SlideShare a Scribd company logo

pda forensics

Download as PPTX, PDF
saddamhusain hadimani
saddamhusain hadimani

PDA forensics involves investigating personal digital assistants for evidence. There are four states that PDAs can be in - nascent, active, quiescent, and semi-active. A forensic investigation of a PDA follows four steps: identification of the device and operating system, collection of volatile and non-volatile data using specialized tools while maintaining chain of custody, examination of the device and any peripherals it connected to for evidence, and documentation of the entire process. Device Seizure is a tool that allows acquisition, examination and analysis of PDA devices to capture forensic images, perform searches, and generate reports.

Education
1 of 30
PDA FORENSICS PRESENTED BY: MEGHANA J 01FM15ECS020 M.TECH 3RD SEM UNDER GUIDANCE OF: Dr. SANCHIKA GUPTA
Agenda 1) Introduction 2) Components of PDA 3) Operating Systems 4) PDAs Generic States 5) Steps in forensic investigation of PDA 6) Forensic Considerations 7) Security Issues 8) PDA Forensic Tools 9) Tool- Device Seizure 10) References
INTRODUCTION  PDA Short for personal digital assistant, this is the name given to small handheld devices that combine computing, telephone/fax, Internet and networking features.  A typical PDA can function as a cellular phone, fax sender, Web browser and personal organizer.  Used for communication, computation, and information storage and retrieval of both personal and business applications.  Contains personal and business information and happenings.  Most PDAs include a small keyboard, although many newer devices instead have an electronic touch-sensitive liquid crystal pad that can receive handwriting as input.
PDA devices are available in many configurations, with various features. The list of available devices and models changes frequently as the technology improves: Psion Sharp Wizard Apple Newton Zaurus Blackberry Sony CLIE Hp iPAQ Pocket PC Tapwave Zodiac Hp Jornada Pocket PC AlphaSmart Dana Palm Pilot Dell Axim Tungsten GMate Yopy LifeDrive Fujitsu Siemens Loox Treo PocketMail Zire Psion Sharp Wizard Apple Newton Dell Axim
Common PDA features include: • Note taking • Calculator • Clock • Calendar • Address book • Spreadsheets • E-mail and Internet access • Video and audio recording • Bluetooth, and WiFi • Radio and music players • Games • GPS (Global Positioning System) Information Stored in PDAs: PDA devices store the following types of information: • Business and personal notes • Business and personal contacts • Documents • Passwords • E-mails • Bank records • Company information • Images and videos Because PDAs are used to store sensitive and confidential information, care should be taken to protect them.
 PDAs can be synchronized with desktop and notebook computers for data exchange.  Synchronization updates data on both systems to reflect the most recent additions and changes to their shared databases. This prevents data loss if the device is lost, stolen, or destroyed.  PDAs are usually synchronized with the PC by using synchronization software bundled with the handheld, such as HotSync Manager with Palm OS handhelds and Microsoft ActiveSync with Windows Mobile handhelds.  Portable Individuals carry it all the time and record important stuff and stay connected. Higher probability of finding some useful information.  PDAs are of high interest for investigators
COMPONENTS OF PDA:  Microprocessor  Read only memory (ROM) Holds Operating System for the device Varieties include Flash ROM, which can be erased and reprogrammed with OS updates  Random access memory (RAM) Contains user data Kept active by batteries Data lost when powered off  Hardware keys and other user interfaces  Liquid crystal display, sometimes touch sensitive
 Additionally WiFi, Bluetooth Card Slots SD/ MMD slot, Compact Flash(CF) slot etc Expansions Slots Battery Removable, rechargeable batteries
OPERATING SYSTEMS  PALM OS: Palm OS is a compact operating system developed and licensed by PalmSource, Inc. • It is designed to be easy to use and similar compared with desktop operating system such as MS Windows.  Windows Mobile 5.0: Windows Mobile 5.0 marks the convergence of the phone Edition and Professional Edition operating systems into one system that contains both phone and PDA capabilities. Windows Mobile 5.0 is compatible with Microsoft's Smartphone operating system and is capable of running Smartphone applications.  Blackberry: RIM develops its own software for its devices, using C++ and Java technology.
PDA GENERIC STATES  Nascent State  Active State  Quiescent State  Semi-Active State PDAs are always in one of four distinct states
I. Nascent state: The first state of the device when it is received from the manufacturer is the nascent state. In this state, devices do not have any user data, only factory configuration settings. The device returns to the nascent state after a hard reset or battery drain. II. Active state: In this state, devices are powered on and perform different tasks. Devices can be customized by the user and contain user data. Devices can be turned back to active state by performing a soft reset operation.
III. Quiescent state: This is the sleep mode of the device, which conserves battery power to maintain the user’s data and perform other background activities. The device can be returned back to quiescent state by pressing the power button in the active state. IV. Semi-active state: This state is partway between active and quiescent. The device usually is sent into this state by a timer. The timer is triggered when the device becomes inactive for some period, and the semi-active state allows battery life to be preserved by dimming the display and taking other appropriate actions. The semi-active state becomes active when a screen tap, button press, or soft reset occurs. Devices not supporting the semi-active state go straight from the active state to the quiescent state after a certain period of inactivity. If the device is off, then it is considered to be in the quiescent state.
STEPS IN FORENSIC INVESTIGATION OF PDA 1. Identification 2. Collection 3. Examination 4. Documentation STEP 1: IDENTIFICATION We start the process by identifying the type of device we are investigating. Identify the operating system that the device is using.
