This ppt is related with mobile forensic science where there is general introduction mobile forensics and associated terms. Some information regarding software used in mobile forensics.
Mobile Phone Basics, Inside Mobile Devices, Digital Networks, Mobile Phone Seizure, Mobile Phone Examination, Mobile Forensics Equipment, Cell Seizure Tool, SIMIS, XRY,
Mobile forensics is a branch of digital forensics. Simply, it is a science of recovering different kinds of evidence from mobile phones. It helps investigators significantly to reach to the criminal.
Mobile device usage has skyrocketed in enterprises and so have the risks. Eric Vanderburg and Trevor Tucker discuss the evidentiary value of mobile forensics, its limitations, and how cybersecurity can ensure the processes, procedures, and controls necessary to protect mobile devices and organizational data. This helps companies and attorneys to be better prepared for investigations and associated legal implications of mobile use in the enterprise.
Mobile Phone Basics, Inside Mobile Devices, Digital Networks, Mobile Phone Seizure, Mobile Phone Examination, Mobile Forensics Equipment, Cell Seizure Tool, SIMIS, XRY,
Mobile forensics is a branch of digital forensics. Simply, it is a science of recovering different kinds of evidence from mobile phones. It helps investigators significantly to reach to the criminal.
Mobile device usage has skyrocketed in enterprises and so have the risks. Eric Vanderburg and Trevor Tucker discuss the evidentiary value of mobile forensics, its limitations, and how cybersecurity can ensure the processes, procedures, and controls necessary to protect mobile devices and organizational data. This helps companies and attorneys to be better prepared for investigations and associated legal implications of mobile use in the enterprise.
Types of Computer Forensics Technology, Types of Military Computer Forensic Technology, Types of Law Enforcement, Computer Forensic Technology, Types of Business Computer Forensic Technology, Specialized Forensics Techniques, Hidden Data and How to Find It, Spyware and Adware, Encryption Methods and Vulnerabilities, Protecting Data from Being Compromised Internet Tracing Methods, Security and Wireless Technologies, Avoiding Pitfalls with Firewalls Biometric Security Systems
Introduction to Cyber forensics: Information Security Investigations, Corporate Cyber Forensics, Scientific method in forensic analysis, investigating large scale Data breach cases.
Analyzing Malicious software.
Digital Forensics is the use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence derived from digital devices.
What is digital evidence? , sources of digital evidence, types of digital evidence, the procedure for collecting digital evidence, records, digital vs physical evidence, controlling contamination.
SOK:An overview of data extraction techniques from mobile phonesAshish Sutar
The article gives an overview of data extraction techniques from Mobile phones. This will help to new forensic investigators as well as forensic analysts to learn these techniques in detail subsequently.
Uncover important digital evidence with digital forensic toolsParaben Corporation
Digital forensic experts identify, preserve, analyze and present the digital evidence to help solve the crime cases efficiently. Most of them use forensics tools by Paraben Corporation, an alternative to Magnet digital forensics to get the results effectively.
Types of Computer Forensics Technology, Types of Military Computer Forensic Technology, Types of Law Enforcement, Computer Forensic Technology, Types of Business Computer Forensic Technology, Specialized Forensics Techniques, Hidden Data and How to Find It, Spyware and Adware, Encryption Methods and Vulnerabilities, Protecting Data from Being Compromised Internet Tracing Methods, Security and Wireless Technologies, Avoiding Pitfalls with Firewalls Biometric Security Systems
Introduction to Cyber forensics: Information Security Investigations, Corporate Cyber Forensics, Scientific method in forensic analysis, investigating large scale Data breach cases.
Analyzing Malicious software.
Digital Forensics is the use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence derived from digital devices.
What is digital evidence? , sources of digital evidence, types of digital evidence, the procedure for collecting digital evidence, records, digital vs physical evidence, controlling contamination.
SOK:An overview of data extraction techniques from mobile phonesAshish Sutar
The article gives an overview of data extraction techniques from Mobile phones. This will help to new forensic investigators as well as forensic analysts to learn these techniques in detail subsequently.
Uncover important digital evidence with digital forensic toolsParaben Corporation
Digital forensic experts identify, preserve, analyze and present the digital evidence to help solve the crime cases efficiently. Most of them use forensics tools by Paraben Corporation, an alternative to Magnet digital forensics to get the results effectively.
