mobile phone forensics
DESCRIPTION
Mobile Phone Forensics. David Benford MSc Forensic Computing & Security. About me: Criminal defence Corporate Security clearance The Cavell Group Charity Trustee. ....the science of retrieving data from a mobile phone under forensically sound conditions. Numbers: - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Mobile Phone Forensics](https://reader033.vdocument.in/reader033/viewer/2022061513/56815c7e550346895dca954e/html5/thumbnails/1.jpg)
Mobile Phone Forensics
David Benford MSc Forensic Computing & Security
David Benford MSc Blackstage Forensics Limited
![Page 2: Mobile Phone Forensics](https://reader033.vdocument.in/reader033/viewer/2022061513/56815c7e550346895dca954e/html5/thumbnails/2.jpg)
About me:• Criminal defence • Corporate • Security clearance• The Cavell Group• Charity Trustee
David Benford MSc Blackstage Forensics Limited
![Page 3: Mobile Phone Forensics](https://reader033.vdocument.in/reader033/viewer/2022061513/56815c7e550346895dca954e/html5/thumbnails/3.jpg)
....the science of retrieving data from a mobile phone under forensically sound conditions....
David Benford MSc Blackstage Forensics Limited
![Page 4: Mobile Phone Forensics](https://reader033.vdocument.in/reader033/viewer/2022061513/56815c7e550346895dca954e/html5/thumbnails/4.jpg)
David Benford MSc Blackstage Forensics Limited
Numbers:• 5.3 billion subscriptions by end of 2010(ITU.INT,2010)• Translates to 77% of world• 842 million subscribers in China• Asia-Pacific region including India and
China account 47% of connections globally
• 10 billion phones sold since ’94• Nokia 3.4 billion
• 30 million sold in UK annually
“Five billion phones means there are more than three times as many phones as personal computers”Ben Wood Analyst, CCS Insight
![Page 5: Mobile Phone Forensics](https://reader033.vdocument.in/reader033/viewer/2022061513/56815c7e550346895dca954e/html5/thumbnails/5.jpg)
David Benford MSc Blackstage Forensics Limited
iPhone Sales Forecast to Hit 100 Million by 2011! (PCWorld.com, 2010)
![Page 6: Mobile Phone Forensics](https://reader033.vdocument.in/reader033/viewer/2022061513/56815c7e550346895dca954e/html5/thumbnails/6.jpg)
David Benford MSc Blackstage Forensics Limited
Digital Handheld Devices:• Smartphone
• Basic Mobile Phone
• SatNav & GPS • iPad, iPod & other Media Players
• PDA & Pocket PC
![Page 7: Mobile Phone Forensics](https://reader033.vdocument.in/reader033/viewer/2022061513/56815c7e550346895dca954e/html5/thumbnails/7.jpg)
David Benford MSc Blackstage Forensics Limited
Principle 1: No action taken by law enforcement agencies or their agents should change data held on a computer or storage media which may subsequently be relied upon in court. Principle 2: In exceptional circumstances, where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions. Principle 3: An audit trail or other record of all processes applied to computer based electronic evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result. Principle 4: The person in charge of the investigation (the case officer) has overall responsibility for ensuring that the law and these principles are adhered to.
