This document summarizes a study and analysis of the Orbot, Orweb, and Orfox anonymizer apps on Android devices presented at DFRWS EU 2016. It describes the methodology used, which involved installing each app, browsing with them, and analyzing residual data after uninstalling. Analysis was performed on system and app folders to identify usage logs, caches, cookies and other artifacts left behind. The goal was to evaluate the effectiveness of these apps and identify opportunities for forensic analysis of user activity even after the apps are uninstalled.
IoT devices are an emerging field in IT in general and of course in Digital Forensics. It is more and more common to read about news on investigation made also by means of analysing data stored on IoT devices. As any other smart device, Smart TVs can be connected to Internet and interact with other devices in home or business contexts, becoming a potentially target of criminal activity and a source of information during digital investigations related to the reconstruction of user’s activity. However the lack of documentations, the uses of proprietary and closed-‐source operating systems and the risk to damage the devices during experiments make researches about Smart TVs challenging in cyber security and digital forensics fields.
This presentation offers an overview on how to deal with an Apple TV from the point of view of digital forensics analyst: what kind of information we can obtain and how to analyze it.
In the last years several things have chaned in the world of iOS forensics, both in terms of acquisition and in terms of analysis. The objective of this presentation is to provide an overview of the state of the art in terms of acquisition techniques and overcoming of the device's protection mechanisms, in particular the access code chosen by the user. In addition, the presentation aims to highlight what information we are missing by using the techniques and tools available on the market and what are the alternative paths we can use to overcome this problem
IoT devices are an emerging field in IT in general and of course in Digital Forensics. It is more and more common to read about news on investigation made also by means of analysing data stored on IoT devices. As any other smart device, Smart TVs can be connected to Internet and interact with other devices in home or business contexts, becoming a potentially target of criminal activity and a source of information during digital investigations related to the reconstruction of user’s activity. However the lack of documentations, the uses of proprietary and closed-‐source operating systems and the risk to damage the devices during experiments make researches about Smart TVs challenging in cyber security and digital forensics fields.
This presentation offers an overview on how to deal with an Apple TV from the point of view of digital forensics analyst: what kind of information we can obtain and how to analyze it.
In the last years several things have chaned in the world of iOS forensics, both in terms of acquisition and in terms of analysis. The objective of this presentation is to provide an overview of the state of the art in terms of acquisition techniques and overcoming of the device's protection mechanisms, in particular the access code chosen by the user. In addition, the presentation aims to highlight what information we are missing by using the techniques and tools available on the market and what are the alternative paths we can use to overcome this problem
Introducing Intelligence Into Your Malware AnalysisBrian Baskin
With malware becoming more prevalent, and the pool of capable reversers falling short of overall need, there is a greater need to provide quick and efficient malware analysis for network defense. While many analysts have a grasp on how to appropriately reverse malware, there is large room for improvement by extracting critical indicators, correlating on key details, and cataloging artifacts in a way to improve your corporate response for the next attack. This talk will cover beyond the basics of malware analysis and focus on critical indicators that should analysts should focus on for attribution and better reporting.
Malware's Most Wanted: How to tell BADware from adwareCyphort
How do you effectively deal with the ever-increasing amount of adware? Adware is annoying, but not all are created equal. At this MMW we look at growing landscape of adware and malware. We will discuss tools to give you behavior insights and ways to reveal the context of adware as it relates to your business.
This presentation is a fun introduction to the tools used by script kiddies, namely the Remote Admin Tools (or Remote Access Trojans). These GUI based hacking tools include a lot of funny and scary features.
Defending Against the Dark Arts of LOLBINS Brent Muir
Copy of my slides from my 2020 Poland Confidence presentation...
This talk will provide an overview of the LOLBIN/LOLBAS estate, why they are a preferred attack tool over malware, and how organisations can better secure their estate against their abuse.
In theory, post-exploitation after having remote access is easy. Also in theory, there is no difference between theory and practice. In practice, there is. Imagine a scenario, where you have deployed a malware on a user’s workstation, but the target information is on a secure server accessed via two-factor authentication, with screen access only (e.g. RDP, Citrix, etc.). On top of that, the server runs application white-listing, and only the inbound port to the screen server (e.g. 3389) is allowed through the hardware firewall. But you also need persistent interactive C&C communication (e.g. Netcat, Meterpreter, RAT) to this server through the user’s workstation.
I developed (and will publish) two tools that help you in these situations. The first tool can drop malware to the server through the screen while the user is logged in. The second tool can help you to circumvent the hardware firewall after we can execute code on the server with admin privileges (using a signed kernel driver). My tools are generic meaning that they work against Windows server 2012 and Windows 8, and they work with RDP or other remote desktops. The number of problems you can solve with them are endless, e.g., communicating with bind-shell on webserver behind restricted DMZ. Beware, live demo and fun included!
