile devices. • There are two major risks concerning this phase of the mobile forensic process: Lock activation (by user/suspect/inadvertent third party) and Network / Cellular connection. • Network isolation is always advisable, and it could be achieved either through: Airplane mode • Mobile devices are often seized switched on and since the purpose of their confiscation is to preserve evidence, the best way to transport them is to attempt to keep them turned on to avoid a shutdown, which would inevitably alter files. Faraday bag • A Faraday box/bag and external power supply are common types of equipment for conducting mobile forensics. While the former is a container specifically designed to isolate mobile devices from network communications and, at the same time, help with the safe transportation of evidence to the laboratory, the latter, is a power source embedded inside the Faraday box/bag. Before putting the phone in the Faraday bag, disconnect it from the network, disable all network connections (Wi-Fi, GPS, Hotspots, etc.), and activate the flight mode to protect the integrity of the evidence. Turn the device off • may activate authentication codes , complicating acquisition and delaying examination.
2. Acquisition Identification + extraction • The goal of this phase is to retrieve data from the mobile device. A locked screen can be unlocked with the right PIN, password, pattern, or biometrics. According to a ruling by the Virginia Circuit Court, passcodes are protected, fingerprints not. Also, similar lock measures may exist on apps, images, SMSs, or messengers. Encryption, on the other hand, provides security on a software and/or hardware level that is often impossible to circumvent. • It is hard to be in control of data on mobile devices because the data is mobile as well. Once communications or files are sent from a smartphone, control is lost. Although there are different devices having the capability to store considerable amounts of data, the data in itself may physically be in another location. To give an example, data synchronization among devices and applications can take place directly but also via the cloud. • Services such as Apple’s iCloud and Microsoft’s One Drive are prevalent among mobile device users, which leave open the possibility for data acquisition from there. For that reason, investigators should be attentive to any indications that data may transcend the mobile device as a physical object, because such an occurrence may affect the collection and even preservation process. • Since data is constantly being synchronized, hardware and software may be able to bridge the data gap. Consider Uber – it has both an app and a fully functional website. All the information that can be accessed through the Uber app on a phone may be pulled off the Uber website instead, or even the Uber software program installed on a computer.
• After one identifies the data sources, the next step is to collect the information properly. There are certain unique challenges concerning gathering information in the context of mobile technology. Many mobile devices cannot be collected by creating an image and instead they may have to undergo a process called acquisition of data. • Thera are various protocols for collecting data from mobile devices as certain design specifications may only allow one type of acquisition. • The forensic examiner should make a use of SIM Card imagining – a procedure that recreates a replica image of the SIM Card content. As with other replicas, the original evidence will remain intact while the replica image is being used for analysis. All image files should be hashed to ensure data remains accurate and unchanged. • Check these areas in the forensics lab : • Internal memory • SIM card • Removable or external memory cards • System server
3. Examination and analysis • As the first step of every digital investigation involving a mobile device(s), the forensic expert needs to identify:  Type of the mobile device(s) – e.g., GPS, smartphone, tablet, etc.  Type of network – GSM, CDMA, and TDMA  Carrier  Service provider (Reverse Lookup) • The examiner may need to use numerous forensic tools to acquire and analyze data residing in the machine. Due to the sheer diversity of mobile devices, there is no one-size-fits-all solution regarding mobile forensic tools. Consequently, it is advisable to use more than one tool for examination. The most appropriate tool(s) is being chosen depending on the type and model of mobile device. • Timeline and link analysis available in many mobile forensic tools could tie each of the most significant events, from a forensic analyst’s point of view.
Manual Extraction • A manual extraction method involves viewing the data content stored on a mobile device. • Browses data using the mobile device’s touchscreen or keypad. • Information of interest discovered on the phone is photographically documented. • This process of manual extraction is simple and applicable to almost every phone. • Furthermore, manual extraction is long and involves an excellent chance of human error. • Popular tools for manual extractions include:  Project-A-Phone  Fernico ZRT  EDEC Eclipse • Disadvantage:  it is impossible to recover deleted information.  very time consuming  data on the device may be modified, deleted or overwritten throughout the examination.
Logical Extraction • A logical extraction of data from a mobile phone collects the files and folders contained on the device without any unallocated space. Typically, data collected via a logical extraction includes messaging, pictures, video, audio, contacts, application data, some location data, internet history, search history, social media, and more. • Connectivity between a mobile device and the forensics workstation a connection using: • Wired (e.g., USB or RS-232). • Wireless (e.g., IrDA, WiFi, or Bluetooth) • Following the connecting part, the computer sends command requests to the device, and the device sends back data from its memory. The majority of forensic tools support logical extraction. • Deleted data is rarely accessible. • The tools used for logical extraction include: • XRY Logical • Oxygen • Lantern • Cellebrite UFED