STEP 2: COLLECTION  There are a multitude of these types of devices like: SD, micro-drives and universal serial bus (USB) tokens.  Information collected can be both volatile and dynamic information; We give the volatile information priority while we collect evidence.  Reason: Anything that is classified as volatile information will not survive if the machine is powered off or reset.  Once the information has been captured it is imperative that the PDA be placed into an evidence bag, and maintained at stable power support throughout.  After acquiring the evidence you must create an exact image to preserve the crime scene.  Once we have acquired the image it is time for us to examine the evidence.
STEP 3: EXAMINATION • In the examination step of PDA forensics, we first need to understand the potential sources of the evidence. Source can be another device and any other peripherals devices, that the device being examined has come into contact with. • Peripheral devices May contain more useful information than the actual device • Attachments/ Accessories, hardware or software and their manuals • In addition to these sources you should also investigate any device that has synchronized with the PDA you are examining.
STEP 4: Documentation • As with any component in the forensic process, it is critical that we maintain our documentation and "chain of custody." • As we collect our information and potential evidence, we need to record all visible data. • Our records must document the case number, and the date and time it was collected. • Additionally, the entire investigation area needs to be photographed. This includes any devices that can be connected to the PDA, or currently are connected to the PDA. • Another part of the documentation process is to generate a report that consists of the detailed information that describes the entire forensic process that you are performing. • Within this report you need to annotate the state and status of the device in question during your collection process. • The final step of the collection process consists of accumulating of all the information and storing it in a secure and safe location.
FORENSIC CONSIDERATIONS  What to Report o Make, Model, Colour, Condition, Serial Number o IMEI number, SIM card number (if applicable) o Hardware/software used o Data recovered  Where to look for data o Depends on PDA model, Identify characteristics first o Calendar o Internet cache, settings o Text, Audio, Video o Messages sent/received o Call logs, Phone-book
FORENSIC CONSIDERATIONS CONTD..  Left ON or OFF?? o Depends on the case at hand and the device o If left ON o Isolate the device from network o Battery will drain more quickly if the device searches for network. o If turned OFF o PDA may be password protected o May lose some useful information in the Dynamic RAM  Look around.. o Take charger and data cable (if applicable) o Look for manuals, PDA documentations
PDA SECURITY ISSUES • Password theft • Wireless vulnerabilities • Device theft The major security issue with the PDA is the theft of the device itself. The best precaution to overcome this threat is by securing the data on the device in standalone mode (a mode in which the device is not connected to a wireless service provider). Wireless vulnerabilities: PDAs that use wireless services or wireless ports are also vulnerable to wireless attacks. The best solution to protect PDAs from wireless attacks is to install a VPN client on the PDA and encrypt the connection. Password theft: It can be reduced by using a lengthy secure password containing alphanumeric characters and symbols in order to make it more difficult to crack.
PDA FORENSIC TOOLS  Though an investigator can browse the contents of the device using its user interface to obtain evidence, the approach is highly impractical and problematic, and should be used only as a last resort.  A number of specialized tools are available for PDA forensic examinations. o Device Seizure o Encase o Plam dd o Pilot link o Palm OS Emulator (POSE) o Duplicate Disk (dd)
PDA FORENSIC TOOLS  Device Seizure: A Paraben product that supports forensic acquisition, examination, and analysis of PDA devices for the PALM, Windows CE, and Blackberry operating systems. • It provides the capture and reporting of data. It has two step acquisition of PDA device: All files in original structure and memory. Card acquisition.  Palm dd (pdd): A Windows-based tool for memory imaging and forensic acquisition of data form the Palm OS family of PDAs. • pdd will preserve the crime scene by obtaining a bit-for- bit image or snapshot of the Palm devices memory contents.
PDA FORENSIC TOOLS  Palm OS Emulator (POSE): The Palm OS Emulator is a software that emulates the hardware of various models of Palm powered handhelds making it a valuable tool for writing, testing, and debugging applications. • It allows a user to create virtual handheld devices on your PC.  Duplicate Disk (dd): A common UNIX program whose primary purpose is the low-level copying and conversion of files. • Unlike the other tools described above, dd executes directly on the PDA device.
DEVICE SEIZURE  Device Seizure: Complete a forensic acquisition, examination & analysis of PDA devices.  Used for: The Palm Windows operating systems. FEATURES:  Acquire Forensic Image  Perform examiner-defined searches  Generate hash values  Generate a report of findings
Depending on the Device and the Model, Device Seizure™ can access the following data: Phonebook (from the phone’s memory and the SIM card) Call History including Received, Dialed and Missed Calls Datebook, Scheduler, and Calendar Current Text Messages Deleted Text Messages To-Do Lists Pictures and Videos Quick-notes RAM/ROM PDA Databases E-mail Deleted Data
One amongst the features of the Paraben PDA Seizure is that it can create a forensic image of the handhelds and allow the investigator to conduct searches on the data acquired earlier, and later to execute a report generation of its findings. PDA Seizure can acquires images of the RAM and/or ROM, and also download the entire individual database off the Palms using Palm OS Emulators. Works on all types of Windows CE & PALM OS Devices. Perfect for law enforcement, corporate security, or anyone with an interest in computer forensics.
PDA Seizure – Demo version
PDA Seizure – Demo version
REFERENCE 1. Sansurooah, Krishnun. "An overview and examination of digital PDA devices under forensics toolkits." 2. Jansen, Wayne, and Rick Ayers. "An overview and analysis of PDA forensic tools." National Institute of Standards and Technology(NIST). 3. Jansen, Wayne, and Rick Ayers. "Guidelines on PDA forensics." National Institute of Standards and Technology(NIST), Special Publication 800.
pda forensics

