Mobile by xiuliliaofz


									Introduction to
Handheld Digital

Created by DM Kaputa Ph.D.
New Certificate Fall 2009
 Computer Security & Investigations/Digital Forensics

 Developed under the auspices of National Science
  Foundation/Advanced technological Education Grant #
 Faculty members: Kaputa, Kuroski, Kowalski, Palombo &
Some high-profile forensics
These cases probably would
 not have been solved, if not
 for the digital forensics
Police give J. Rodemeyer’s cell phone to RCFL
M. Jackson’s doc’s phone
What is Handheld forensics?

 Computer Forensics:
 storage device requiring file system,
  device is “static”,
 larger storage capacity (although this is changing)
 Forensic:bit stream imaging

   Handheld Forensics:
   embedded systems, device is “active”,
   smaller on board capacity (16 G)
   Forensic: active memory imaging
Forensic Rules for PDA
 disconnect wireless connectivity
 Keep power
 Cables…gather
 Unit is always changing, RAM main
  storage for files & apps acquire in lab
 Fundamentals of forensic grade software
 PDA OS: WinCE, RIM (Blackberry),
  Palm OS, embedded Linux, Symbian
Forensic rules for cell phone
 1. disconnect wireless communication
 2. keep power or may need psswd
 3.gather cables & accessories
 4. acquire in lab
 5. use forensic grade software
          HYBRIDS (combination of both) although most cell phones
          now are hybrids & beyond!!!!)   )
 Windows pocket PC
 I-phone
 Googlephone
 Linux
 Blackberry
    Most contain PDAs, GPS & camera,
    MP3 player
    Quick Time Line
 1960s Bell labs develops electronics for cell
    phone technology
   1978 AMPS ..advanced mobile phone system
    debuts 1st commercial cellular network in
   1988 Cellular Technology Industry Assoc.
   1991 TDMA also first GSM phone in Finland
   2001 Bell South leaves payphone business
 Major Access Technologies for cell phones

 AMPS…Advanced mobile phone service 1 G
  systems FDMA … analog standard
 Frequency division multiple access
 ******************************************

 1.TDMA time division multiple access (digital link
 Different time slot for each channel (6 slots)
     2 G SYSTEMS
 2. GSM Global Systems Mobile 1991
  (replacing TDMA to 3 G)
GSM continued

 Used TDMA air interface…8 time slots
 Uses SIM card. removable thumb sized
  card, identifies user to network & stores
 82% of the world’s phones available in
  over 168 countries
 Next generation (UMTS) (universal
  mobile) enhancing GSM with CDMA air
 AT & T service (Cingular,T-mobile)
Other common cellular
 3.Also IDEN network designed by

 4.And a digital version of original analog
  called D-AMPS digital advanced mobile
  phone service
CDMA           developed about 1989 by

 Code Division Multiple Access
     Spread spectrum technology
     Spreads digitized data over the entire
     3 G SYSTEM
   Always on data access
   High data speeds
   Live streaming video
   Verizon & Sprint

 4 G systems
 100 Mbits while moving
 1 G while still
 High quality audio/video
Intro to Cell Phone Forensics

 Very popular devices today under GSM
 SIM & mobile equipment (ME)

 CDMA phones (Verizon & Sprint)
 historically no SIM although RUIMs are
 gaining in popularity (removable user
 identity modules)
Introduction to SIM Card

 What is SIM Card?

 Subscriber Identity Module which
    authenticates device to network
    Stores names and phone numbers
    Sends and Receives text messages
    Stores network configuration info
SIM disadavantage

 Unless SIM card lock is enabled…can
  steal SIM and rack up charges against
  you !!!
SIM Card continued

 Useful for quick transfer of numbers and
  info from one phone to another
SIM advantages

 Portability is main advantage
 SIM can be swapped out to new phone
 Stores contact info
What exactly is on SIM card?

 Simple phone book
 Last 10 outgoing numbers
 SMS messages (short message system)
  aka text messages
Paraben’s SIM Card Seizure

 Last 10 outgoing phone numbers…….
Cell phone forensics…last 10 outgoing
Components continued

 Outgoing SMS text messages
SMS outgoing text messages
Components continued

 Incoming SMS text messages
Delivered (to you) text messages
Components continued

 IMSI….this is a network configuration
 International Mobile Subscriber Identity
 OR
 IMEI number
 International Mobile Equipment Identity
 Can track deleted SMS……by analysis
  of unallocated space

 Be cogniscent of what you send out in
  text messages…..!!!!

 They could come back to haunt you.
Some Hand Held Forensic
 MOBILedit!          Highly rated by NIST

 BitPim Software CDMA open source
 Device Manager, proprietary software by
 Cellebrite Hardware used by LE

 Next slide : Using Device Manager to
  attempt an acquisition of a cell phone
Mobile Malware or who said
mobiles don’t have malware?
 Phoenix
 Facebook mobile
 DroidDream
 Plankton
 Zitmo
 Golddream A
1st Case Mobile malware

 2004 first mobile malware

 By 2010…250% increase
 2011 Botnet enabled malware for
 From June 2010 to Jan 2011 Android
  malware increased by 400%
What does it do?

 Disables phone

 Remotely controls phone….can record
  phone conversations & store to phone’s
  SD card..can then upload to server
  controlled by hacker (drops a
  configuration file)
 Steals valuable data
2011 iPad users hacked

 Hackers pleads guilty to stealing data
  from 100,000 iPad users

 Fake version of “Angry Birds” apps sent
  sensitive info about user to hacker to
  gain access to phone
    What can we do?

 Do NOT access banking sites over
  public Wi Fi connections
 Do NOT leave “Wi Fi ad-hoc mode” on
 Don’t download apps from 3rd party app
  repository !!!
 Check permissions of every app you
 Run it through secure app that will scan
  it from market to device…….
Scanning for apps

 Norton
 Lookout
 Bitdefender
 NetQin

 Also scan Facebook and Twitter!!!!

To top