• File System Extraction • A file system extraction is an extension of a logical extraction. It collects much of the same data as a logical extraction along with additional file system data. During a file system extraction, the forensic tool accesses the internal memory of the mobile phone, which means that the forensic software can collect system files, logs, and database files from the device that a logical acquisition cannot. • Most applications store their data in database files on a mobile phone. Since a file system extraction recovers more of these database files, more deleted data like database files and data related to application usage on the device can be recovered.
JTAG Method • JTAG is a non-invasive form of physical acquisition that could extract data from a mobile device even when data was difficult to access through software avenues because the device is damaged, locked or encrypted. The device, however, must be at least partially functional (minor damages would not hinder this method). • The process involves connecting to the Test Access Ports (TAPs) on a device and instructing the processor to transfer raw data stored on connected memory chips. This is a standard feature that one could come across in many mobile phone models, which provides mobile phone manufactures a low-level interface outside the operating system. • Digital forensic investigators take an interest in JTAG, as it can, in theory, allow direct access to the mobile device’s memory without jeopardizing it. Despite that fact, it is a labor-intensive, time-consuming procedure, and it requires advance knowledge (not only of JTAG for the model of the phone under investigation but also of how to arrange anew the resulting binary composed of the phone’s memory structures).
Hex Dump • Similar to JTAG, Hex dump is another method for physical extraction of raw information in binary format stored in memory. • The forensic professionals connect the device to a digital forensic workstation and pushes the boot-loader into the device, that instructs the device to dump its memory to the computer. • Resulting image is fairly technical in binary format and it requires a person having the technical education to analyze it. • This method is cost-efficient and provides more information to the investigators, including the recovery of phone’s deleted files and unallocated space including location information, email, messages, videos, photos, audio, applications, and almost any other data contained on a mobile phone. • The common tools used for hex dump include: XACT Cellebrite UFED Touch 2 and Physical analyzer Pandora’s Box
Chip-Off • A process that refers to obtaining data straight from the mobile device’s memory chip. • According to the preparations, the chip is detached from the device and a chip reader or a second phone is used to extract data stored on the device and create its binary image under investigation. It should be noted that this method is technically challenging because of the wide variety of chip types existing on the mobile market. • Also, the chip-off process is expensive, training is required, and the examiner should procure specific hardware to conduct de-soldering and heating of the memory chip. Bits and bytes of raw information that is retrieved from the memory are yet to be parsed, decoded, and interpreted. Even the smallest mistake may lead to physical damages to the memory chip, which, in effect, would render the data impossible to retrieve. • This method is costly and needs an ample data of hardware. • The whole process consists of five stages:  Detect the memory chip typology of the device  Physical extraction of the chip (for example, by unwelding it)  Interfacing of the chip using reading/programming software  Reading and transferring data from the chip to a PC  Interpretation of the acquired data (using reverse engineering)
Chip-Off • The popular tools and equipment’s used for chip-off include:  iSeasamo Phone Opening Tool  Xytronic 988D Solder Rework Station  FEITA Digital inspection station  Chip Epoxy Glue Remover  Circuit Board Holder
Micro Read • A Micro Read involves recording the physical observation of the gates on a NAND or NOR chip with the use of an electron microscope. • It is used after all other acquisition techniques have been exhausted. • Successful acquisition requires a team of • experts • proper equipment • time • in-depth knowledge of proprietary information • This method refers to manually taking an all-around view through the lenses of an electron microscope and analyzing data seen on the memory chip, more specifically the physical gates on the chip. In a nutshell, micro read is a method that demands utmost level of expertise, it is costly and time-consuming, and is reserved for serious national security crises.
Mobile Phone Data Preservation The mobile phone's integrity and the data on it need to be established to ensure that evidence is admissible in court. • Chain of Custody Evidence preservation aims to protect digital evidence from modification. This protection begins by ensuring that first responders, investigators, crime scene technicians, digital forensic experts, or anyone else who touches the device handles it properly. A chain of custody must be maintained throughout the entire life cycle of a case.
•Mathematical Hashing Algorithm The forensic data collection process from the mobile device is better called a "forensics extraction," as data is extracted from the device instead of a perfect bit-for-bit copy of the evidence item. With the mobile phone powered on, the forensic software cannot access some areas of data. However, data that is inaccessible because the mobile device is powered on is usually of little to no value evidentiary. Following the forensic copying comes the hashing process. A mathematical algorithm is run against the copied data, producing a unique hash value. This hash value can be thought of as a digital fingerprint, uniquely identifying the copied evidence exactly as it exists at that point in time.
Tools Mobile Forensics tools that examine CDMA, GSM, SIM and GPS. • Cellebrite UFED • Paraben Device Seizure • Paraben Sticks (Data Recovery, Phone Recovery Stick, Porn Stick) • Secure View • FTK • EnCase • Oxygen Forensics
Mobile_Forensics- General Introduction & Software.pptx