ACPO Guidelines: (www.acpo.police.uk)
![Page 8: Mobile Phone Forensics](https://reader033.vdocument.in/reader033/viewer/2022061513/56815c7e550346895dca954e/html5/thumbnails/8.jpg)
David Benford MSc Blackstage Forensics Limited
Applications:• Criminal law• Civil law• Commercial law• Corporate applications – audits & tribunals• Crisis management• Cyber bullying
![Page 9: Mobile Phone Forensics](https://reader033.vdocument.in/reader033/viewer/2022061513/56815c7e550346895dca954e/html5/thumbnails/9.jpg)
Evidential data can be recovered from:
• Device• SIM/USIM• Removable Media Storage• Backup
David Benford MSc Blackstage Forensics Limited
![Page 10: Mobile Phone Forensics](https://reader033.vdocument.in/reader033/viewer/2022061513/56815c7e550346895dca954e/html5/thumbnails/10.jpg)
Main Forensic Tools:
• Microsystemation XRY/Xact
• Cellebrite UFED
• Oxygen Forensic Suite
• Flasher Box – Hex dump
David Benford MSc Blackstage Forensics Limited
![Page 11: Mobile Phone Forensics](https://reader033.vdocument.in/reader033/viewer/2022061513/56815c7e550346895dca954e/html5/thumbnails/11.jpg)
David Benford MSc Blackstage Forensics Limited
SIM (Subscriber Identity Module) or USIM (Universal Subscriber Identity Module) Forensics
• International Mobile Subscriber Identity (IMSI)• Last dialled numbers• Location information• Contacts• Service provider name• ICCID (Integrated Circuit Card ID) 18 digit number• SMS text messages – including deleted
![Page 12: Mobile Phone Forensics](https://reader033.vdocument.in/reader033/viewer/2022061513/56815c7e550346895dca954e/html5/thumbnails/12.jpg)
David Benford MSc Blackstage Forensics Limited
Types of Data Extraction:
• Logical• Usually done via vendor interface
for synchronising contents of phone with PC• Physical• Bit-by-bit copy of device via flash memory
• Similar to computer extraction• 2 step – dump & decode
• Manual• Done when no available tool
• Chip Removal• Last resort
• Read by commercial off the shelf memory programmer & then dump & decode
![Page 13: Mobile Phone Forensics](https://reader033.vdocument.in/reader033/viewer/2022061513/56815c7e550346895dca954e/html5/thumbnails/13.jpg)
David Benford MSc Blackstage Forensics Limited
Phone analysis:
• No single tool• Variations in firmware versions• Vendor-specific modifications
![Page 14: Mobile Phone Forensics](https://reader033.vdocument.in/reader033/viewer/2022061513/56815c7e550346895dca954e/html5/thumbnails/14.jpg)
David Benford MSc Blackstage Forensics Limited
![Page 15: Mobile Phone Forensics](https://reader033.vdocument.in/reader033/viewer/2022061513/56815c7e550346895dca954e/html5/thumbnails/15.jpg)
David Benford MSc Blackstage Forensics Limited
![Page 16: Mobile Phone Forensics](https://reader033.vdocument.in/reader033/viewer/2022061513/56815c7e550346895dca954e/html5/thumbnails/16.jpg)
David Benford MSc Blackstage Forensics Limited
XRY (Logical) Process:• Learn device• Charge• Isolate • SIM clone• Faraday
• Switch on• Time/date etc• Photographs
• SIM extraction• Phone Extraction• Analyse & report• Manually record process
![Page 17: Mobile Phone Forensics](https://reader033.vdocument.in/reader033/viewer/2022061513/56815c7e550346895dca954e/html5/thumbnails/17.jpg)
David Benford MSc Blackstage Forensics Limited
Smartphones• Social networking• Instant messaging / VOIP• Location based services• Web Browsing activities• Email activity• App data
![Page 18: Mobile Phone Forensics](https://reader033.vdocument.in/reader033/viewer/2022061513/56815c7e550346895dca954e/html5/thumbnails/18.jpg)
David Benford MSc Blackstage Forensics Limited
Apple iPhone• Scaled down Mac OS x based on BSD• App Store• iTunes• iPad came first!• Location Services default• No one tool does it all• Pin lock is easily bypassed for media files
![Page 19: Mobile Phone Forensics](https://reader033.vdocument.in/reader033/viewer/2022061513/56815c7e550346895dca954e/html5/thumbnails/19.jpg)
David Benford MSc Blackstage Forensics Limited
![Page 20: Mobile Phone Forensics](https://reader033.vdocument.in/reader033/viewer/2022061513/56815c7e550346895dca954e/html5/thumbnails/20.jpg)
David Benford MSc Blackstage Forensics Limited
Location Services : Friend or Foe?