ContentsMobile Forensic3Introduction3What It Is3How I.docxrichardnorman90310
Contents
Mobile Forensic 3
Introduction 3
What It Is 3
How It's Used 3
Steps in Mobile forensics 4
Seizure 4
Airplane mode 4
Phone jammer 4
Faraday bag 4
Acquisition 5
Examination and analysis 6
Invasive methods 6
Chip-off 6
Micro read 7
Case study 7
CSI wife killers case Ireland 7
Phone evidence settled the conviction of a liar and a wife-killer 7
Mobile records checking 8
Conclusion 9
References 10
Mobile Forensic
Introduction
Mobile forensics is obtaining information on a mobile device such as a smartphone or tablet. The technology has grown in sophistication, and it can be used to uncover hidden content on devices, including text messages, apps and wifi connections. Mobile forensics goes beyond mere wireless security breaches. Today's mobile forensic tools can uncover true digital evidence and unlock devices with few endpoints or no recovery partitions to access."
The importance of mobile forensics is rising in the connected world of today. Discover further regarding mobile forensics, its applications, and the significance and procedures of a mobile investigation with a strong forensic foundation in this course.What It Is
Mobile forensics is a digital forensics subfield that focuses well on data extraction from electronic origin. Recovery of evidence from portable digital devices such as tablets, smartwatches, and smartphones is the focus of mobile forensics. Mobile devices are used by numerous people these days, so it seems reasonable that they would hold a large quantity of evidence that might be helpful to investigators. These gadgets search for data and collect and transmit data (Moreb, 2022).
Mobile devices can reveal numerous important pieces of information, such as messages, GPS data, call logs, and internet search activity that discloses the owner's probable whereabouts anywhere at any given moment.How It's Used
The secret to gathering digital evidence is following forensically sound procedures, regardless of who utilizes mobile forensics or how it is applied. According to Duke University's Electronic Discovery Reference Model, the word "forensically sound" refers to "procedures employed for gathering electronic information in a way that assures it is "as originally discovered" and is dependable enough to be allowed into evidence."
This implies that mobile evidence is treated so that it will be admissible in court and that it is not compromised during the forensic procedure. The idea of being forensically sound is based on the fundamental idea that transportable evidence should be kept in the same condition as when it was first discovered.
A defined procedure that helps to guarantee law enforcement or anyone collecting the data follows best practices for doing so lies behind forensically sound mobile evidence collection. Let's examine those actions (
Kumar, 2021,p.102).
Steps in Mobile forensics
Seizure
The cornerstone of digital forensics is the principle that evid.
The use of digital devices in day to day life has increased tremendously. Mobile devices have become an vital part of our day to day routine and they are prone to facilitating illegal activity or otherwise being involved when crimes occur. Whereas computers, laptops, servers, and gaming devices might have many users, in the vast majority of cases, mobile devices generally belong to an individual. The science behind recovering digital evidence from mobile phones is called mobile forensics. Digital evidence is defined as data and information that is stored on, received, or transmitted by an electronic device that is used for investigations. Digital evidence encompasses any and all digital data that can be used as evidence in a case. Mobile devices present many challenges from a forensic viewpoint. With new models being developed each day, it is extremely difficult to develop a single process or tool to address all the possibilities an investigator may face. Court cases also need to be taken into consideration as mobile devices are being seized and analyzed. Mr. I. A. Attar | Mr. M. M. Kapale "Conceptual Study of Mobile Forensics" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-1 , December 2019, URL: https://www.ijtsrd.com/papers/ijtsrd29476.pdfPaper URL: https://www.ijtsrd.com/computer-science/world-wide-web/29476/conceptual-study-of-mobile-forensics/mr-i-a-attar
Talk from Kim Thomson, Python at the Point, July 19, 2018, talking about the mobile forensics world, data extraction software and Python's role in all of it.