Recommended

Mobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu KhimaniMobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu Khimani
Dr Raghu Khimani
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensics
primeteacher32
 
E mail Investigation
E mail InvestigationE mail Investigation
E mail Investigation
Dr Raghu Khimani
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensics
noorashams
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics
abdullah roomi
 
Mobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityMobile Forensics and Cybersecurity
Mobile Forensics and Cybersecurity
Eric Vanderburg
 
[GITSN] intelligent eavesdropping detection system
[GITSN] intelligent eavesdropping detection system[GITSN] intelligent eavesdropping detection system
[GITSN] intelligent eavesdropping detection system
운상 조
 
Mobile forensic
Mobile forensicMobile forensic
Mobile forensic
DINESH KAMBLE
 

Recommended

Mobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu KhimaniMobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu Khimani
Dr Raghu Khimani
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensics
primeteacher32
 
E mail Investigation
E mail InvestigationE mail Investigation
E mail Investigation
Dr Raghu Khimani
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensics
noorashams
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics
abdullah roomi
 
Mobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityMobile Forensics and Cybersecurity
Mobile Forensics and Cybersecurity
Eric Vanderburg
 
[GITSN] intelligent eavesdropping detection system
[GITSN] intelligent eavesdropping detection system[GITSN] intelligent eavesdropping detection system
[GITSN] intelligent eavesdropping detection system
운상 조
 
Mobile forensic
Mobile forensicMobile forensic
Mobile forensic
DINESH KAMBLE
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
SCREAM138
 
Survillance description
Survillance descriptionSurvillance description
Survillance description
gururaj lulkarni
 
Cyber Forensics Module 2
Cyber Forensics Module 2Cyber Forensics Module 2
Cyber Forensics Module 2
Manu Mathew Cherian
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
Mithileysh Sathiyanarayanan
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics Overview
Yansi Keim
 
Shelton mobile forensics
Shelton mobile forensicsShelton mobile forensics
Shelton mobile forensics
i4box Anon
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1
Manu Mathew Cherian
 
Digital investigation
Digital investigationDigital investigation
Digital investigation
unnilala11
 
Introduction to e-Discovery
Introduction to e-Discovery Introduction to e-Discovery
Introduction to e-Discovery
Malla Reddy Donapati
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptx
Ambuj Kumar
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic toolsSonu Sunaliya
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
vishnuv43
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu Khimani
Dr Raghu Khimani
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsNicholas Davis
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital Forensics
Manik Bhola
 
SOK:An overview of data extraction techniques from mobile phones
SOK:An overview of data extraction techniques from mobile phonesSOK:An overview of data extraction techniques from mobile phones
SOK:An overview of data extraction techniques from mobile phones
Ashish Sutar
 
Collecting and preserving digital evidence
Collecting and preserving digital evidenceCollecting and preserving digital evidence
Collecting and preserving digital evidence
Online
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidence
rakesh mishra
 
03 Data Recovery - Notes
03 Data Recovery - Notes03 Data Recovery - Notes
03 Data Recovery - NotesKranthi
 
Mobile Forensics and Investigation Android Forensics
Mobile Forensics and Investigation Android ForensicsMobile Forensics and Investigation Android Forensics
Mobile Forensics and Investigation Android Forensics
Don Caeiro
 
Uncover important digital evidence with digital forensic tools
Uncover important digital evidence with digital forensic toolsUncover important digital evidence with digital forensic tools
Uncover important digital evidence with digital forensic tools
Paraben Corporation
 

More Related Content

What's hot

Computer forensics
Computer forensicsComputer forensics
Computer forensics
SCREAM138
 
Survillance description
Survillance descriptionSurvillance description
Survillance description
gururaj lulkarni
 
Cyber Forensics Module 2
Cyber Forensics Module 2Cyber Forensics Module 2
Cyber Forensics Module 2
Manu Mathew Cherian
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
Mithileysh Sathiyanarayanan
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics Overview
Yansi Keim
 
Shelton mobile forensics
Shelton mobile forensicsShelton mobile forensics
Shelton mobile forensics
i4box Anon
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1
Manu Mathew Cherian
 
Digital investigation
Digital investigationDigital investigation
Digital investigation
unnilala11
 
Introduction to e-Discovery
Introduction to e-Discovery Introduction to e-Discovery
Introduction to e-Discovery
Malla Reddy Donapati
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptx
Ambuj Kumar
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic toolsSonu Sunaliya
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
vishnuv43
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu Khimani
Dr Raghu Khimani
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital Forensics
Manik Bhola
 
