research

advertisement
Kevin Emmanuel
MPE+ Access Data
MPE+ stands for Mobile Phone Examiner Plus. It is a mobile forensics solution that runs
on over 7000 devices including Apple IOS, Blackberry, and Android operating systems. It can
also work on devices with Chinese Chipset. Mobile Phone Examiner can be purchased with
phone cables and also a SIM reader. MPE+ includes a visualization tool in which you can see
different relationships of communication dealing with contacts on a phone or mobile device. It
then is able to create graphical data timelines from this information. There is no need for a
passcode either to obtain the information.
Mobile Phone Examiner Plus allows mobile forensic investigators to perform in-debt
investigations without expensive extra hardware. There is broad support for multiple devices and
different filtering options to make specific reports. It has an integration with FT and touch tablet
options, which means investigators can upgrade their functionality. If you add a program called
Velocitor, it enhances MPE Plus in which it supports even more cheap Chinese Devices. It
makes the program compatible with generic phones, tablets, and Chinese phones which can be
very helpful inside of an investigation. It provides logical and physical extraction of data
information from 95% of Chinese chipsets, such as full flash data extraction.
The devices that Mobile Phone Examiner Plus runs on are Blackberry, IOS, Chinese
devices, Windows Mobile, and Android. Some Chinese supported devices may include
Spreadtrum, MediaTek, Philips, TI, MSTAR, Coolsand and others. It works on any IOS device
up to iOS7, starting from iPhone 4 and iPad 1. Full data can be extracted from rooted Android
devices. Legacy phones are included such as LG, Nokia, Motorola, ZTE, Sony Ericsson,
Samsung and others. The software is compatible on both cell phones and mobile devices. The
process of using the device is you first connect it to the supported phone or mobile device. Then
you select the data types to extract, which may be text messages sms, call history, email, etc.
Then you click extract. The next thing you do is Review the collected data in MPE+. There I a
visualization feature which shows you a timeline from the data collected. After all of this, the
next step is to save and go. You save the data collected. The files are saved as an AD1 File. You
then import the AD1 case file into a summation in which the file can be read in a particular
platform or program that accepts AD1 files, such as AD eDiscovery.
MPE Plus has an automatic one click recovery feature. It can extract data from various
social media programs. These programs include Google Voice, Twitter, Facebook, LinkedIn, We
Chat, Skype, QQ and more. Also if USB debugging is not enable don Android devices, it can
still enable physical imaging of those devices and allow the bypass of any passcodes. There is an
extraction Wizard when used with the Samsung Galaxy SII and Galaxy SIII. There is also
support for Galaxy S4. There is physical image support for Android RFS file system and more.
On both GSM and CDMA IOS devices, jail breaking is not required for MPE to work. ITunes is
not required to retrieve data. The Operating System gets decrypted on the IOS devices from 1.0
to v.7. ITunes data such as folders and backups can also be accessed.
MPE Plus is a great device for mobile Forensic investigators. Many files can be
extracted, even with passwords enabled or USB debugging not enabled. SMS can be viewed in
conversation mode. Emails, videos, sms, photos, and more can all be retrieved with this tool.
Specific keywords can be searched and flagged when the software is looking through the device
being researched using an advanced alert manager. These information can be critical in piecing
together a major investigation of a suspect. MPE Plus works on a Windows based PC,
specifically Windows 7 64-bit (all versions). It needs dedicated video memory of 128MB or
higher and disk space of at least 500GB. More may be needed for physical Apple device data.
Source: http://www.accessdata.com/products/digital-forensics/mobile-phone-examiner
TimeLine Visualization:
Filter columns:
iPhone 4s/iPhone 5 with IOS 6.0 to IOS 6.1.2 Root Instructions
The Evasi0n tool is an open source software that is free to retrieve online. It jailbreaks specific Apple
devices and allows users to enter the file system and alter it. It is compatible with iOS 6.1.2, 6.1, 6.0.2,
6.0.1, and 6.0. To view the settings on your iPhone to see which version you have, you go to settings >
About > Version to make sure you have the compatible iOS version.