Your mobile knows a lot about you and that brings a number of business risks – security breaches from company data held in emails or business apps, for example. We highlight the data and security risks of the phone in your pocket. -
See more at: http://www.grant-thornton.co.uk/en/Thinking/Beware-the-secrets-held-in-your-smartphone-/?previouspage=7260
CYBER FORENSICS AND AUDITING
Topics Covered: Introduction to Cyber Forensics, Computer Equipment and associated storage, media Role of forensics Investigator, Forensics Investigation Process, Collecting Network based Evidence Writing, Computer Forensics Reports, Auditing, Plan an audit against a set of audit criteria, Information Security Management, System Management. Introduction to ISO 27001:2013
New research directions in the area ofIJCNCJournal
The proliferation of smart mobile phones with diverse features makes it possible to increase their use in
criminal activities. The fast technological evolution and presence of different smart phones and their
proprietary operating systems pose great difficulties for investigators and law enforcement officials to
choose the best tool for forensics examination, accurate recovery and speedy analysis of data present on
smart phones. This paper presents a literature review on smart phone forensic techniques for different
platform. As a result of comprehensive analysis of these techniques, it has been found that there is no
generic forensic technique or tool available which can perform the forensic analysis of all currently
available different smart phones. Further, there is a need to develop a generic technique for forensic
analysis of a variety of different smart phones. This generic technique should perform the forensic of
currently available different smart phones on the crime scene without need to attach the smart phone with
computer. Further, it will help the investigators to do their jobs easily and more efficiently. The proposed
technique need to be implemented and tested on different smart phones to validate its performance and
accuracy.
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxEduSkills OECD
Andreas Schleicher presents at the OECD webinar ‘Digital devices in schools: detrimental distraction or secret to success?’ on 27 May 2024. The presentation was based on findings from PISA 2022 results and the webinar helped launch the PISA in Focus ‘Managing screen time: How to protect and equip students against distraction’ https://www.oecd-ilibrary.org/education/managing-screen-time_7c225af4-en and the OECD Education Policy Perspective ‘Students, digital devices and success’ can be found here - https://oe.cd/il/5yV
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
Ethnobotany and Ethnopharmacology:
Ethnobotany in herbal drug evaluation,
Impact of Ethnobotany in traditional medicine,
New development in herbals,
Bio-prospecting tools for drug discovery,
Role of Ethnopharmacology in drug evaluation,
Reverse Pharmacology.
The Roman Empire A Historical Colossus.pdfkaushalkr1407
The Roman Empire, a vast and enduring power, stands as one of history's most remarkable civilizations, leaving an indelible imprint on the world. It emerged from the Roman Republic, transitioning into an imperial powerhouse under the leadership of Augustus Caesar in 27 BCE. This transformation marked the beginning of an era defined by unprecedented territorial expansion, architectural marvels, and profound cultural influence.
The empire's roots lie in the city of Rome, founded, according to legend, by Romulus in 753 BCE. Over centuries, Rome evolved from a small settlement to a formidable republic, characterized by a complex political system with elected officials and checks on power. However, internal strife, class conflicts, and military ambitions paved the way for the end of the Republic. Julius Caesar’s dictatorship and subsequent assassination in 44 BCE created a power vacuum, leading to a civil war. Octavian, later Augustus, emerged victorious, heralding the Roman Empire’s birth.
Under Augustus, the empire experienced the Pax Romana, a 200-year period of relative peace and stability. Augustus reformed the military, established efficient administrative systems, and initiated grand construction projects. The empire's borders expanded, encompassing territories from Britain to Egypt and from Spain to the Euphrates. Roman legions, renowned for their discipline and engineering prowess, secured and maintained these vast territories, building roads, fortifications, and cities that facilitated control and integration.
The Roman Empire’s society was hierarchical, with a rigid class system. At the top were the patricians, wealthy elites who held significant political power. Below them were the plebeians, free citizens with limited political influence, and the vast numbers of slaves who formed the backbone of the economy. The family unit was central, governed by the paterfamilias, the male head who held absolute authority.
Culturally, the Romans were eclectic, absorbing and adapting elements from the civilizations they encountered, particularly the Greeks. Roman art, literature, and philosophy reflected this synthesis, creating a rich cultural tapestry. Latin, the Roman language, became the lingua franca of the Western world, influencing numerous modern languages.
Roman architecture and engineering achievements were monumental. They perfected the arch, vault, and dome, constructing enduring structures like the Colosseum, Pantheon, and aqueducts. These engineering marvels not only showcased Roman ingenuity but also served practical purposes, from public entertainment to water supply.
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfTechSoup
In this webinar you will learn how your organization can access TechSoup's wide variety of product discount and donation programs. From hardware to software, we'll give you a tour of the tools available to help your nonprofit with productivity, collaboration, financial management, donor tracking, security, and more.