SOK:An overview of data extraction techniques from mobile phones
SOK:An overview of data extraction techniques from mobile phonesSOK:An overview of data extraction techniques from mobile phones
SOK:An overview of data extraction techniques from mobile phones
Ashish Sutar
 
Collecting and preserving digital evidence
Collecting and preserving digital evidenceCollecting and preserving digital evidence
Collecting and preserving digital evidence
Online
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidence
rakesh mishra
 
03 Data Recovery - Notes
03 Data Recovery - Notes03 Data Recovery - Notes
03 Data Recovery - NotesKranthi
 

What's hot (20)

Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Survillance description
Survillance descriptionSurvillance description
Survillance description
 
Cyber Forensics Module 2
Cyber Forensics Module 2Cyber Forensics Module 2
Cyber Forensics Module 2
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics Overview
 
Shelton mobile forensics
Shelton mobile forensicsShelton mobile forensics
Shelton mobile forensics
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1
 
Digital investigation
Digital investigationDigital investigation
Digital investigation
 
Introduction to e-Discovery
Introduction to e-Discovery Introduction to e-Discovery
Introduction to e-Discovery
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptx
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu Khimani
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital Forensics
 
SOK:An overview of data extraction techniques from mobile phones
SOK:An overview of data extraction techniques from mobile phonesSOK:An overview of data extraction techniques from mobile phones
SOK:An overview of data extraction techniques from mobile phones
 
Collecting and preserving digital evidence
Collecting and preserving digital evidenceCollecting and preserving digital evidence
Collecting and preserving digital evidence
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidence
 
03 Data Recovery - Notes
03 Data Recovery - Notes03 Data Recovery - Notes
03 Data Recovery - Notes
 

Similar to Mobile_Forensics- General Introduction & Software.pptx

Mobile Forensics and Investigation Android Forensics
Mobile Forensics and Investigation Android ForensicsMobile Forensics and Investigation Android Forensics
Mobile Forensics and Investigation Android Forensics
Don Caeiro
 
Uncover important digital evidence with digital forensic tools
Uncover important digital evidence with digital forensic toolsUncover important digital evidence with digital forensic tools
Uncover important digital evidence with digital forensic tools
Paraben Corporation
 
ContentsMobile Forensic3Introduction3What It Is3How I.docx
ContentsMobile Forensic3Introduction3What It Is3How I.docxContentsMobile Forensic3Introduction3What It Is3How I.docx
ContentsMobile Forensic3Introduction3What It Is3How I.docx
richardnorman90310
 
Network Forensics- Social Media Forensics
Network Forensics- Social Media ForensicsNetwork Forensics- Social Media Forensics
Network Forensics- Social Media Forensics
Don Caeiro
 
Conceptual Study of Mobile Forensics
Conceptual Study of Mobile ForensicsConceptual Study of Mobile Forensics
Conceptual Study of Mobile Forensics
ijtsrd
 
Most promising cyber forensic solution providers from india forn sec solut...
Most promising cyber forensic solution providers from india forn sec solut...Most promising cyber forensic solution providers from india forn sec solut...
Most promising cyber forensic solution providers from india forn sec solut...
FORnSECSolutions
 
Best Cyber Crime Investigation Service Provider | Fornsec Solutions
Best Cyber Crime Investigation Service Provider | Fornsec SolutionsBest Cyber Crime Investigation Service Provider | Fornsec Solutions
Best Cyber Crime Investigation Service Provider | Fornsec Solutions
FORnSECSolutions
 
Internet of Things-ppt.pptx
Internet of Things-ppt.pptxInternet of Things-ppt.pptx
Internet of Things-ppt.pptx
SaonDey3
 
Presentation cyber forensics & ethical hacking
Presentation cyber forensics & ethical hackingPresentation cyber forensics & ethical hacking
Presentation cyber forensics & ethical hacking
Ambuj Kumar
 
Why cant all_data_be_the_same
Why cant all_data_be_the_sameWhy cant all_data_be_the_same
Why cant all_data_be_the_same
Skyler Lewis
 
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
NCCOMMS
 
CYBERFORENSICS
CYBERFORENSICSCYBERFORENSICS
CYBERFORENSICS
Dr. Prashant Vats
 
Smart phone and mobile phone risks
Smart phone and mobile phone risksSmart phone and mobile phone risks
Smart phone and mobile phone risks
Grant Thornton UK LLP
 
Computer Forensics (1).pptx
Computer Forensics (1).pptxComputer Forensics (1).pptx
Computer Forensics (1).pptx
Gautam708801
 