Recommended

Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensics
primeteacher32
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - NotesKranthi
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics
abdullah roomi
 
Cybercrime And Cyber forensics
Cybercrime And Cyber forensics Cybercrime And Cyber forensics
Cybercrime And Cyber forensics
sunanditaAnand
 
Digital Forensic
Digital ForensicDigital Forensic
Digital Forensic
Cleverence Kombe
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidence
rakesh mishra
 
Network forensic
Network forensicNetwork forensic
Network forensic
Manjushree Mashal
 

Recommended

Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensics
primeteacher32
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - NotesKranthi
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics
abdullah roomi
 
Cybercrime And Cyber forensics
Cybercrime And Cyber forensics Cybercrime And Cyber forensics
Cybercrime And Cyber forensics
sunanditaAnand
 
Digital Forensic
Digital ForensicDigital Forensic
Digital Forensic
Cleverence Kombe
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidence
rakesh mishra
 
Network forensic
Network forensicNetwork forensic
Network forensic
Manjushree Mashal
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research Challenge
Aung Thu Rha Hein
 
Malware forensic
Malware forensicMalware forensic
Malware forensic
SumeraHangi
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkitMilap Oza
 
Intro to cyber forensics
Intro to cyber forensicsIntro to cyber forensics
Intro to cyber forensics
Chaitanya Dhareshwar
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
Kathirvel Ayyaswamy
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
vishnuv43
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital Forensics
Manik Bhola
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software tools
N.Jagadish Kumar
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
Online
 
Windows forensic artifacts
Windows forensic artifactsWindows forensic artifacts
Windows forensic artifacts
n|u - The Open Security Community
 
File system in iOS
File system in iOSFile system in iOS
File system in iOSPurvik Rana
 
Cyber Forensics Module 2
Cyber Forensics Module 2Cyber Forensics Module 2
Cyber Forensics Module 2
Manu Mathew Cherian
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensics
noorashams
 
Data recovery
Data recoveryData recovery
Data recoveryMir Majid
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic ppt
Priya Manik
 
E mail Investigation
E mail InvestigationE mail Investigation
E mail Investigation
Dr Raghu Khimani
 
Linux forensics
Linux forensicsLinux forensics
Linux forensicsSantosh Khadsare
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics pptNikhil Mashruwala
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenes
primeteacher32
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
Vidoushi B-Somrah
 
Lec#1 (1)
Lec#1 (1)Lec#1 (1)
Lec#1 (1)Yen Garcia
 
Cell Phone and Mobile Devices Forensics
Cell Phone and Mobile Devices ForensicsCell Phone and Mobile Devices Forensics
Cell Phone and Mobile Devices Forensics
ArthyR3
 

More Related Content

What's hot

Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research Challenge
Aung Thu Rha Hein
 
Malware forensic
Malware forensicMalware forensic
Malware forensic
SumeraHangi
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkitMilap Oza
 