• Geotags• Social Networks• Augmented Reality• Blogs
![Page 21: Mobile Phone Forensics](https://reader033.vdocument.in/reader033/viewer/2022061513/56815c7e550346895dca954e/html5/thumbnails/21.jpg)
David Benford MSc Blackstage Forensics Limited
The iPhone and Fraud
• Modifying data• Directly• iTunes
![Page 22: Mobile Phone Forensics](https://reader033.vdocument.in/reader033/viewer/2022061513/56815c7e550346895dca954e/html5/thumbnails/22.jpg)
David Benford MSc Blackstage Forensics Limited
![Page 23: Mobile Phone Forensics](https://reader033.vdocument.in/reader033/viewer/2022061513/56815c7e550346895dca954e/html5/thumbnails/23.jpg)
David Benford MSc Blackstage Forensics Limited
![Page 24: Mobile Phone Forensics](https://reader033.vdocument.in/reader033/viewer/2022061513/56815c7e550346895dca954e/html5/thumbnails/24.jpg)
David Benford MSc Blackstage Forensics Limited
![Page 25: Mobile Phone Forensics](https://reader033.vdocument.in/reader033/viewer/2022061513/56815c7e550346895dca954e/html5/thumbnails/25.jpg)
David Benford MSc Blackstage Forensics Limited
![Page 26: Mobile Phone Forensics](https://reader033.vdocument.in/reader033/viewer/2022061513/56815c7e550346895dca954e/html5/thumbnails/26.jpg)
David Benford MSc Blackstage Forensics Limited
Crossover: Phones & Computers• Smartphones are mini-computers
• Backups
• Windows 7 Shadow Volume Copies
![Page 27: Mobile Phone Forensics](https://reader033.vdocument.in/reader033/viewer/2022061513/56815c7e550346895dca954e/html5/thumbnails/27.jpg)
David Benford MSc Blackstage Forensics Limited
Future:• Clustering of phones to provide PC-like capabilities• PC Replacements – full-blown software• The Cloud• Payment by phone• Fully connected, location-aware devices
“Situationally & contextually aware tp present information accordingly”(digitaltrends.com, 2010)
• Development of A.R.“ad hoc broadcast terminal at sporting events where you can view a video feed from a guy in the second row or up in the nose-bleed seats”(digitaltrends.com, 2010)
![Page 28: Mobile Phone Forensics](https://reader033.vdocument.in/reader033/viewer/2022061513/56815c7e550346895dca954e/html5/thumbnails/28.jpg)
David Benford MSc Blackstage Forensics Limited
Conclusion
![Page 29: Mobile Phone Forensics](https://reader033.vdocument.in/reader033/viewer/2022061513/56815c7e550346895dca954e/html5/thumbnails/29.jpg)
David Benford MSc Blackstage Forensics Limited
References:
CCS Insight Blog » Ben Wood. Available at: http://www.ccsinsight.com/blog/?author=3 [Accessed January 16, 2011].Forensics. Available at: http://www.zdziarski.com/blog/?cat=8 [Accessed January 16, 2011].iPhone Sales Forecast to Hit 100 Million by 2011 - PCWorld. Available at: http://www.pcworld.com/article/199237/iphone_sales_forecast_to_hit_100_million_by_2011.html [Accessed January 16, 2011].Speeches and Disscussion Papers. Available at: http://www.itu.int/ITU-D/ict/papers/ [Accessed January 16, 2011].The Future of Smartphones: 2010-2015 and Beyond. Available at: http://www.digitaltrends.com/features/the-future-of-smartphones-2010-2015-and-beyond/ [Accessed January 16, 2011].
![Page 30: Mobile Phone Forensics](https://reader033.vdocument.in/reader033/viewer/2022061513/56815c7e550346895dca954e/html5/thumbnails/30.jpg)
David Benford MSc Blackstage Forensics Limited
Any Questions?
![Page 31: Mobile Phone Forensics](https://reader033.vdocument.in/reader033/viewer/2022061513/56815c7e550346895dca954e/html5/thumbnails/31.jpg)
David Benford MSc Blackstage Forensics Limited
Blackstage ForensicsCatton Hall,CattonDerbyshireDE12 8LNT: +44(0)1283 762559E: [email protected]: www.Blackstage-forensics.co.uk Charity: www.Cystinosis.org.uk
Thank you for your attention!