Lect 6 computer forensics
Lect 6 computer forensicsLect 6 computer forensics
Lect 6 computer forensics
Kabul Education University
 
Cyber forensics and auditing
Cyber forensics and auditingCyber forensics and auditing
Cyber forensics and auditing
Sweta Kumari Barnwal
 
New research directions in the area of
New research directions in the area ofNew research directions in the area of
New research directions in the area of
IJCNCJournal
 
Firewalls
FirewallsFirewalls
Firewalls
Prashant kumar
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkitMilap Oza
 
Ch15 power point
Ch15 power pointCh15 power point
Ch15 power pointbodo-con
 

Similar to Mobile_Forensics- General Introduction & Software.pptx (20)

Mobile Forensics and Investigation Android Forensics
Mobile Forensics and Investigation Android ForensicsMobile Forensics and Investigation Android Forensics
Mobile Forensics and Investigation Android Forensics
 
Uncover important digital evidence with digital forensic tools
Uncover important digital evidence with digital forensic toolsUncover important digital evidence with digital forensic tools
Uncover important digital evidence with digital forensic tools
 
ContentsMobile Forensic3Introduction3What It Is3How I.docx
ContentsMobile Forensic3Introduction3What It Is3How I.docxContentsMobile Forensic3Introduction3What It Is3How I.docx
ContentsMobile Forensic3Introduction3What It Is3How I.docx
 
Network Forensics- Social Media Forensics
Network Forensics- Social Media ForensicsNetwork Forensics- Social Media Forensics
Network Forensics- Social Media Forensics
 
Conceptual Study of Mobile Forensics
Conceptual Study of Mobile ForensicsConceptual Study of Mobile Forensics
Conceptual Study of Mobile Forensics
 
Most promising cyber forensic solution providers from india forn sec solut...
Most promising cyber forensic solution providers from india forn sec solut...Most promising cyber forensic solution providers from india forn sec solut...
Most promising cyber forensic solution providers from india forn sec solut...
 
Best Cyber Crime Investigation Service Provider | Fornsec Solutions
Best Cyber Crime Investigation Service Provider | Fornsec SolutionsBest Cyber Crime Investigation Service Provider | Fornsec Solutions
Best Cyber Crime Investigation Service Provider | Fornsec Solutions
 
Internet of Things-ppt.pptx
Internet of Things-ppt.pptxInternet of Things-ppt.pptx
Internet of Things-ppt.pptx
 
Presentation cyber forensics & ethical hacking
Presentation cyber forensics & ethical hackingPresentation cyber forensics & ethical hacking
Presentation cyber forensics & ethical hacking
 
Why cant all_data_be_the_same
Why cant all_data_be_the_sameWhy cant all_data_be_the_same
Why cant all_data_be_the_same
 
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
 
CYBERFORENSICS
CYBERFORENSICSCYBERFORENSICS
CYBERFORENSICS
 
Smart phone and mobile phone risks
Smart phone and mobile phone risksSmart phone and mobile phone risks
Smart phone and mobile phone risks
 
Computer Forensics (1).pptx
Computer Forensics (1).pptxComputer Forensics (1).pptx
Computer Forensics (1).pptx
 
Lect 6 computer forensics
Lect 6 computer forensicsLect 6 computer forensics
Lect 6 computer forensics
 
Cyber forensics and auditing
Cyber forensics and auditingCyber forensics and auditing
Cyber forensics and auditing
 
New research directions in the area of
New research directions in the area ofNew research directions in the area of
New research directions in the area of
 
Firewalls
FirewallsFirewalls
Firewalls
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
 
Ch15 power point
Ch15 power pointCh15 power point
Ch15 power point
 

Recently uploaded

Basic phrases for greeting and assisting costumers
Basic phrases for greeting and assisting costumersBasic phrases for greeting and assisting costumers
Basic phrases for greeting and assisting costumers
PedroFerreira53928
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
MysoreMuleSoftMeetup
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
MIRIAMSALINAS13
 
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxStudents, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
EduSkills OECD
 
The French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free downloadThe French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free download
Vivekanand Anglo Vedic Academy
 
Ethnobotany and Ethnopharmacology ......
Ethnobotany and Ethnopharmacology ......Ethnobotany and Ethnopharmacology ......
Ethnobotany and Ethnopharmacology ......
Ashokrao Mane college of Pharmacy Peth-Vadgaon
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
EverAndrsGuerraGuerr
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
JosvitaDsouza2
 
The Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdfThe Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdf
kaushalkr1407
 
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfWelcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
TechSoup
 
PART A. Introduction to Costumer Service
PART A. Introduction to Costumer ServicePART A. Introduction to Costumer Service
PART A. Introduction to Costumer Service
PedroFerreira53928
 