Intro to cyber forensics
Intro to cyber forensicsIntro to cyber forensics
Intro to cyber forensics
Chaitanya Dhareshwar
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
Kathirvel Ayyaswamy
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
vishnuv43
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital Forensics
Manik Bhola
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software tools
N.Jagadish Kumar
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
Online
 
Windows forensic artifacts
Windows forensic artifactsWindows forensic artifacts
Windows forensic artifacts
n|u - The Open Security Community
 
File system in iOS
File system in iOSFile system in iOS
File system in iOSPurvik Rana
 
Cyber Forensics Module 2
Cyber Forensics Module 2Cyber Forensics Module 2
Cyber Forensics Module 2
Manu Mathew Cherian
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensics
noorashams
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic ppt
Priya Manik
 
E mail Investigation
E mail InvestigationE mail Investigation
E mail Investigation
Dr Raghu Khimani
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenes
primeteacher32
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
Vidoushi B-Somrah
 

What's hot (20)

Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research Challenge
 
Malware forensic
Malware forensicMalware forensic
Malware forensic
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
 
Intro to cyber forensics
Intro to cyber forensicsIntro to cyber forensics
Intro to cyber forensics
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital Forensics
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software tools
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
 
Windows forensic artifacts
Windows forensic artifactsWindows forensic artifacts
Windows forensic artifacts
 
File system in iOS
File system in iOSFile system in iOS
File system in iOS
 
Cyber Forensics Module 2
Cyber Forensics Module 2Cyber Forensics Module 2
Cyber Forensics Module 2
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensics
 
Data recovery
Data recoveryData recovery
Data recovery
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic ppt
 
E mail Investigation
E mail InvestigationE mail Investigation
E mail Investigation
 
Linux forensics
Linux forensicsLinux forensics
Linux forensics
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenes
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 

Similar to pda forensics

Cell Phone and Mobile Devices Forensics
Cell Phone and Mobile Devices ForensicsCell Phone and Mobile Devices Forensics
Cell Phone and Mobile Devices Forensics
ArthyR3
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson
 
IRJET- Verbal Authentication for Personal Digital Assistants
IRJET- Verbal Authentication for Personal Digital AssistantsIRJET- Verbal Authentication for Personal Digital Assistants
IRJET- Verbal Authentication for Personal Digital Assistants
IRJET Journal
 
Comparison of android and black berry forensic techniques
Comparison of android and black berry forensic techniquesComparison of android and black berry forensic techniques
Comparison of android and black berry forensic techniquesSTO STRATEGY
 
Mobile_Forensics- General Introduction & Software.pptx
Mobile_Forensics- General Introduction & Software.pptxMobile_Forensics- General Introduction & Software.pptx
Mobile_Forensics- General Introduction & Software.pptx
gouriuplenchwar63
 
Version 3.6 Powerpoint March10
Version 3.6 Powerpoint March10Version 3.6 Powerpoint March10
Version 3.6 Powerpoint March10jpmccormack
 
Computer Essentials - Part 1 (IT Concepts).pptx
Computer Essentials - Part 1 (IT Concepts).pptxComputer Essentials - Part 1 (IT Concepts).pptx
Computer Essentials - Part 1 (IT Concepts).pptx
MohammedAlaaMohammed
 
Computrace Laptop Security Solutions
Computrace Laptop Security SolutionsComputrace Laptop Security Solutions
Computrace Laptop Security Solutions
abe8512000
 
Dataloggers seminar Report
Dataloggers seminar ReportDataloggers seminar Report
Dataloggers seminar Report
Niranjan Kumar
 
Mobile Forensics and Investigation Android Forensics
Mobile Forensics and Investigation Android ForensicsMobile Forensics and Investigation Android Forensics
Mobile Forensics and Investigation Android Forensics
Don Caeiro
 
ContentsMobile Forensic3Introduction3What It Is3How I.docx
ContentsMobile Forensic3Introduction3What It Is3How I.docxContentsMobile Forensic3Introduction3What It Is3How I.docx
ContentsMobile Forensic3Introduction3What It Is3How I.docx
richardnorman90310
 
IRJET- Identification of Location of Laptop Devices using Raspberry Pi Mo...
IRJET- Identification of Location of Laptop Devices using Raspberry Pi Mo...IRJET- Identification of Location of Laptop Devices using Raspberry Pi Mo...
IRJET- Identification of Location of Laptop Devices using Raspberry Pi Mo...
IRJET Journal
 
Comparison of android and black berry forensic techniques
Comparison of android and black berry forensic techniquesComparison of android and black berry forensic techniques
Comparison of android and black berry forensic techniques
Yury Chemerkin
 