Advanced Information Gathering AKA Google HackingGareth Davies
A talk I gave at Hack in the Box (HITB) 2004 about Information Gathering AKA Google Hacking and more.
The talk covers the lesser known aspects of Google, tools such as Athena and Sitedigger and the amount of random misconfiguration that can be found with a little careful search engine manipulation. Other useful public databases will be covered with some details on how to leverage the maximum amount of detail on any given target.
Also an introduction to the Google API and how it can be used or abused during a penetration test or hack attempt. This presentation will include a live demonstration in which the above techniques will used to gather coveted information about both random and targeted organizations.
Обход проверки безопасности в магазинах мобильных приложений при помощи платф...Positive Hack Days
В докладе описывается новый вектор атак на магазины приложений с обходом проверки безопасности, которая проводится при публикации приложения в любом магазине приложений. Обычно после публикации мобильного приложения магазины запускают песочницу или проводят тестирование вручную и решают, является ли оно легитимным. Используя платформу Hybrid (например, Cordova), можно обновлять мобильные приложения без согласия пользователя и уведомления магазинов.
Introducing Intelligence Into Your Malware AnalysisBrian Baskin
With malware becoming more prevalent, and the pool of capable reversers falling short of overall need, there is a greater need to provide quick and efficient malware analysis for network defense. While many analysts have a grasp on how to appropriately reverse malware, there is large room for improvement by extracting critical indicators, correlating on key details, and cataloging artifacts in a way to improve your corporate response for the next attack. This talk will cover beyond the basics of malware analysis and focus on critical indicators that should analysts should focus on for attribution and better reporting.
Malware's Most Wanted: How to tell BADware from adwareCyphort
How do you effectively deal with the ever-increasing amount of adware? Adware is annoying, but not all are created equal. At this MMW we look at growing landscape of adware and malware. We will discuss tools to give you behavior insights and ways to reveal the context of adware as it relates to your business.
This presentation is a fun introduction to the tools used by script kiddies, namely the Remote Admin Tools (or Remote Access Trojans). These GUI based hacking tools include a lot of funny and scary features.
Defending Against the Dark Arts of LOLBINS Brent Muir
Copy of my slides from my 2020 Poland Confidence presentation...
This talk will provide an overview of the LOLBIN/LOLBAS estate, why they are a preferred attack tool over malware, and how organisations can better secure their estate against their abuse.
In theory, post-exploitation after having remote access is easy. Also in theory, there is no difference between theory and practice. In practice, there is. Imagine a scenario, where you have deployed a malware on a user’s workstation, but the target information is on a secure server accessed via two-factor authentication, with screen access only (e.g. RDP, Citrix, etc.). On top of that, the server runs application white-listing, and only the inbound port to the screen server (e.g. 3389) is allowed through the hardware firewall. But you also need persistent interactive C&C communication (e.g. Netcat, Meterpreter, RAT) to this server through the user’s workstation.
I developed (and will publish) two tools that help you in these situations. The first tool can drop malware to the server through the screen while the user is logged in. The second tool can help you to circumvent the hardware firewall after we can execute code on the server with admin privileges (using a signed kernel driver). My tools are generic meaning that they work against Windows server 2012 and Windows 8, and they work with RDP or other remote desktops. The number of problems you can solve with them are endless, e.g., communicating with bind-shell on webserver behind restricted DMZ. Beware, live demo and fun included!
Advanced Information Gathering AKA Google HackingGareth Davies
A talk I gave at Hack in the Box (HITB) 2004 about Information Gathering AKA Google Hacking and more.
The talk covers the lesser known aspects of Google, tools such as Athena and Sitedigger and the amount of random misconfiguration that can be found with a little careful search engine manipulation. Other useful public databases will be covered with some details on how to leverage the maximum amount of detail on any given target.
Also an introduction to the Google API and how it can be used or abused during a penetration test or hack attempt. This presentation will include a live demonstration in which the above techniques will used to gather coveted information about both random and targeted organizations.
Обход проверки безопасности в магазинах мобильных приложений при помощи платф...Positive Hack Days
В докладе описывается новый вектор атак на магазины приложений с обходом проверки безопасности, которая проводится при публикации приложения в любом магазине приложений. Обычно после публикации мобильного приложения магазины запускают песочницу или проводят тестирование вручную и решают, является ли оно легитимным. Используя платформу Hybrid (например, Cordova), можно обновлять мобильные приложения без согласия пользователя и уведомления магазинов.
This talk is going to give an overview of Android operating system and it´s apps ecosystem from the security point of view of a penetration tester.
