Mobile by xiuliliaofz

VIEWS: 8 PAGES: 48

									Introduction to
Handheld Digital
Forensics

Created by DM Kaputa Ph.D.
New Certificate Fall 2009
 Computer Security & Investigations/Digital Forensics


 Developed under the auspices of National Science
  Foundation/Advanced technological Education Grant #
  802062
 Faculty members: Kaputa, Kuroski, Kowalski, Palombo &
  Gill
Some high-profile forensics
cases
These cases probably would
 not have been solved, if not
 for the digital forensics
 investigations.
Police give J. Rodemeyer’s cell phone to RCFL
M. Jackson’s doc’s phone
What is Handheld forensics?

 Computer Forensics:
 storage device requiring file system,
  device is “static”,
 larger storage capacity (although this is changing)
 Forensic:bit stream imaging


   Handheld Forensics:
   embedded systems, device is “active”,
   smaller on board capacity (16 G)
   Forensic: active memory imaging
Forensic Rules for PDA
seizure
 disconnect wireless connectivity
 Keep power
 Cables…gather
 Unit is always changing, RAM main
  storage for files & apps acquire in lab
 Fundamentals of forensic grade software
 PDA OS: WinCE, RIM (Blackberry),
  Palm OS, embedded Linux, Symbian
Forensic rules for cell phone
seizure
 1. disconnect wireless communication
 2. keep power or may need psswd
 3.gather cables & accessories
 4. acquire in lab
 5. use forensic grade software
          HYBRIDS (combination of both) although most cell phones
          now are hybrids & beyond!!!!)   )
 Windows pocket PC
 I-phone
 Googlephone
 Linux
 Blackberry
    Most contain PDAs, GPS & camera,
    MP3 player
    Quick Time Line
 1960s Bell labs develops electronics for cell
    phone technology
   1978 AMPS ..advanced mobile phone system
    debuts 1st commercial cellular network in
    Chicago
   1988 Cellular Technology Industry Assoc.
    created
   1991 TDMA also first GSM phone in Finland
   2001 Bell South leaves payphone business
 Major Access Technologies for cell phones


 AMPS…Advanced mobile phone service 1 G
  systems FDMA … analog standard
 Frequency division multiple access
 ******************************************
 DIGITAL CELLULAR NETWORKS

 1.TDMA time division multiple access (digital link
  technology)
 Different time slot for each channel (6 slots)
     2 G SYSTEMS
 2. GSM Global Systems Mobile 1991
  (replacing TDMA to 3 G)
GSM continued

 Used TDMA air interface…8 time slots
 Uses SIM card. removable thumb sized
  card, identifies user to network & stores
  information
 82% of the world’s phones available in
  over 168 countries
 Next generation (UMTS) (universal
  mobile) enhancing GSM with CDMA air
  interface
 AT & T service (Cingular,T-mobile)
Other common cellular
networks
 3.Also IDEN network designed by
  Motorola

 4.And a digital version of original analog
  called D-AMPS digital advanced mobile
  phone service
CDMA           developed about 1989 by
Qualcomm

 Code Division Multiple Access
     Spread spectrum technology
     Spreads digitized data over the entire
    bandwidth
     3 G SYSTEM
   Always on data access
   High data speeds
   Live streaming video
   Verizon & Sprint
4 G SYSTEM

 4 G systems
 100 Mbits while moving
 1 G while still
 High quality audio/video
Intro to Cell Phone Forensics

 Very popular devices today under GSM
 SIM & mobile equipment (ME)

 CDMA phones (Verizon & Sprint)
 historically no SIM although RUIMs are
 gaining in popularity (removable user
 identity modules)
Introduction to SIM Card

 What is SIM Card?


 Subscriber Identity Module which
    authenticates device to network
    Stores names and phone numbers
    Sends and Receives text messages
    Stores network configuration info
  (IMSI)
SIM disadavantage

 Unless SIM card lock is enabled…can
  steal SIM and rack up charges against
  you !!!
SIM Card continued

 Useful for quick transfer of numbers and
  info from one phone to another
SIM advantages

 Portability is main advantage
 SIM can be swapped out to new phone
 Stores contact info
What exactly is on SIM card?

 Simple phone book
 Last 10 outgoing numbers
 SMS messages (short message system)
  aka text messages
 IMSI
Paraben’s SIM Card Seizure

 Last 10 outgoing phone numbers…….
Cell phone forensics…last 10 outgoing
numbers
Components continued

 Outgoing SMS text messages
SMS outgoing text messages
Components continued

 Incoming SMS text messages
Delivered (to you) text messages
Components continued

 IMSI….this is a network configuration
  number
 International Mobile Subscriber Identity
 OR
 IMEI number
 International Mobile Equipment Identity
Conclusions…forensically
speaking
 Can track deleted SMS……by analysis
  of unallocated space

 Be cogniscent of what you send out in
  text messages…..!!!!

 They could come back to haunt you.
Some Hand Held Forensic
Toolkits
 MOBILedit!          Highly rated by NIST
               Software

 BitPim Software CDMA open source
 Device Manager, proprietary software by
  Paraben
 Cellebrite Hardware used by LE


 Next slide : Using Device Manager to
  attempt an acquisition of a cell phone
Mobile Malware or who said
mobiles don’t have malware?
 Phoenix
 Facebook mobile
 DroidDream
 Plankton
 Zitmo
 Golddream A
1st Case Mobile malware

 2004 first mobile malware


 By 2010…250% increase
 2011 Botnet enabled malware for
  Androids
 From June 2010 to Jan 2011 Android
  malware increased by 400%
What does it do?

 Disables phone


 Remotely controls phone….can record
  phone conversations & store to phone’s
  SD card..can then upload to server
  controlled by hacker (drops a
  configuration file)
 Steals valuable data
2011 iPad users hacked

 Hackers pleads guilty to stealing data
  from 100,000 iPad users

 Fake version of “Angry Birds” apps sent
  sensitive info about user to hacker to
  gain access to phone
    What can we do?

 Do NOT access banking sites over
  public Wi Fi connections
 Do NOT leave “Wi Fi ad-hoc mode” on
 Don’t download apps from 3rd party app
  repository !!!
 Check permissions of every app you
  download
 Run it through secure app that will scan
  it from market to device…….
Scanning for apps


 Norton
 Lookout
 Bitdefender
 NetQin


 Also scan Facebook and Twitter!!!!

								
To top