Iot forensics
Iot forensicsIot forensics
Iot forensics
Abeis Ab
 
Performing Computer Operations (PCO)
Performing Computer Operations (PCO)Performing Computer Operations (PCO)
Performing Computer Operations (PCO)
Walden Macabuhay
 
Dell G5 SE 5505
Dell G5 SE 5505Dell G5 SE 5505
Dell G5 SE 5505
LAPTOP TRẦN PHÁT
 
Looking inside into computer system
Looking inside into computer system Looking inside into computer system
Looking inside into computer system
MadnessKnight
 
Safend General Presentation 2010
Safend General Presentation 2010Safend General Presentation 2010
Safend General Presentation 2010
Joseph Mark Heinzen
 
Minder RTP Product Overview
Minder RTP Product OverviewMinder RTP Product Overview
Minder RTP Product Overview
Cruatech
 

Similar to pda forensics (20)

Lec#1 (1)
Lec#1 (1)Lec#1 (1)
Lec#1 (1)
 
Cell Phone and Mobile Devices Forensics
Cell Phone and Mobile Devices ForensicsCell Phone and Mobile Devices Forensics
Cell Phone and Mobile Devices Forensics
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
 
IRJET- Verbal Authentication for Personal Digital Assistants
IRJET- Verbal Authentication for Personal Digital AssistantsIRJET- Verbal Authentication for Personal Digital Assistants
IRJET- Verbal Authentication for Personal Digital Assistants
 
Comparison of android and black berry forensic techniques
Comparison of android and black berry forensic techniquesComparison of android and black berry forensic techniques
Comparison of android and black berry forensic techniques
 
Mobile_Forensics- General Introduction & Software.pptx
Mobile_Forensics- General Introduction & Software.pptxMobile_Forensics- General Introduction & Software.pptx
Mobile_Forensics- General Introduction & Software.pptx
 
Version 3.6 Powerpoint March10
Version 3.6 Powerpoint March10Version 3.6 Powerpoint March10
Version 3.6 Powerpoint March10
 
Computer Essentials - Part 1 (IT Concepts).pptx
Computer Essentials - Part 1 (IT Concepts).pptxComputer Essentials - Part 1 (IT Concepts).pptx
Computer Essentials - Part 1 (IT Concepts).pptx
 
Computrace Laptop Security Solutions
Computrace Laptop Security SolutionsComputrace Laptop Security Solutions
Computrace Laptop Security Solutions
 
Dataloggers seminar Report
Dataloggers seminar ReportDataloggers seminar Report
Dataloggers seminar Report
 
Mobile Forensics and Investigation Android Forensics
Mobile Forensics and Investigation Android ForensicsMobile Forensics and Investigation Android Forensics
Mobile Forensics and Investigation Android Forensics
 
ContentsMobile Forensic3Introduction3What It Is3How I.docx
ContentsMobile Forensic3Introduction3What It Is3How I.docxContentsMobile Forensic3Introduction3What It Is3How I.docx
ContentsMobile Forensic3Introduction3What It Is3How I.docx
 
IRJET- Identification of Location of Laptop Devices using Raspberry Pi Mo...
IRJET- Identification of Location of Laptop Devices using Raspberry Pi Mo...IRJET- Identification of Location of Laptop Devices using Raspberry Pi Mo...
IRJET- Identification of Location of Laptop Devices using Raspberry Pi Mo...
 
Comparison of android and black berry forensic techniques
Comparison of android and black berry forensic techniquesComparison of android and black berry forensic techniques
Comparison of android and black berry forensic techniques
 
Iot forensics
Iot forensicsIot forensics
Iot forensics
 
Performing Computer Operations (PCO)
Performing Computer Operations (PCO)Performing Computer Operations (PCO)
Performing Computer Operations (PCO)
 
Dell G5 SE 5505
Dell G5 SE 5505Dell G5 SE 5505
Dell G5 SE 5505
 
Looking inside into computer system
Looking inside into computer system Looking inside into computer system
Looking inside into computer system
 
Safend General Presentation 2010
Safend General Presentation 2010Safend General Presentation 2010
Safend General Presentation 2010
 
Minder RTP Product Overview
Minder RTP Product OverviewMinder RTP Product Overview
Minder RTP Product Overview
 

More from saddamhusain hadimani

Linux tools for data recovery and reporting
Linux tools for data recovery and reportingLinux tools for data recovery and reporting
Linux tools for data recovery and reporting
saddamhusain hadimani
 
E mail forensics
E mail forensicsE mail forensics
E mail forensics
saddamhusain hadimani
 
Caine and dff
Caine and dffCaine and dff
Caine and dff
saddamhusain hadimani
 
Bin carver
Bin carverBin carver
Bin carver
saddamhusain hadimani
 
Analysis of database tampering
Analysis of database tamperingAnalysis of database tampering
Analysis of database tampering
saddamhusain hadimani
 
