Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Mobile Phone Forensics

advertisement 
David Benford MSc
Forensic Computing & Security
David Benford MSc
Blackstage Forensics Limited
About me:
•
•
•
•
•
Criminal defence
Corporate
Security clearance
The Cavell Group
Charity Trustee
David Benford MSc
Blackstage Forensics Limited
....the science of
retrieving data from a
mobile phone under
forensically sound
conditions....
David Benford MSc
Blackstage Forensics Limited
Numbers:
• 5.3 billion subscriptions by end of 2010
(ITU.INT,2010)
• Translates to 77% of world
• 842 million subscribers in China
• Asia-Pacific region including India and
China account 47% of connections
globally
• 10 billion phones sold since ’94
•Nokia 3.4 billion
• 30 million sold in UK annually
“Five
billion phones means there are
more than three times as many
phones as personal computers”
Ben Wood Analyst, CCS Insight
David Benford MSc
Blackstage Forensics Limited
iPhone Sales Forecast to Hit
100 Million by 2011!
(PCWorld.com, 2010)
David Benford MSc
Blackstage Forensics Limited
Digital Handheld Devices:
• Smartphone
• Basic Mobile Phone
• SatNav & GPS
• iPad, iPod & other Media Players
• PDA & Pocket PC
David Benford MSc
Blackstage Forensics Limited
ACPO Guidelines:
(www.acpo.police.uk)
Principle 1: No action taken by law enforcement agencies or
their agents should change data held on a computer or storage
media which may subsequently be relied upon in court.
Principle 2: In exceptional circumstances, where a person finds
it necessary to access original data held on a computer or on
storage media, that person must be competent to do so and be
able to give evidence explaining the relevance and the
implications of their actions.
Principle 3: An audit trail or other record of all processes
applied to computer based electronic evidence should be
created and preserved. An independent third party should be
able to examine those processes and achieve the same result.
Principle 4: The person in charge of the investigation (the case
officer) has overall responsibility for ensuring that the law and
these principles are adhered to.
David Benford MSc
Blackstage Forensics Limited
Applications:
•
•
•
•
•
•
Criminal law
Civil law
Commercial law
Corporate applications – audits & tribunals
Crisis management
Cyber bullying
David Benford MSc
Blackstage Forensics Limited
Evidential data can be recovered from:
•
•
•
•
Device
SIM/USIM
Removable Media Storage
Backup
David Benford MSc
Blackstage Forensics Limited
Main Forensic Tools:
• Microsystemation XRY/Xact
• Cellebrite UFED
• Oxygen Forensic Suite
• Flasher Box – Hex dump
David Benford MSc
Blackstage Forensics Limited
SIM (Subscriber Identity Module)
or USIM (Universal Subscriber Identity
Module) Forensics
• International Mobile Subscriber Identity
(IMSI)
• Last dialled numbers
• Location information
• Contacts
• Service provider name
• ICCID (Integrated Circuit Card ID) 18
digit number
• SMS text messages – including deleted
David Benford MSc
Blackstage Forensics Limited
Types of Data Extraction:
• Logical
• Usually done via vendor interface
for synchronising contents of phone with PC
• Physical
• Bit-by-bit copy of device via flash memory
• Similar to computer extraction
• 2 step – dump & decode
• Manual
• Done when no available tool
• Chip Removal
• Last resort
• Read by commercial off the shelf memory
programmer & then dump & decode
David Benford MSc
Blackstage Forensics Limited
Phone analysis:
• No single tool
• Variations in firmware versions
• Vendor-specific modifications
David Benford MSc
Blackstage Forensics Limited
David Benford MSc
Blackstage Forensics Limited
David Benford MSc
Blackstage Forensics Limited
XRY (Logical) Process:
• Learn device
• Charge
• Isolate
• SIM clone
• Faraday
• Switch on
• Time/date etc
• Photographs
• SIM extraction
• Phone Extraction
• Analyse & report
• Manually record process
David Benford MSc
Blackstage Forensics Limited
Smartphones
•
•
•
•
•
•
Social networking
Instant messaging / VOIP
Location based services
Web Browsing activities
Email activity
App data
David Benford MSc
Blackstage Forensics Limited
Apple iPhone
•
•
•
•
•
•
•
Scaled down Mac OS x based on BSD
App Store
iTunes
iPad came first!
Location Services default
No one tool does it all
Pin lock is easily bypassed for media files
David Benford MSc
Blackstage Forensics Limited
David Benford MSc
Blackstage Forensics Limited
Location Services : Friend or Foe?
•
•
•
•
Geotags
Social Networks
Augmented Reality
Blogs
David Benford MSc
Blackstage Forensics Limited
The iPhone and Fraud
• Modifying data
• Directly
• iTunes
David Benford MSc
Blackstage Forensics Limited
David Benford MSc
Blackstage Forensics Limited
David Benford MSc
Blackstage Forensics Limited
David Benford MSc
Blackstage Forensics Limited
David Benford MSc
Blackstage Forensics Limited
Crossover: Phones & Computers
• Smartphones are mini-computers
• Backups
• Windows 7 Shadow Volume Copies
David Benford MSc
Blackstage Forensics Limited
Future:
Clustering of phones to provide PC-like capabilities
PC Replacements – full-blown software
The Cloud
Payment by phone
Fully connected, location-aware devices
“Situationally & contextually aware tp present
information accordingly”
(digitaltrends.com, 2010)
• Development of A.R.
“ad hoc broadcast terminal at sporting events where
you can view a video feed from a guy in the second
row or up in the nose-bleed seats”
•
•
•
•
•
(digitaltrends.com, 2010)
David Benford MSc
Blackstage Forensics Limited
Conclusion
David Benford MSc
Blackstage Forensics Limited
References:
CCS Insight Blog » Ben Wood. Available at:
http://www.ccsinsight.com/blog/?author=3 [Accessed January
16, 2011].
Forensics. Available at: http://www.zdziarski.com/blog/?cat=8
[Accessed January 16, 2011].
iPhone Sales Forecast to Hit 100 Million by 2011 - PCWorld.
Available at:
http://www.pcworld.com/article/199237/iphone_sales_forecas
t_to_hit_100_million_by_2011.html [Accessed January 16,
2011].
Speeches and Disscussion Papers. Available at:
http://www.itu.int/ITU-D/ict/papers/ [Accessed January 16,
2011].
The Future of Smartphones: 2010-2015 and Beyond. Available
at: http://www.digitaltrends.com/features/the-future-ofsmartphones-2010-2015-and-beyond/ [Accessed January 16,
2011].
David Benford MSc
Blackstage Forensics Limited
Any Questions?
David Benford MSc
Blackstage Forensics Limited
Blackstage Forensics
Catton Hall,
Catton
Derbyshire
DE12 8LN
T: +44(0)1283 762559
E: David@Blackstage-forensics.co.uk
W: www.Blackstage-forensics.co.uk
Charity: www.Cystinosis.org.uk
Thank you for
your attention!
David Benford MSc
Blackstage Forensics Limited
Related documents
Chapter 5
Chapter 5
Chapter 7
Chapter 7
Curriculum Vitae for Klaus de Vibe
Curriculum Vitae for Klaus de Vibe
Digital Forensics and Cyber Psychology
Digital Forensics and Cyber Psychology
Digital…it`s how we live! - Expert Insights, Computer Forensics
Digital…it`s how we live! - Expert Insights, Computer Forensics
Information Systems and Internet Security (ISIS) Lab Some Recent
Information Systems and Internet Security (ISIS) Lab Some Recent
QKVS
QKVS
John Sage
John Sage
Download
advertisement