How to Break the cycle of negative Thoughts
How to Break the cycle of negative ThoughtsHow to Break the cycle of negative Thoughts
How to Break the cycle of negative Thoughts
Col Mukteshwar Prasad
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
Celine George
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
siemaillard
 
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdfUnit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Thiyagu K
 
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptxMARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
bennyroshan06
 
Fish and Chips - have they had their chips
Fish and Chips - have they had their chipsFish and Chips - have they had their chips
Fish and Chips - have they had their chips
GeoBlogs
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
Delapenabediema
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
DeeptiGupta154
 

Recently uploaded (20)

Basic phrases for greeting and assisting costumers
Basic phrases for greeting and assisting costumersBasic phrases for greeting and assisting costumers
Basic phrases for greeting and assisting costumers
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
 
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxStudents, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
 
The French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free downloadThe French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free download
 
Ethnobotany and Ethnopharmacology ......
Ethnobotany and Ethnopharmacology ......Ethnobotany and Ethnopharmacology ......
Ethnobotany and Ethnopharmacology ......
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
 
The Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdfThe Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdf
 
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfWelcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
 
PART A. Introduction to Costumer Service
PART A. Introduction to Costumer ServicePART A. Introduction to Costumer Service
PART A. Introduction to Costumer Service
 
How to Break the cycle of negative Thoughts
How to Break the cycle of negative ThoughtsHow to Break the cycle of negative Thoughts
How to Break the cycle of negative Thoughts
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdfUnit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdf
 
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptxMARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
 
Fish and Chips - have they had their chips
Fish and Chips - have they had their chipsFish and Chips - have they had their chips
Fish and Chips - have they had their chips
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
 