Beauty of open source in cyber forensics
Beauty of open source in cyber forensicsBeauty of open source in cyber forensics
Beauty of open source in cyber forensics
saddamhusain hadimani
 
User Authentication Based on Representative Users
User Authentication Based on Representative UsersUser Authentication Based on Representative Users
User Authentication Based on Representative Users
saddamhusain hadimani
 
A Novel Wireless Sensor Network Frame for Urban Transportation
A Novel Wireless Sensor Network Frame for Urban TransportationA Novel Wireless Sensor Network Frame for Urban Transportation
A Novel Wireless Sensor Network Frame for Urban Transportation
saddamhusain hadimani
 
Li fi technology
Li fi technologyLi fi technology
Li fi technology
saddamhusain hadimani
 

More from saddamhusain hadimani (10)

Linux tools for data recovery and reporting
Linux tools for data recovery and reportingLinux tools for data recovery and reporting
Linux tools for data recovery and reporting
 
E mail forensics
E mail forensicsE mail forensics
E mail forensics
 
Deft
DeftDeft
Deft
 
Caine and dff
Caine and dffCaine and dff
Caine and dff
 
Bin carver
Bin carverBin carver
Bin carver
 
Analysis of database tampering
Analysis of database tamperingAnalysis of database tampering
Analysis of database tampering
 
Beauty of open source in cyber forensics
Beauty of open source in cyber forensicsBeauty of open source in cyber forensics
Beauty of open source in cyber forensics
 
User Authentication Based on Representative Users
User Authentication Based on Representative UsersUser Authentication Based on Representative Users
User Authentication Based on Representative Users
 
A Novel Wireless Sensor Network Frame for Urban Transportation
A Novel Wireless Sensor Network Frame for Urban TransportationA Novel Wireless Sensor Network Frame for Urban Transportation
A Novel Wireless Sensor Network Frame for Urban Transportation
 
Li fi technology
Li fi technologyLi fi technology
Li fi technology
 

Recently uploaded

"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
SACHIN R KONDAGURI
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
Celine George
 
Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345
beazzy04
 
The French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free downloadThe French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free download
Vivekanand Anglo Vedic Academy
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
Pavel ( NSTU)
 
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfWelcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
TechSoup
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
Delapenabediema
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
Sandy Millin
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
Peter Windle
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
Ashokrao Mane college of Pharmacy Peth-Vadgaon
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
Special education needs
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
Tamralipta Mahavidyalaya
 
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCECLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
BhavyaRajput3
 
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdfAdversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Po-Chuan Chen
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
DeeptiGupta154
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
Jean Carlos Nunes Paixão
 
Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.
Atul Kumar Singh
 
Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
vaibhavrinwa19
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
Jisc
 
Operation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela TaraOperation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela Tara
Balvir Singh
 

Recently uploaded (20)

"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
 
Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345
 
The French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free downloadThe French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free download
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
 
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfWelcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
 
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCECLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
 
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdfAdversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
 
Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.
 
Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
 
Operation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela TaraOperation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela Tara
 