We all have good and bad thoughts from time to time and situation to situation. We are bombarded daily with spiraling thoughts(both negative and positive) creating all-consuming feel , making us difficult to manage with associated suffering. Good thoughts are like our Mob Signal (Positive thought) amidst noise(negative thought) in the atmosphere. Negative thoughts like noise outweigh positive thoughts. These thoughts often create unwanted confusion, trouble, stress and frustration in our mind as well as chaos in our physical world. Negative thoughts are also known as “distorted thinking”.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
Overview on Edible Vaccine: Pros & Cons with Mechanism
Mobile_Forensics- General Introduction & Software.pptx
1.
2. Content
• Definition
• Principle
• Understanding Mobile Forensics
• Inside Mobile Devices
• Steps in mobile forensics process
• Mobile Device Tool Classification System
• Mobile Phone Data Preservation
3. Definition
• Mobile forensics is the process of acquisition and analysis of
electronically stored information to support or contest a premise in
court proceedings and civil or criminal investigations.
4. Principle:
• The purpose of mobile forensics is to extract digital evidence or
relevant data from a mobile device while maintaining forensic
integrity.
5. Understanding Mobile Forensics
People store a wealth of information on cell phones and mobile devices.
• People don’t think about securing their mobile devices.
Items stored on mobile devices:
• Incoming, outgoing, and missed calls , contact lists
• SMS , application based text, and multimedia messaging content, Instant-messaging (IM) logs, E-mail
• Pictures, videos, and audio files and sometimes voice mail messages, Voice recordings
• Internet browsing history, Web pages , web content, cookies, search history, analytics information
• To-do lists, notes, calendar entries, User dictionary content, ringtones
• Documents, spreadsheets, presentation files and other user-created data
• Passwords, passcodes, swipe codes, user account credentials
• Historical geolocation data, cell phone tower related location data, Wi-Fi connection information
• Data from various installed apps
• System files, usage logs, error messages
• Deleted data from all of the above
Investigating cell phones and mobile devices is one of the most challenging
tasks in digital forensics
6. Inside Mobile Devices
IMEI and IMSI
• International Mobile Equipment Identifier
• International Mobile Subscriber Identifier
Also MEID (Mobile Equipment Identifier) or ESN (electronic serial
number)
Phones store system data in electronically erasable programmable
read-only memory (EEPROM)
• Enables service providers to reprogram phones without having to physically access
memory chips
OS is stored in ROM
• Nonvolatile memory
7. Inside Mobile Devices
Subscriber Identity Module (SIM) cards
• Found most commonly in GSM (Global System for Mobile
Communications) devices
• GSM refers to mobile phones as “mobile stations” and divides a
station into two parts:
• The SIM card and the mobile equipment (ME)
• Portability of information makes SIM cards versatile
• Integrated Circuit Card Identifier(ICCID)
• Identifies the subscriber to the network Stores service-related information
• PIN – unlock the device
• PUK – reset the PIN
• Wipes phone is incorrectly entered > 10 time
• Cipher Algorithm
8. Steps in the Mobile Forensics Process
1. Seizure
• Digital forensics operates on the principle that evidence should always be adequately preserved, processed, and
admissible in a court of law. Some legal consideration go hand in hand with the confiscation of mobile devices.
• There are two major risks concerning this phase of the mobile forensic process: Lock activation (by
user/suspect/inadvertent third party) and Network / Cellular connection.
• Network isolation is always advisable, and it could be achieved either through:
Airplane mode
• Mobile devices are often seized switched on and since the purpose of their confiscation is to preserve evidence,
the best way to transport them is to attempt to keep them turned on to avoid a shutdown, which would
inevitably alter files.
Faraday bag
• A Faraday box/bag and external power supply are common types of equipment for conducting mobile forensics.
While the former is a container specifically designed to isolate mobile devices from network communications
and, at the same time, help with the safe transportation of evidence to the laboratory, the latter, is a power
source embedded inside the Faraday box/bag. Before putting the phone in the Faraday bag, disconnect it from
the network, disable all network connections (Wi-Fi, GPS, Hotspots, etc.), and activate the flight mode to protect
the integrity of the evidence.
Turn the device off
• may activate authentication codes , complicating acquisition and delaying examination.
