Introduction to Handheld Digital Forensics Created by DM Kaputa Ph.D. New Certificate Fall 2009 Computer Security & Investigations/Digital Forensics Developed under the auspices of National Science Foundation/Advanced technological Education Grant # 802062 Faculty members: Kaputa, Kuroski, Kowalski, Palombo & Gill Some high-profile forensics cases These cases probably would not have been solved, if not for the digital forensics investigations. Police give J. Rodemeyer’s cell phone to RCFL M. Jackson’s doc’s phone What is Handheld forensics? Computer Forensics: storage device requiring file system, device is “static”, larger storage capacity (although this is changing) Forensic:bit stream imaging Handheld Forensics: embedded systems, device is “active”, smaller on board capacity (16 G) Forensic: active memory imaging Forensic Rules for PDA seizure disconnect wireless connectivity Keep power Cables…gather Unit is always changing, RAM main storage for files & apps acquire in lab Fundamentals of forensic grade software PDA OS: WinCE, RIM (Blackberry), Palm OS, embedded Linux, Symbian Forensic rules for cell phone seizure 1. disconnect wireless communication 2. keep power or may need psswd 3.gather cables & accessories 4. acquire in lab 5. use forensic grade software HYBRIDS (combination of both) although most cell phones now are hybrids & beyond!!!!) ) Windows pocket PC I-phone Googlephone Linux Blackberry Most contain PDAs, GPS & camera, MP3 player Quick Time Line 1960s Bell labs develops electronics for cell phone technology 1978 AMPS ..advanced mobile phone system debuts 1st commercial cellular network in Chicago 1988 Cellular Technology Industry Assoc. created 1991 TDMA also first GSM phone in Finland 2001 Bell South leaves payphone business Major Access Technologies for cell phones AMPS…Advanced mobile phone service 1 G systems FDMA … analog standard Frequency division multiple access ****************************************** DIGITAL CELLULAR NETWORKS 1.TDMA time division multiple access (digital link technology) Different time slot for each channel (6 slots) 2 G SYSTEMS 2. GSM Global Systems Mobile 1991 (replacing TDMA to 3 G) GSM continued Used TDMA air interface…8 time slots Uses SIM card. removable thumb sized card, identifies user to network & stores information 82% of the world’s phones available in over 168 countries Next generation (UMTS) (universal mobile) enhancing GSM with CDMA air interface AT & T service (Cingular,T-mobile) Other common cellular networks 3.Also IDEN network designed by Motorola 4.And a digital version of original analog called D-AMPS digital advanced mobile phone service CDMA developed about 1989 by Qualcomm Code Division Multiple Access Spread spectrum technology Spreads digitized data over the entire bandwidth 3 G SYSTEM Always on data access High data speeds Live streaming video Verizon & Sprint 4 G SYSTEM 4 G systems 100 Mbits while moving 1 G while still High quality audio/video Intro to Cell Phone Forensics Very popular devices today under GSM SIM & mobile equipment (ME) CDMA phones (Verizon & Sprint) historically no SIM although RUIMs are gaining in popularity (removable user identity modules) Introduction to SIM Card What is SIM Card? Subscriber Identity Module which authenticates device to network Stores names and phone numbers Sends and Receives text messages Stores network configuration info (IMSI) SIM disadavantage Unless SIM card lock is enabled…can steal SIM and rack up charges against you !!! SIM Card continued Useful for quick transfer of numbers and info from one phone to another SIM advantages Portability is main advantage SIM can be swapped out to new phone Stores contact info What exactly is on SIM card? Simple phone book Last 10 outgoing numbers SMS messages (short message system) aka text messages IMSI Paraben’s SIM Card Seizure Last 10 outgoing phone numbers……. Cell phone forensics…last 10 outgoing numbers Components continued Outgoing SMS text messages SMS outgoing text messages Components continued Incoming SMS text messages Delivered (to you) text messages Components continued IMSI….this is a network configuration number International Mobile Subscriber Identity OR IMEI number International Mobile Equipment Identity Conclusions…forensically speaking Can track deleted SMS……by analysis of unallocated space Be cogniscent of what you send out in text messages…..!!!! They could come back to haunt you. Some Hand Held Forensic Toolkits MOBILedit! Highly rated by NIST Software BitPim Software CDMA open source Device Manager, proprietary software by Paraben Cellebrite Hardware used by LE Next slide : Using Device Manager to attempt an acquisition of a cell phone Mobile Malware or who said mobiles don’t have malware? Phoenix Facebook mobile DroidDream Plankton Zitmo Golddream A 1st Case Mobile malware 2004 first mobile malware By 2010…250% increase 2011 Botnet enabled malware for Androids From June 2010 to Jan 2011 Android malware increased by 400% What does it do? Disables phone Remotely controls phone….can record phone conversations & store to phone’s SD card..can then upload to server controlled by hacker (drops a configuration file) Steals valuable data 2011 iPad users hacked Hackers pleads guilty to stealing data from 100,000 iPad users Fake version of “Angry Birds” apps sent sensitive info about user to hacker to gain access to phone What can we do? Do NOT access banking sites over public Wi Fi connections Do NOT leave “Wi Fi ad-hoc mode” on Don’t download apps from 3rd party app repository !!! Check permissions of every app you download Run it through secure app that will scan it from market to device……. Scanning for apps Norton Lookout Bitdefender NetQin Also scan Facebook and Twitter!!!!
Pages to are hidden for
"Mobile"Please download to view full document