pda forensics

  • 1. PDA FORENSICS PRESENTED BY: MEGHANA J 01FM15ECS020 M.TECH 3RD SEM UNDER GUIDANCE OF: Dr. SANCHIKA GUPTA
  • 2. Agenda 1) Introduction 2) Components of PDA 3) Operating Systems 4) PDAs Generic States 5) Steps in forensic investigation of PDA 6) Forensic Considerations 7) Security Issues 8) PDA Forensic Tools 9) Tool- Device Seizure 10) References
  • 3. INTRODUCTION  PDA Short for personal digital assistant, this is the name given to small handheld devices that combine computing, telephone/fax, Internet and networking features.  A typical PDA can function as a cellular phone, fax sender, Web browser and personal organizer.  Used for communication, computation, and information storage and retrieval of both personal and business applications.  Contains personal and business information and happenings.  Most PDAs include a small keyboard, although many newer devices instead have an electronic touch-sensitive liquid crystal pad that can receive handwriting as input.
  • 4. PDA devices are available in many configurations, with various features. The list of available devices and models changes frequently as the technology improves: Psion Sharp Wizard Apple Newton Zaurus Blackberry Sony CLIE Hp iPAQ Pocket PC Tapwave Zodiac Hp Jornada Pocket PC AlphaSmart Dana Palm Pilot Dell Axim Tungsten GMate Yopy LifeDrive Fujitsu Siemens Loox Treo PocketMail Zire Psion Sharp Wizard Apple Newton Dell Axim
  • 5. Common PDA features include: • Note taking • Calculator • Clock • Calendar • Address book • Spreadsheets • E-mail and Internet access • Video and audio recording • Bluetooth, and WiFi • Radio and music players • Games • GPS (Global Positioning System) Information Stored in PDAs: PDA devices store the following types of information: • Business and personal notes • Business and personal contacts • Documents • Passwords • E-mails • Bank records • Company information • Images and videos Because PDAs are used to store sensitive and confidential information, care should be taken to protect them.
  • 6.  PDAs can be synchronized with desktop and notebook computers for data exchange.  Synchronization updates data on both systems to reflect the most recent additions and changes to their shared databases. This prevents data loss if the device is lost, stolen, or destroyed.  PDAs are usually synchronized with the PC by using synchronization software bundled with the handheld, such as HotSync Manager with Palm OS handhelds and Microsoft ActiveSync with Windows Mobile handhelds.  Portable Individuals carry it all the time and record important stuff and stay connected. Higher probability of finding some useful information.  PDAs are of high interest for investigators
  • 7. COMPONENTS OF PDA:  Microprocessor  Read only memory (ROM) Holds Operating System for the device Varieties include Flash ROM, which can be erased and reprogrammed with OS updates  Random access memory (RAM) Contains user data Kept active by batteries Data lost when powered off  Hardware keys and other user interfaces  Liquid crystal display, sometimes touch sensitive
  • 8.  Additionally WiFi, Bluetooth Card Slots SD/ MMD slot, Compact Flash(CF) slot etc Expansions Slots Battery Removable, rechargeable batteries
  • 9. OPERATING SYSTEMS  PALM OS: Palm OS is a compact operating system developed and licensed by PalmSource, Inc. • It is designed to be easy to use and similar compared with desktop operating system such as MS Windows.  Windows Mobile 5.0: Windows Mobile 5.0 marks the convergence of the phone Edition and Professional Edition operating systems into one system that contains both phone and PDA capabilities. Windows Mobile 5.0 is compatible with Microsoft's Smartphone operating system and is capable of running Smartphone applications.  Blackberry: RIM develops its own software for its devices, using C++ and Java technology.
  • 10. PDA GENERIC STATES  Nascent State  Active State  Quiescent State  Semi-Active State PDAs are always in one of four distinct states
  • 11. I. Nascent state: The first state of the device when it is received from the manufacturer is the nascent state. In this state, devices do not have any user data, only factory configuration settings. The device returns to the nascent state after a hard reset or battery drain. II. Active state: In this state, devices are powered on and perform different tasks. Devices can be customized by the user and contain user data. Devices can be turned back to active state by performing a soft reset operation.
  • 12. III. Quiescent state: This is the sleep mode of the device, which conserves battery power to maintain the user’s data and perform other background activities. The device can be returned back to quiescent state by pressing the power button in the active state. IV. Semi-active state: This state is partway between active and quiescent. The device usually is sent into this state by a timer. The timer is triggered when the device becomes inactive for some period, and the semi-active state allows battery life to be preserved by dimming the display and taking other appropriate actions. The semi-active state becomes active when a screen tap, button press, or soft reset occurs. Devices not supporting the semi-active state go straight from the active state to the quiescent state after a certain period of inactivity. If the device is off, then it is considered to be in the quiescent state.
  • 13. STEPS IN FORENSIC INVESTIGATION OF PDA 1. Identification 2. Collection 3. Examination 4. Documentation STEP 1: IDENTIFICATION We start the process by identifying the type of device we are investigating. Identify the operating system that the device is using.
  • 14. STEP 2: COLLECTION  There are a multitude of these types of devices like: SD, micro-drives and universal serial bus (USB) tokens.  Information collected can be both volatile and dynamic information; We give the volatile information priority while we collect evidence.  Reason: Anything that is classified as volatile information will not survive if the machine is powered off or reset.  Once the information has been captured it is imperative that the PDA be placed into an evidence bag, and maintained at stable power support throughout.  After acquiring the evidence you must create an exact image to preserve the crime scene.  Once we have acquired the image it is time for us to examine the evidence.