Mobile_Forensics- General Introduction & Software.pptx

  • 1.
  • 2. Content • Definition • Principle • Understanding Mobile Forensics • Inside Mobile Devices • Steps in mobile forensics process • Mobile Device Tool Classification System • Mobile Phone Data Preservation
  • 3. Definition • Mobile forensics is the process of acquisition and analysis of electronically stored information to support or contest a premise in court proceedings and civil or criminal investigations.
  • 4. Principle: • The purpose of mobile forensics is to extract digital evidence or relevant data from a mobile device while maintaining forensic integrity.
  • 5. Understanding Mobile Forensics People store a wealth of information on cell phones and mobile devices. • People don’t think about securing their mobile devices.  Items stored on mobile devices: • Incoming, outgoing, and missed calls , contact lists • SMS , application based text, and multimedia messaging content, Instant-messaging (IM) logs, E-mail • Pictures, videos, and audio files and sometimes voice mail messages, Voice recordings • Internet browsing history, Web pages , web content, cookies, search history, analytics information • To-do lists, notes, calendar entries, User dictionary content, ringtones • Documents, spreadsheets, presentation files and other user-created data • Passwords, passcodes, swipe codes, user account credentials • Historical geolocation data, cell phone tower related location data, Wi-Fi connection information • Data from various installed apps • System files, usage logs, error messages • Deleted data from all of the above Investigating cell phones and mobile devices is one of the most challenging tasks in digital forensics
  • 6. Inside Mobile Devices  IMEI and IMSI • International Mobile Equipment Identifier • International Mobile Subscriber Identifier  Also MEID (Mobile Equipment Identifier) or ESN (electronic serial number)  Phones store system data in electronically erasable programmable read-only memory (EEPROM) • Enables service providers to reprogram phones without having to physically access memory chips  OS is stored in ROM • Nonvolatile memory
  • 7. Inside Mobile Devices  Subscriber Identity Module (SIM) cards • Found most commonly in GSM (Global System for Mobile Communications) devices • GSM refers to mobile phones as “mobile stations” and divides a station into two parts: • The SIM card and the mobile equipment (ME) • Portability of information makes SIM cards versatile • Integrated Circuit Card Identifier(ICCID) • Identifies the subscriber to the network Stores service-related information • PIN – unlock the device • PUK – reset the PIN • Wipes phone is incorrectly entered > 10 time • Cipher Algorithm
  • 8. Steps in the Mobile Forensics Process 1. Seizure • Digital forensics operates on the principle that evidence should always be adequately preserved, processed, and admissible in a court of law. Some legal consideration go hand in hand with the confiscation of mobile devices. • There are two major risks concerning this phase of the mobile forensic process: Lock activation (by user/suspect/inadvertent third party) and Network / Cellular connection. • Network isolation is always advisable, and it could be achieved either through: Airplane mode • Mobile devices are often seized switched on and since the purpose of their confiscation is to preserve evidence, the best way to transport them is to attempt to keep them turned on to avoid a shutdown, which would inevitably alter files. Faraday bag • A Faraday box/bag and external power supply are common types of equipment for conducting mobile forensics. While the former is a container specifically designed to isolate mobile devices from network communications and, at the same time, help with the safe transportation of evidence to the laboratory, the latter, is a power source embedded inside the Faraday box/bag. Before putting the phone in the Faraday bag, disconnect it from the network, disable all network connections (Wi-Fi, GPS, Hotspots, etc.), and activate the flight mode to protect the integrity of the evidence. Turn the device off • may activate authentication codes , complicating acquisition and delaying examination.
  • 9. 2. Acquisition Identification + extraction • The goal of this phase is to retrieve data from the mobile device. A locked screen can be unlocked with the right PIN, password, pattern, or biometrics. According to a ruling by the Virginia Circuit Court, passcodes are protected, fingerprints not. Also, similar lock measures may exist on apps, images, SMSs, or messengers. Encryption, on the other hand, provides security on a software and/or hardware level that is often impossible to circumvent. • It is hard to be in control of data on mobile devices because the data is mobile as well. Once communications or files are sent from a smartphone, control is lost. Although there are different devices having the capability to store considerable amounts of data, the data in itself may physically be in another location. To give an example, data synchronization among devices and applications can take place directly but also via the cloud. • Services such as Apple’s iCloud and Microsoft’s One Drive are prevalent among mobile device users, which leave open the possibility for data acquisition from there. For that reason, investigators should be attentive to any indications that data may transcend the mobile device as a physical object, because such an occurrence may affect the collection and even preservation process. • Since data is constantly being synchronized, hardware and software may be able to bridge the data gap. Consider Uber – it has both an app and a fully functional website. All the information that can be accessed through the Uber app on a phone may be pulled off the Uber website instead, or even the Uber software program installed on a computer.
  • 10. • After one identifies the data sources, the next step is to collect the information properly. There are certain unique challenges concerning gathering information in the context of mobile technology. Many mobile devices cannot be collected by creating an image and instead they may have to undergo a process called acquisition of data. • Thera are various protocols for collecting data from mobile devices as certain design specifications may only allow one type of acquisition. • The forensic examiner should make a use of SIM Card imagining – a procedure that recreates a replica image of the SIM Card content. As with other replicas, the original evidence will remain intact while the replica image is being used for analysis. All image files should be hashed to ensure data remains accurate and unchanged. • Check these areas in the forensics lab : • Internal memory • SIM card • Removable or external memory cards • System server
  • 11. 3. Examination and analysis • As the first step of every digital investigation involving a mobile device(s), the forensic expert needs to identify:  Type of the mobile device(s) – e.g., GPS, smartphone, tablet, etc.  Type of network – GSM, CDMA, and TDMA  Carrier  Service provider (Reverse Lookup) • The examiner may need to use numerous forensic tools to acquire and analyze data residing in the machine. Due to the sheer diversity of mobile devices, there is no one-size-fits-all solution regarding mobile forensic tools. Consequently, it is advisable to use more than one tool for examination. The most appropriate tool(s) is being chosen depending on the type and model of mobile device. • Timeline and link analysis available in many mobile forensic tools could tie each of the most significant events, from a forensic analyst’s point of view.
  • 12.