So lets dive into topics like Pentest Environment Setup, Tools of the Trade, App Analysis and some security hints for Android developers.
Please, Please, PLEASE Defend Your Mobile Apps!Jerod Brennen
Admit it: mobile is sexy. Unfortunately, companies are giving into corporate peer pressure and publishing mobile apps before integrating appsec into the mobile app development process. This gives attackers another venue of attack, one with the potential of circumventing the host, network, and application security controls that the security team has already implemented. The purpose of this presentation is to show attendees how attackers can deconstruct mobile apps to find these attack vectors and (more importantly) how to close these security holes before the apps are published to public app stores.
OSXCollector: Automated forensic evidence collection & analysis for OS X (Bru...Jakub "Kuba" Sendor
We use Macs a lot at Yelp, which means that we see our fair share of Mac-specific security alerts. Host based detectors will tell us about known malware infestations or weird new startup items. Network based detectors see potential C2 callouts or DNS requests to resolve suspicious domains. Sometimes our awesome employees just let us know, “I think I have like Stuxnet or conficker or something on my laptop.”
When alerts fire, our incident response team’s first goal is to “stop the bleeding” – to contain and then eradicate the threat. Next, we move to “root cause the alert” – figuring out exactly what happened and how we’ll prevent it in the future. One of our primary tools for root causing OS X alerts is OSXCollector.
OSXCollector (https://github.com/Yelp/OSXCollector) is an open source forensic evidence collection and analysis toolkit for OS X. It was developed in-house at Yelp to automate the digital forensics and incident response (DFIR) our crack team of responders had been doing manually.
Android Embedded - Smart Hubs als Schaltzentrale des IoTinovex GmbH
Viele IoT-Anwendungen fordern eine grafische Benutzerschnittstelle, um mit uns zu kommunizieren. Dies kann auf ganz klassischen Wegen wie Webseiten oder Apps erfolgen. Hardwarenahe Anwendungen fordern aber meist auch ein speziell abgestimmtes Human-Machine-Interface (HMI), zum Beispiel im Auto oder im Smart Home. Diese zentrale HMI-Hardware übernimmt häufig auch zentrale steuernde Aufgaben und integriert sich mit verschiedensten Protokollen und Komponenten. Setzt man Android auf einem Single Board Computer (SBC) in Verbindung mit einem Display- und Touchsensor ein, hat man eine ideale Kombination für diese Herausforderung. Wir zeigen, wie sich Android in das IoT eingliedert und welche Vorteile diese Lösung bietet.
Speaker: Dominik Helleberg, inovex
DotDotPwn es una herramienta diseñada para automatizar el proceso de búsqueda de vulnerabilidades de Directory Traversal o Escalada de Directorios. Esta escrita en Perl. Permite auditar servicios de FTP, TFTP, HTTP, o cualquier aplicación web.
Ha sido incluida previamente en los repositorios de BackTrack. Actualmente se puede descargar de http://dotdotpwn.sectester.net/.
Con DotDotPWN se han encontrado varias vulnerabildades en servers como:
MultiThreaded HTTP Server
Wing FTP Server v3.4.3
Yaws 1.89
Mongoose 2.11
VicFTPS v5.0
Home FTP Server vr1.11.1 (build 149)
TFTP Desktop 2.5
TFTPDWIN v0.4.2
Actualmente contiene los siguientes módulos:
HTTP
HTTP URL
FTP
TFTP
Payload (independiente del protocolo)
STDOUT
Los últimos cámbios incluyen lo siguiente:
Parámetro -X para utilizar el algorítmo de bisección para extraer la profundidad exacta de la vulnerabilidad de directory traversal encontrada.
Parámetro -M para especificar un método HTTP diferente de GET al utilizar el modulo de HTTP. Los métodos soportados son: POST, HEAD,COPY y MOVE.
Parámetro -e para especificar la extensión que se agregara al final de cada prueba. (ej. “.php”, “.jpg”, “.inc”).
Nuevos tipos de codificación de puntos y diagonales basado en: https://www.owasp.org/index.php/Canonicalization,_locale_and_Unicode y http://wikisecure.net/security/uri-encoding-to-bypass-idsips
En GuadalajaraCON, Alejandro Hernández (@nitr0us) y Christian Navarrete (@Chr1x) nos mostrarán los últimos avances en cuanto a la herramienta.
GUADALAJARACON 2012
http://www.guadalajaracon.org
Guadalajara, Jalisco, México - 20 y 21 de abril del 2012
Security Vulnerabilities in Mobile Applications (Kristaps Felzenbergs)TestDevLab
A presentation about security of mobile apps by our senior quality assurance engineer Kristaps Felzenbergs. It was presented at TAPOST 2017 software testing conference.