9. 2. Acquisition
Identification + extraction
• The goal of this phase is to retrieve data from the mobile device. A locked screen can be unlocked with the right PIN,
password, pattern, or biometrics. According to a ruling by the Virginia Circuit Court, passcodes are protected,
fingerprints not. Also, similar lock measures may exist on apps, images, SMSs, or messengers. Encryption, on the other
hand, provides security on a software and/or hardware level that is often impossible to circumvent.
• It is hard to be in control of data on mobile devices because the data is mobile as well. Once communications or files
are sent from a smartphone, control is lost. Although there are different devices having the capability to store
considerable amounts of data, the data in itself may physically be in another location. To give an example, data
synchronization among devices and applications can take place directly but also via the cloud.
• Services such as Apple’s iCloud and Microsoft’s One Drive are prevalent among mobile device users, which leave open
the possibility for data acquisition from there. For that reason, investigators should be attentive to any indications that
data may transcend the mobile device as a physical object, because such an occurrence may affect the collection and
even preservation process.
• Since data is constantly being synchronized, hardware and software may be able to bridge the data gap. Consider Uber
– it has both an app and a fully functional website. All the information that can be accessed through the Uber app on a
phone may be pulled off the Uber website instead, or even the Uber software program installed on a computer.
10. • After one identifies the data sources, the next step is to collect the information properly. There are certain
unique challenges concerning gathering information in the context of mobile technology. Many mobile
devices cannot be collected by creating an image and instead they may have to undergo a process called
acquisition of data.
• Thera are various protocols for collecting data from mobile devices as certain design specifications may
only allow one type of acquisition.
• The forensic examiner should make a use of SIM Card imagining – a procedure that recreates a replica
image of the SIM Card content. As with other replicas, the original evidence will remain intact while the
replica image is being used for analysis. All image files should be hashed to ensure data remains accurate
and unchanged.
• Check these areas in the forensics lab :
• Internal memory
• SIM card
• Removable or external memory cards
• System server
11. 3. Examination and analysis
• As the first step of every digital investigation involving a mobile device(s), the
forensic expert needs to identify:
Type of the mobile device(s) – e.g., GPS, smartphone, tablet, etc.
Type of network – GSM, CDMA, and TDMA
Carrier
Service provider (Reverse Lookup)
• The examiner may need to use numerous forensic tools to acquire and analyze
data residing in the machine. Due to the sheer diversity of mobile devices, there
is no one-size-fits-all solution regarding mobile forensic tools. Consequently, it is
advisable to use more than one tool for examination. The most appropriate
tool(s) is being chosen depending on the type and model of mobile device.
• Timeline and link analysis available in many mobile forensic tools could tie each
of the most significant events, from a forensic analyst’s point of view.
12.
13. Manual Extraction
• A manual extraction method involves viewing the data content stored on a mobile
device.
• Browses data using the mobile device’s touchscreen or keypad.
• Information of interest discovered on the phone is photographically documented.
• This process of manual extraction is simple and applicable to almost every phone.
• Furthermore, manual extraction is long and involves an excellent chance of human
error.
• Popular tools for manual extractions include:
Project-A-Phone
Fernico ZRT
EDEC Eclipse
• Disadvantage:
it is impossible to recover deleted information.
very time consuming
data on the device may be modified, deleted or overwritten throughout the examination.
14.
15. Logical Extraction
• A logical extraction of data from a mobile phone collects the files and folders contained on the
device without any unallocated space. Typically, data collected via a logical extraction includes
messaging, pictures, video, audio, contacts, application data, some location data, internet
history, search history, social media, and more.
• Connectivity between a mobile device and the forensics workstation a connection using:
• Wired (e.g., USB or RS-232).
• Wireless (e.g., IrDA, WiFi, or Bluetooth)
• Following the connecting part, the computer sends command requests to the device, and the device
sends back data from its memory. The majority of forensic tools support logical extraction.
• Deleted data is rarely accessible.
• The tools used for logical extraction include:
• XRY Logical
• Oxygen
• Lantern
• Cellebrite UFED
16. • File System Extraction
• A file system extraction is an extension of a logical extraction. It collects
much of the same data as a logical extraction along with additional file
system data. During a file system extraction, the forensic tool accesses the
internal memory of the mobile phone, which means that the forensic
software can collect system files, logs, and database files from the device
that a logical acquisition cannot.
• Most applications store their data in database files on a mobile phone. Since
a file system extraction recovers more of these database files, more deleted
data like database files and data related to application usage on the device
can be recovered.
