Mobile Forensic Data Acquisition Methods

-

Mobile Forensic Data Acquisition Methods

When conducting data acquisition method on mobile phone, consider 5 data acquisition method that might be helpful for the result of investigation:
  1. Cellular data acquisition
  2. SIM file system acquisition
  3. Logical acquisition
  4. Physical acquisition
  5. File system acquisition
Otherwise, Mobile storage and evidence locations can be located on several location including:
  1. Internal memory (RAM, ROM or flash memory (NAND/NOR) is used to store mobile phone’s OS, applications and data)
  2. SIM Card (Stores personal information, address books, messages, and service-related information)
  3. External memory (Stores personal information such as audio, video, images, etc)
Extraction methods on mobile phone consist of several methods depend on the type and brand of the phone:
  1. Apple & Blackberry :- Vendor of OS and hardware.
  2. Symbian & Android & Windows :- Different vendors for OS and hardware ( Proprietary OS). 
Consider these steps when conducting mobile phone extraction:
  1. Extraction :- ask the device to provide data available.
  2. Device may agree – (deleted data)
  3. Use different protocols and techniques for different handsets
  4. Logical Extraction :- based on filing system
  5. Physical Extraction :- “Raw” data, everything
What is the different between Logical vs Physical?
  • Logical :-
  1. SIM ( data can be retrieved, and only deleted SMS)
  2. Feature Phones (live handset can be retrieved, deleted data cannot)
  3. Smart Phones (live handset can be retrieved, some deleted data)
  • Physical :- Need cables, software, and protocols
  1. Deleted data may be retrieved
  2. Things like : IMSI, ICCID details, bluetooth pairing, security codes, predictive text, dictionaries.
  3. Some tools can extract security codes. Other means can be used, like asking the suspect or using manufactory reset.
IOS/Apple PHONE Extraction Methods consist of three methods:
  1. Method 1, This method depend on iTunes Backup, using Apple Backup Infrastructure
  2. Method 2, this method will extract backup data if the Iphone is encrypted and we don't know the passcode. API (Application Programming Interface) used in this method created by Cellebrite and not depend on Apple Infrastructure
  3. Method 3 (used when the iPhone have already Jailbreaked. the output of this methid we can get more data consist of email, passcode, other activities 


iOS Jailbreaking have a function to permits users privileged access to portions of the iOS file system and management programming. Consider these information before conducting Jailbreaking:
  1. Does not defeat all security measures, 
  2. May be considered illegal and copyright infringement, 
  3. The presence of the application associated Pangu, by Cydia developers, checkra1n (https://checkra.in/) suggests the phone is, or has been, jailbroken, 
  4. Cydia, the leader and holder of the largest jailbreaking protocol repository announced in 2018, would discontinue active attempts to create new jailbreaking protocols.
Several Ios jailbreaking tools that you can use:
  1. Pangu jail break, allow user to jailbreak iOS by running the click-to-jailbreak app and removes the jailbreak by rebooting the iOS devices
  2. Redsn0w, allow the investigator to jailbreak an iPhone, iPod Touch, or iPad by running a variety or firmware versions
  3. Sn0wbreeze, a jailbreak application developed by iH8sn0w for Apple device running on iOS such as iPhone, iPad, and iPod Touch
  4. geekSn0w, a free tool developed by Andrea Bentivegna for jailbreaking iPhones running on iOS 7.1



Source: Mobile Forensic Module at Portsmouth University and Cellebrite Training

Comments

Post a Comment

Popular posts from this blog

Big Data Analysis in Public Sector: Opportunities, Tools, and Ethics

-
Image
Big Data Analysis in Public Sector: Opportunities, Tools, and Ethics Hendratna Mutaqin Abstract Big Data has a significant role in helping the individual, corporate, and government to get a better decision-making which supported by credible evidence. The problem emerges when traditional approaches cannot handle the big data so that sophisticated tools like Hadoop, Visualization Product, NoSQL are required to deal with it. Although having many advantages, the users have to follow the big data ethical rules. Big data ethics must be concerned to evitable any indictments from the other party. Introduction Big data analytic helps users to make predictions and solve problems. It can reduce the mistake when making a prediction, reducing cost of living and increasing the income. The vast, unstructured, and unsolved by traditional methods will be challenged to analyze the big data. This paper discusses the opportunity of big data for the public sector, technologies to handle and th...
Read more

How to get a bitlocker password?

-
Image
The easiest way to find your bitlocker password is by using Command Prompt. 1. Type cmd on your windows and run as Administrator 2. C:\Windows\system32>manage-bde -protectors -get c: BitLocker Drive Encryption: Configuration Tool version 10.0.19041 Copyright (C) 2013 Microsoft Corporation. All rights reserved. Volume C: [System] All Key Protectors  Numerical Password:       ID: {06AE1787-XXXXXXXXXXXXXXX}       Password:         715869-275543-0555554-2DDD4-AAAAA-BBBBB-YYYYY-XXXX Now you can find the bitlocker password. The command below is to find bitlocker password for Drive D C:\Windows\system32>manage-bde -protectors -get d:
Read more