To get the latest version of Evasion, you would go to their website which is www.evasi0n.com. The team
behind evasi0n are known as Evad3rs Dev team. The type of jailbreak that evasi0n is would be untethered
which means if the phone is restarted, the phone would not lose its jailbreak. These are the steps to
jailbreak the iPhone:
1. Download the evasion from the download link on their website at www.evasi0n.com.
2. Double click the evasi0n zip file and extract the application to the evasi0n folder on your
pc.
3. Launch or run the application from the folder that it is stored in on your c.
4. A prompt will then show to connect your iPhone to your pc. It is recommended to disable
the passcode on your phone so that the jailbreak process does not fail.
5. Evasi0n program will then detect your iPhone automatically and state the firmware that
it is running on.
6. Click the jailbreak button
7. The progress of the jailbreak will then appear and you will also see a bar to accommodate
how far until the jailbreak has been finished.
8. Once the process is complete, you will get a message telling you to unlock your iPhone
9. Unlock your iPhone and then an app will be on the iPhone that says jailbreak. Tap on that
app to start it.
10. Once it is done, it will give a message stating that the jailbreak is complete, and the device
will restart a few times as it completes the process.
11. You should then see a Cydia icon as one of your new apps one the jailbreak has been
finished.
When Cydia is downloaded, this opens up the iPhone, allowing the user to freely
customize and explore the file system. Cydia allows cracked apps to get downloaded to
the iPhone. You can get an app such as iFile through Cydia which puts you into the root
of your iPhone.
To set up Cydia, you open the Cydia application > go to
manage>sources>edit>add. Add this source where it says add: http://cydia.hackulo.us/.
Once you do that, you can start using Cydia and add different sources to it to get access
to different apps.
IFile would be in a source called http://apt.thebigboss.org/repofiles/cydia/. There are
other sources that may have the IFile app if you do a google search.
Nexus 4 Root Instructions using AccessData MPE+
1. Enable developer debugging settings by going to settings
2. Go to about phone
3. Go to the bottom where it says build number and double tap it 7 times (now you will have unlocked
developer options)
4. Go back to settings > Developer Options > Then check the box that says USB debugging (this will put
the phone in debug mode when it is connected via USB)
5. The pc should now recognize the Nexus 4 once it is in debugging mode.
6. On your PC, open the program AccessData MPE+ with the Nexus 4 connected.
7. Select the icon that shows a SIM Card and a list will come up that says “select data for extraction”.
You can select phonebook, call history, SMS, file system, deep file system or all of them to view the
items.
8. You then get a mini screen that says extracting data from the device. You are now able to see call logs
with date and time, contacts, and also SMS that shows that it was read, delivered, or deleted to or from
specified recipients. You can also identify and locate SMS messages from the File System/USIM. Data
can also be exported into PDF or an investigation report.
Market Share for iPhone 4s and 5
The US market share is dominated by both the iOS and Android. The iPhone’s market share was at
39.3% in September 2013. A year ago before that it was at 35.7% when the iPhone 4s was current and
was before the iPhone 5 was available. It then rose to 53.3% in November of 2012 surveys. This showed
that an iPhone new launch can have a big impact on the market share.
Source: http://www.forbes.com/sites/chuckjones/2013/09/30/iphones-market-share-down-prior-to-5s5c-launch-with-windows-almost-double-digits-in-europe/
The Nexus 4 Market Share
The nexus 4 is under the LG brand. As of July 2013, the Nexus 4 is part of 60% of the market share out of
all of the Android device market share. Samsung has taken over all top 10 spots and is dominating the
android market.
Source: http://venturebeat.com/2013/07/08/navigating-android-device-market-share-for-june-2013/
Download