  • 15. STEP 3: EXAMINATION • In the examination step of PDA forensics, we first need to understand the potential sources of the evidence. Source can be another device and any other peripherals devices, that the device being examined has come into contact with. • Peripheral devices May contain more useful information than the actual device • Attachments/ Accessories, hardware or software and their manuals • In addition to these sources you should also investigate any device that has synchronized with the PDA you are examining.
  • 16. STEP 4: Documentation • As with any component in the forensic process, it is critical that we maintain our documentation and "chain of custody." • As we collect our information and potential evidence, we need to record all visible data. • Our records must document the case number, and the date and time it was collected. • Additionally, the entire investigation area needs to be photographed. This includes any devices that can be connected to the PDA, or currently are connected to the PDA. • Another part of the documentation process is to generate a report that consists of the detailed information that describes the entire forensic process that you are performing. • Within this report you need to annotate the state and status of the device in question during your collection process. • The final step of the collection process consists of accumulating of all the information and storing it in a secure and safe location.
  • 17. FORENSIC CONSIDERATIONS  What to Report o Make, Model, Colour, Condition, Serial Number o IMEI number, SIM card number (if applicable) o Hardware/software used o Data recovered  Where to look for data o Depends on PDA model, Identify characteristics first o Calendar o Internet cache, settings o Text, Audio, Video o Messages sent/received o Call logs, Phone-book
  • 18. FORENSIC CONSIDERATIONS CONTD..  Left ON or OFF?? o Depends on the case at hand and the device o If left ON o Isolate the device from network o Battery will drain more quickly if the device searches for network. o If turned OFF o PDA may be password protected o May lose some useful information in the Dynamic RAM  Look around.. o Take charger and data cable (if applicable) o Look for manuals, PDA documentations
  • 19. PDA SECURITY ISSUES • Password theft • Wireless vulnerabilities • Device theft The major security issue with the PDA is the theft of the device itself. The best precaution to overcome this threat is by securing the data on the device in standalone mode (a mode in which the device is not connected to a wireless service provider). Wireless vulnerabilities: PDAs that use wireless services or wireless ports are also vulnerable to wireless attacks. The best solution to protect PDAs from wireless attacks is to install a VPN client on the PDA and encrypt the connection. Password theft: It can be reduced by using a lengthy secure password containing alphanumeric characters and symbols in order to make it more difficult to crack.
  • 20. PDA FORENSIC TOOLS  Though an investigator can browse the contents of the device using its user interface to obtain evidence, the approach is highly impractical and problematic, and should be used only as a last resort.  A number of specialized tools are available for PDA forensic examinations. o Device Seizure o Encase o Plam dd o Pilot link o Palm OS Emulator (POSE) o Duplicate Disk (dd)
  • 21. PDA FORENSIC TOOLS  Device Seizure: A Paraben product that supports forensic acquisition, examination, and analysis of PDA devices for the PALM, Windows CE, and Blackberry operating systems. • It provides the capture and reporting of data. It has two step acquisition of PDA device: All files in original structure and memory. Card acquisition.  Palm dd (pdd): A Windows-based tool for memory imaging and forensic acquisition of data form the Palm OS family of PDAs. • pdd will preserve the crime scene by obtaining a bit-for- bit image or snapshot of the Palm devices memory contents.
  • 22. PDA FORENSIC TOOLS  Palm OS Emulator (POSE): The Palm OS Emulator is a software that emulates the hardware of various models of Palm powered handhelds making it a valuable tool for writing, testing, and debugging applications. • It allows a user to create virtual handheld devices on your PC.  Duplicate Disk (dd): A common UNIX program whose primary purpose is the low-level copying and conversion of files. • Unlike the other tools described above, dd executes directly on the PDA device.
  • 23.
  • 24. DEVICE SEIZURE  Device Seizure: Complete a forensic acquisition, examination & analysis of PDA devices.  Used for: The Palm Windows operating systems. FEATURES:  Acquire Forensic Image  Perform examiner-defined searches  Generate hash values  Generate a report of findings
  • 25. Depending on the Device and the Model, Device Seizure™ can access the following data: Phonebook (from the phone’s memory and the SIM card) Call History including Received, Dialed and Missed Calls Datebook, Scheduler, and Calendar Current Text Messages Deleted Text Messages To-Do Lists Pictures and Videos Quick-notes RAM/ROM PDA Databases E-mail Deleted Data
  • 26. One amongst the features of the Paraben PDA Seizure is that it can create a forensic image of the handhelds and allow the investigator to conduct searches on the data acquired earlier, and later to execute a report generation of its findings. PDA Seizure can acquires images of the RAM and/or ROM, and also download the entire individual database off the Palms using Palm OS Emulators. Works on all types of Windows CE & PALM OS Devices. Perfect for law enforcement, corporate security, or anyone with an interest in computer forensics.
  • 27. PDA Seizure – Demo version
  • 28. PDA Seizure – Demo version
  • 29. REFERENCE 1. Sansurooah, Krishnun. "An overview and examination of digital PDA devices under forensics toolkits." 2. Jansen, Wayne, and Rick Ayers. "An overview and analysis of PDA forensic tools." National Institute of Standards and Technology(NIST). 3. Jansen, Wayne, and Rick Ayers. "Guidelines on PDA forensics." National Institute of Standards and Technology(NIST), Special Publication 800.