17. JTAG Method
• JTAG is a non-invasive form of physical acquisition that could extract data from
a mobile device even when data was difficult to access through software
avenues because the device is damaged, locked or encrypted. The device,
however, must be at least partially functional (minor damages would not hinder
this method).
• The process involves connecting to the Test Access Ports (TAPs) on a device and
instructing the processor to transfer raw data stored on connected memory
chips. This is a standard feature that one could come across in many mobile
phone models, which provides mobile phone manufactures a low-level
interface outside the operating system.
• Digital forensic investigators take an interest in JTAG, as it can, in theory, allow
direct access to the mobile device’s memory without jeopardizing it. Despite
that fact, it is a labor-intensive, time-consuming procedure, and it requires
advance knowledge (not only of JTAG for the model of the phone under
investigation but also of how to arrange anew the resulting binary composed of
the phone’s memory structures).
18. Hex Dump
• Similar to JTAG, Hex dump is another method for physical extraction of raw
information in binary format stored in memory.
• The forensic professionals connect the device to a digital forensic workstation and
pushes the boot-loader into the device, that instructs the device to dump its memory
to the computer.
• Resulting image is fairly technical in binary format and it requires a person having the
technical education to analyze it.
• This method is cost-efficient and provides more information to the investigators,
including the recovery of phone’s deleted files and unallocated space including
location information, email, messages, videos, photos, audio, applications, and almost
any other data contained on a mobile phone.
• The common tools used for hex dump include:
XACT
Cellebrite UFED Touch 2 and Physical analyzer
Pandora’s Box
19. Chip-Off
• A process that refers to obtaining data straight from the mobile device’s memory chip.
• According to the preparations, the chip is detached from the device and a chip reader or a second phone is used
to extract data stored on the device and create its binary image under investigation. It should be noted that this
method is technically challenging because of the wide variety of chip types existing on the mobile market.
• Also, the chip-off process is expensive, training is required, and the examiner should procure specific hardware to
conduct de-soldering and heating of the memory chip. Bits and bytes of raw information that is retrieved from
the memory are yet to be parsed, decoded, and interpreted. Even the smallest mistake may lead to physical
damages to the memory chip, which, in effect, would render the data impossible to retrieve.
• This method is costly and needs an ample data of hardware.
• The whole process consists of five stages:
Detect the memory chip typology of the device
Physical extraction of the chip (for example, by unwelding it)
Interfacing of the chip using reading/programming software
Reading and transferring data from the chip to a PC
Interpretation of the acquired data (using reverse engineering)
20. Chip-Off
• The popular tools and equipment’s used for chip-off include:
iSeasamo Phone Opening Tool
Xytronic 988D Solder Rework Station
FEITA Digital inspection station
Chip Epoxy Glue Remover
Circuit Board Holder
21. Micro Read
• A Micro Read involves recording the physical observation of the gates on a
NAND or NOR chip with the use of an electron microscope.
• It is used after all other acquisition techniques have been exhausted.
• Successful acquisition requires a team of
• experts
• proper equipment
• time
• in-depth knowledge of proprietary information
• This method refers to manually taking an all-around view through the
lenses of an electron microscope and analyzing data seen on the memory
chip, more specifically the physical gates on the chip. In a nutshell, micro
read is a method that demands utmost level of expertise, it is costly and
time-consuming, and is reserved for serious national security crises.
22. Mobile Phone Data Preservation
The mobile phone's integrity and the data on it need to be established to
ensure that evidence is admissible in court.
• Chain of Custody
Evidence preservation aims to protect digital evidence from modification. This
protection begins by ensuring that first responders, investigators, crime scene
technicians, digital forensic experts, or anyone else who touches the device
handles it properly. A chain of custody must be maintained throughout the
entire life cycle of a case.
23. •Mathematical Hashing Algorithm
The forensic data collection process from the mobile device is better called a "forensics
extraction," as data is extracted from the device instead of a perfect bit-for-bit copy of
the evidence item. With the mobile phone powered on, the forensic software cannot
access some areas of data.
However, data that is inaccessible because the mobile device is powered on is usually of
little to no value evidentiary.
Following the forensic copying comes the hashing process. A mathematical algorithm is
run against the copied data, producing a unique hash value. This hash value can be
thought of as a digital fingerprint, uniquely identifying the copied evidence exactly as it
exists at that point in time.