logging in or signing up MOBILE FORENSICS aSGuest76157 Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 701 Category: Science & Tech.. License: Some Rights Reserved Like it (1) Dislike it (0) Added: November 21, 2010 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript MOBILE FORENSICS : A WAY TO REVEAL HIDDEN FROM MOBILE DEVICES MOBILE FORENSICS Learning Objectives : Learning Objectives What is Digital Forensics? What is Mobile Phone Forensics? Which information need to be analyzed? Why cell phone forensics can be more problematic than computer forensics? Complications with data preservation for mobile phones Situations Tools specifically designed for cell phone forensics Digital Forensics : Digital Forensics The discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and data storage devices in a way that could be admissible as evidence in a court of law. Mobile Forensics : Mobile Forensics Mobile Forensics is defined as “the science of recovering digital evidence from a mobile phone under forensically sound conditions using accepted methods.” Stored Information : Stored Information Potential Information : Potential Information Parts of Mobile Phone : Parts of Mobile Phone The Mobile Phone stores different type of valuable information in itself. ME (Mobile Equipment) SIM Card Memory Card Mobile Network The part of Mobile Phone: - Requirements : Requirements Mobile Equipment capturing & analysis tool SIM Card capturing & analysis tool Memory Card (Extended Memory) capturing & analysis tool Mobile Network data analysis tool Mobile Forensics vs. Computer Forensics : Mobile Forensics vs. Computer Forensics Complications… : Complications… Compact size Battery-powered Wide variety of cables and connectors Diverse operating systems File system sometimes in volatile memory Complications… : Complications… Hibernation behavior Turn phone off or leave it on…? Charging Continued communication Short product cycles for new devices According to the situation : According to the situation Ability to access the target phone No access, temporary access, seized. Type of access to the target phone Passive, invasive, ability to replace parts. Knowledge of keys None, PIN, PUK, Ki etc… Device’s state Functional, still powered-on, dysfunctional A collection of solutions Situation – 1 : Situation – 1 Ability to access the target phone No access, temporary access, seized. Type of access to the target phone Passive, invasive, ability to replace parts. Knowledge of keys None, PIN, PUK, Ki etc… Device’s state Functional, still powered-on, dysfunctional Solution : Solution Unsolder flash and read it externally. Requires very specific equipment. (integrated vision, air flow and unsoldering, e.g Retronics, Metcal) Flash containing user and phone data µBGA connector Situation – 2 : Situation – 2 Ability to access the target phone No access, temporary access, seized. Type of access to the target phone Passive, invasive, ability to replace parts. Knowledge of keys None, PIN, PUK, Ki etc… Device’s state Functional, still powered-on, dysfunctional Solution : Solution Record and exhaust. Interception of traffic i.e. Calls, SMS, Web Browsing, Emails, Video Calling Situation – 3 : Situation – 3 Ability to access the target phone No access, temporary access, seized. Type of access to the target phone Passive, invasive, ability to replace parts. Knowledge of keys None, PIN, PUK, Ki etc… Device’s state Functional, still powered-on, dysfunctional Solution : Solution Situation – 4 : Situation – 4 Ability to access the target phone No access, temporary access, seized. Type of access to the target phone Passive, invasive, ability to replace parts. Knowledge of keys None, PIN, PUK, Ki etc… Device’s state Functional, still powered-on, dysfunctional Solution : Solution Use Mobile Forensic Tool kit Understanding Acquisition Procedures : Understanding Acquisition Procedures Check these areas in the forensics lab : Internal memory SIM card Removable or external memory cards Mobile Network (System server) Mobile Phone Forensic Tools : Mobile Phone Forensic Tools Hardware Tools CellDek – Mobile Phone, SIM Card, Memory Card CellDek TEK – Mobile Phone, SIM Card, Memory Card Cellebrite – Mobile Phone, SIM Card, Memory Card Software Tools Oxygen Forensic Suite 2010 – Mobile Phone, SIM Card, Memory Card Device Seizure - Mobile Phone, SIM Card, Memory Card Mobiledit - Mobile Phone, SIM Card, Memory Card SIM Card Forensic Tools : SIM Card Forensic Tools SIMCon SIM Card Reader – SIM Card BK Forensic SIM Card Reader – SIM Card Memory Card Forensic Tools : Encase Forensic – Memory Card, Hard Drive Forensic Tool Kit – RAM, Memory Card, Hard Drive X-Ways Forensic - Memory Card, Hard Drive Pro Discover - Memory Card, Hard Drive Helix - Memory Card, Hard Drive Memory Card Forensic Tools Slide 25: Sentinel Visualizer i2 Notebook Network Information Forensic Tools Process : Suspect Identification DataProcessing DataAnalysis DataDisplay Data Capture Report Generation SeizureIsolation Process Live Demonstration : Live Demonstration CellDek TEK Questions? Contact us! : Contact us! Vishnu Dutt dutt1985@gmail.com +91-9871516391 You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