  • 13. Manual Extraction • A manual extraction method involves viewing the data content stored on a mobile device. • Browses data using the mobile device’s touchscreen or keypad. • Information of interest discovered on the phone is photographically documented. • This process of manual extraction is simple and applicable to almost every phone. • Furthermore, manual extraction is long and involves an excellent chance of human error. • Popular tools for manual extractions include:  Project-A-Phone  Fernico ZRT  EDEC Eclipse • Disadvantage:  it is impossible to recover deleted information.  very time consuming  data on the device may be modified, deleted or overwritten throughout the examination.
  • 14.
  • 15. Logical Extraction • A logical extraction of data from a mobile phone collects the files and folders contained on the device without any unallocated space. Typically, data collected via a logical extraction includes messaging, pictures, video, audio, contacts, application data, some location data, internet history, search history, social media, and more. • Connectivity between a mobile device and the forensics workstation a connection using: • Wired (e.g., USB or RS-232). • Wireless (e.g., IrDA, WiFi, or Bluetooth) • Following the connecting part, the computer sends command requests to the device, and the device sends back data from its memory. The majority of forensic tools support logical extraction. • Deleted data is rarely accessible. • The tools used for logical extraction include: • XRY Logical • Oxygen • Lantern • Cellebrite UFED
  • 16. • File System Extraction • A file system extraction is an extension of a logical extraction. It collects much of the same data as a logical extraction along with additional file system data. During a file system extraction, the forensic tool accesses the internal memory of the mobile phone, which means that the forensic software can collect system files, logs, and database files from the device that a logical acquisition cannot. • Most applications store their data in database files on a mobile phone. Since a file system extraction recovers more of these database files, more deleted data like database files and data related to application usage on the device can be recovered.
  • 17. JTAG Method • JTAG is a non-invasive form of physical acquisition that could extract data from a mobile device even when data was difficult to access through software avenues because the device is damaged, locked or encrypted. The device, however, must be at least partially functional (minor damages would not hinder this method). • The process involves connecting to the Test Access Ports (TAPs) on a device and instructing the processor to transfer raw data stored on connected memory chips. This is a standard feature that one could come across in many mobile phone models, which provides mobile phone manufactures a low-level interface outside the operating system. • Digital forensic investigators take an interest in JTAG, as it can, in theory, allow direct access to the mobile device’s memory without jeopardizing it. Despite that fact, it is a labor-intensive, time-consuming procedure, and it requires advance knowledge (not only of JTAG for the model of the phone under investigation but also of how to arrange anew the resulting binary composed of the phone’s memory structures).
  • 18. Hex Dump • Similar to JTAG, Hex dump is another method for physical extraction of raw information in binary format stored in memory. • The forensic professionals connect the device to a digital forensic workstation and pushes the boot-loader into the device, that instructs the device to dump its memory to the computer. • Resulting image is fairly technical in binary format and it requires a person having the technical education to analyze it. • This method is cost-efficient and provides more information to the investigators, including the recovery of phone’s deleted files and unallocated space including location information, email, messages, videos, photos, audio, applications, and almost any other data contained on a mobile phone. • The common tools used for hex dump include: XACT Cellebrite UFED Touch 2 and Physical analyzer Pandora’s Box
  • 19. Chip-Off • A process that refers to obtaining data straight from the mobile device’s memory chip. • According to the preparations, the chip is detached from the device and a chip reader or a second phone is used to extract data stored on the device and create its binary image under investigation. It should be noted that this method is technically challenging because of the wide variety of chip types existing on the mobile market. • Also, the chip-off process is expensive, training is required, and the examiner should procure specific hardware to conduct de-soldering and heating of the memory chip. Bits and bytes of raw information that is retrieved from the memory are yet to be parsed, decoded, and interpreted. Even the smallest mistake may lead to physical damages to the memory chip, which, in effect, would render the data impossible to retrieve. • This method is costly and needs an ample data of hardware. • The whole process consists of five stages:  Detect the memory chip typology of the device  Physical extraction of the chip (for example, by unwelding it)  Interfacing of the chip using reading/programming software  Reading and transferring data from the chip to a PC  Interpretation of the acquired data (using reverse engineering)
  • 20. Chip-Off • The popular tools and equipment’s used for chip-off include:  iSeasamo Phone Opening Tool  Xytronic 988D Solder Rework Station  FEITA Digital inspection station  Chip Epoxy Glue Remover  Circuit Board Holder
  • 21. Micro Read • A Micro Read involves recording the physical observation of the gates on a NAND or NOR chip with the use of an electron microscope. • It is used after all other acquisition techniques have been exhausted. • Successful acquisition requires a team of • experts • proper equipment • time • in-depth knowledge of proprietary information • This method refers to manually taking an all-around view through the lenses of an electron microscope and analyzing data seen on the memory chip, more specifically the physical gates on the chip. In a nutshell, micro read is a method that demands utmost level of expertise, it is costly and time-consuming, and is reserved for serious national security crises.
  • 22. Mobile Phone Data Preservation The mobile phone's integrity and the data on it need to be established to ensure that evidence is admissible in court. • Chain of Custody Evidence preservation aims to protect digital evidence from modification. This protection begins by ensuring that first responders, investigators, crime scene technicians, digital forensic experts, or anyone else who touches the device handles it properly. A chain of custody must be maintained throughout the entire life cycle of a case.
  • 23. •Mathematical Hashing Algorithm The forensic data collection process from the mobile device is better called a "forensics extraction," as data is extracted from the device instead of a perfect bit-for-bit copy of the evidence item. With the mobile phone powered on, the forensic software cannot access some areas of data. However, data that is inaccessible because the mobile device is powered on is usually of little to no value evidentiary. Following the forensic copying comes the hashing process. A mathematical algorithm is run against the copied data, producing a unique hash value. This hash value can be thought of as a digital fingerprint, uniquely identifying the copied evidence exactly as it exists at that point in time.
  • 24. Tools Mobile Forensics tools that examine CDMA, GSM, SIM and GPS. • Cellebrite UFED • Paraben Device Seizure • Paraben Sticks (Data Recovery, Phone Recovery Stick, Porn Stick) • Secure View • FTK • EnCase • Oxygen Forensics