Similar to Study and analysis of Orweb anonymizer on Android Devices (20)
The Samsung, now Seagate, SecretZone (SSZ) is a software program that protects personal information by creating a secure, password-‐protected folder on the Samsung external drive. This software is provided free along with Samsung devices, as for example a M series device, and can only be used with such devices.
This presentation will share two real DF cases where such tool was used by the suspects to hide their data, and how these cases were handled to overcome such protection. Moreover a major flaw in the SSZ implementation will be addressed, which allows to easily decrypt the whole "secret zone", despite the strong algorithms used (AES, Blowfish).
Windows credentials manager stores users’ credentials in special folders called vaults. Being able to access such credentials could be truly useful during a digital investigation for example, to gain access to other protected systems. Moreover, if data is in the cloud, there is the need to have the proper tokens to access it. This presentation will describe vaults’ internals and how they can be decrypted; the related
Python Open Source code will be made publicly available. During the session, credentials and vaults coming from Windows 7, Windows 8.1 and Windows 10 will be decrypted, focusing on particular cases of interest. Finally, the presentation will address the challenges coming from Windows Phone, such as getting system-users’ passwords and obtaining users’ ActiveSync tokens.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
Study and analysis of Orweb anonymizer on Android Devices
1. STUDY AND ANALYSIS OF ORWEB (AND ORFOX)
ANONYMIZER(S) ON ANDROID DEVICES
CLAUDIA MEDA & MATTIA EPIFANI
DFRWS EU 2016
LAUSANNE, 31 MARCH 2016
2. ORBOT
HTTPS://GUARDIANPROJECT.INFO/APPS/ORBOT/
What is Orbot?
• Open source software for Internet
traffic encryption through
computers around the world
• Configured to transparently proxy
all of Internet traffic through Tor
(The Onion Router)
• Choice which specific apps can be use
through Tor
• Private internet connection
• Private web surfing
• Private chat messaging
• Privacy on Twitter
3. ORWEB
HTTPS://GUARDIANPROJECT.INFO/APPS/ORWEB/
• Current default browser for Orbot on Android evades
tracking and censorship by bouncing encrypted traffic several
times through computers around the world.
• Based on Orbot
“When a communication arrives fromTor, you can never know where
or whom it’s from”
NewYorkTimes
What is Orweb?
Orfox
Summer/Autumn 2015
5. ANALYSIS METHODOLOGY – PART 1
ENVIRONMENT
Samsung Galaxy S5 with
Android 5.0
Rooting with KingoRoot
INSTALLATION
Orbot download, install and
execution
Orweb download, install
and execution
Orfox download, install and
execution
DEVICE PHYSICAL
ACQUISITION
1 2 3
6. SYSTEM FOLDER
PACKAGES.LIST
INSTALLED APPS INFORMATION (PACKAGE NAME, UID,APP PATH)
Package name org.torproject.android
UserID 10076
App path /data/data/org.torproject.android
Package name info.guardianproject.browser
UserID 10077
App path /data/data/info.guardianproject.browser
Package name info.guardianproject.orfox
UserID 10078
App path /data/data/info.guardianproject.orfox
ORBOT
ORWEB
ORFOX
7. SYSTEM FOLDER
PACKAGES.XML
LIST OF PERMISSIONS AND PACKAGES/APPLICATIONS
<package name="org.torproject.android" userId="10076" version="15012310" ut="151b5c6d5a5"
it="151b5c6d5a5" ft="151b5c6cf20" flags="540228" dt="151b5c6db57" dm="2"
nativeLibraryRootRequiresIsa="true" nativeLibraryDir="/data/app/org.torproject.android-1/lib/arm"
nativeLibraryRootDir="/data/app/org.torproject.android-1/lib"
nativeLibraryPath="/data/app/org.torproject.android-1/lib" codePath="/data/app/org.torproject.android-1"
primaryCpuAbi="armeabi-v7a" installer="com.android.vending">
<perms>
<item name="android.permission.RECEIVE_BOOT_COMPLETED"/>
<item name="org.torproject.android.MANAGE_TOR"/>
<item name="android.permission.ACCESS_NETWORK_STATE"/>
<item name="android.permission.INTERNET"/>
</perms>
</package>
Attribute Description
UT Timestamp in hex format of last update
IT Timestamp in hex format of fist time installation
Timestamp
Fri, 18 Dec 2015 – 15:48:05
Fri, 18 Dec 2015 – 15:48:05
8. SYSTEM FOLDER
PACKAGE-USAGE.LIST
APP LAST EXECUTIONTIME (EPOCH)
Application Timestamp
org.torproject.android 1451345825.267
info.guardianproject.browser 1450459648.348
info.guardianproject.orfox 1452006535.657