MOBILE FORENSICS aSGuest76157 Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 701 Category: Science & Tech.. License: Some Rights Reserved Like it (1) Dislike it (0) Added: November 21, 2010 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript MOBILE FORENSICS : A WAY TO REVEAL HIDDEN FROM MOBILE DEVICES MOBILE FORENSICS Learning Objectives : Learning Objectives What is Digital Forensics? What is Mobile Phone Forensics? Which information need to be analyzed? Why cell phone forensics can be more problematic than computer forensics? Complications with data preservation for mobile phones Situations Tools specifically designed for cell phone forensics Digital Forensics : Digital Forensics The discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and data storage devices in a way that could be admissible as evidence in a court of law. Mobile Forensics : Mobile Forensics Mobile Forensics is defined as “the science of recovering digital evidence from a mobile phone under forensically sound conditions using accepted methods.” Stored Information : Stored Information Potential Information : Potential Information Parts of Mobile Phone : Parts of Mobile Phone The Mobile Phone stores different type of valuable information in itself. ME (Mobile Equipment) SIM Card Memory Card Mobile Network The part of Mobile Phone: - Requirements : Requirements Mobile Equipment capturing & analysis tool SIM Card capturing & analysis tool Memory Card (Extended Memory) capturing & analysis tool Mobile Network data analysis tool Mobile Forensics vs. Computer Forensics : Mobile Forensics vs. Computer Forensics Complications… : Complications… Compact size Battery-powered Wide variety of cables and connectors Diverse operating systems File system sometimes in volatile memory Complications… : Complications… Hibernation behavior Turn phone off or leave it on…? Charging Continued communication Short product cycles for new devices According to the situation : According to the situation Ability to access the target phone No access, temporary access, seized. Type of access to the target phone Passive, invasive, ability to replace parts. Knowledge of keys None, PIN, PUK, Ki etc… Device’s state Functional, still powered-on, dysfunctional A collection of solutions Situation – 1 : Situation – 1 Ability to access the target phone No access, temporary access, seized. Type of access to the target phone Passive, invasive, ability to replace parts. Knowledge of keys None, PIN, PUK, Ki etc… Device’s state Functional, still powered-on, dysfunctional Solution : Solution Unsolder flash and read it externally. Requires very specific equipment. (integrated vision, air flow and unsoldering, e.g Retronics, Metcal) Flash containing user and phone data µBGA connector Situation – 2 : Situation – 2 Ability to access the target phone No access, temporary access, seized. Type of access to the target phone Passive, invasive, ability to replace parts. Knowledge of keys None, PIN, PUK, Ki etc… Device’s state Functional, still powered-on, dysfunctional Solution : Solution Record and exhaust. Interception of traffic i.e. Calls, SMS, Web Browsing, Emails, Video Calling Situation – 3 : Situation – 3 Ability to access the target phone No access, temporary access, seized. Type of access to the target phone Passive, invasive, ability to replace parts. Knowledge of keys None, PIN, PUK, Ki etc… Device’s state Functional, still powered-on, dysfunctional Solution : Solution Situation – 4 : Situation – 4 Ability to access the target phone No access, temporary access, seized. Type of access to the target phone Passive, invasive, ability to replace parts. Knowledge of keys None, PIN, PUK, Ki etc… Device’s state Functional, still powered-on, dysfunctional Solution : Solution Use Mobile Forensic Tool kit Understanding Acquisition Procedures : Understanding Acquisition Procedures Check these areas in the forensics lab : Internal memory SIM card Removable or external memory cards Mobile Network (System server) Mobile Phone Forensic Tools : Mobile Phone Forensic Tools Hardware Tools CellDek – Mobile Phone, SIM Card, Memory Card CellDek TEK – Mobile Phone, SIM Card, Memory Card Cellebrite – Mobile Phone, SIM Card, Memory Card Software Tools Oxygen Forensic Suite 2010 – Mobile Phone, SIM Card, Memory Card Device Seizure - Mobile Phone, SIM Card, Memory Card Mobiledit - Mobile Phone, SIM Card, Memory Card SIM Card Forensic Tools : SIM Card Forensic Tools SIMCon SIM Card Reader – SIM Card BK Forensic SIM Card Reader – SIM Card Memory Card Forensic Tools : Encase Forensic – Memory Card, Hard Drive Forensic Tool Kit – RAM, Memory Card, Hard Drive X-Ways Forensic - Memory Card, Hard Drive Pro Discover - Memory Card, Hard Drive Helix - Memory Card, Hard Drive Memory Card Forensic Tools Slide 25: Sentinel Visualizer i2 Notebook Network Information Forensic Tools Process : Suspect Identification DataProcessing DataAnalysis DataDisplay Data Capture Report Generation SeizureIsolation Process Live Demonstration : Live Demonstration CellDek TEK Questions? Contact us! : Contact us! Vishnu Dutt dutt1985@gmail.com +91-9871516391