Overview Ios Mobile Forensic

-
IOS Overview 
  1. Easy to use interface
  2. Security is a core part of the iOS design
  3. Developed to support specifically designed hardware for customers
Example the advantages of iOS are:
  1. User can view flash messages or notifications without unlocking the phone
  2. Quick access to camera
  3. Warnings of the activity and ability to turn off certain features with ease are integrated
Mobile Device

  1. SIM card
  2. Memory internal external SD card
  3. Mobile Phones (Classical phones, Features phones, Smart phones, Novelty phones)
  4. Other devices (GPS devices, Mobile modems, Media, Tablets)
  5. Interfaces (Cables :- fast, secure, Bluetooth :- handset ID may be visible to others)
ACPO (Association of Chief Police Officers), summary for mobile forensic:

  1. No law enforcement agencies or their agents should change data on a mobile phone, which is relied upon in court.
  2. Person accessing the mobile phone should be competent and qualified to give evidence and explain the relevance and implications of their actions.
  3. Records or audit trail of all procedures allied should be documented and preserved. An independent third party should come out with the same results, if the examination is repeated.
  4. The person in charge of the investigation show be aware of the law and principles.
Where can the evidence be located in a mobile phone ?
  1. Some types of data may be found in more than one location:
  2. Contacts on Handset and SIM
  3. Pictures on handset and Memory card
  4. Examine every area independently to be use of capturing the maximum amount of information. 
What could contaminate the evidence in a mobile phone ?
  1. When the handset is seized,
  2. Calls, SMS can arrive from mobile network, (occupying deleted items)
  3. Information might be wiped out from Internet apps.
  4. Downloads and Trojans from WIFI can affect the content of the handset.
  5. Bluetooth connection might leave a print on the flash memory, overwrite files.
Issues when isolating a phone for investigation
  1. Turn off, sometimes needed to be on,
  2. Phone on in Faraday bag or operate in a Faraday tent, (Radio waves are weak and the phone increases it signal strength and thus consumes more power) – not very reliable though. Phone should be charged fully first. The content of the phone might change by the execution of a scheduled programs, on timer.
  3. Disable network services, possible with clone that don’t copy the encryption key (more about this later) SIM cards, or ask the network provider to disable its connections to the phone under investigation.
  4. “Airplane mode”, possible but not recommended. It involves the investigator to interact with the handset, and use keypads, which might be programmed to delete information.
Good practice to handle the seizure of a mobile phone
  1. Physical evidence: DNA and fingerprints :- to associate the phone with the suspect, also useful for patterns identification.
  2. Switch off the phone before transporting it, see previous slice. If it is required to be left on for sometimes, keep it charged and then switch it off before moving away.
  3. The handset should be packed in a tight and rigid container to prevent accidental damage.
  4. The container should be placed in an evidence bag sealed and labelled to restrict access.
  5. All sources of evidence should also be collected and photographed at the scene – handset, charger, cables, CDs, memory card, user guides etc…
  6. Take a photograph of the screen – time difference noted, level of the battery, network provider. If the screen is in saving mode, re-activate and take a picture. Charge the battery if necessary at this initial stage.
  7. Suspect should not handle the phone after the seizure :- original factory reset, key codes to clear content, removal of SIM card, removal of battery can cause lost from memory.
  8. The security code and phone number should be requested, if not given
  9. Review seized materials for clues
  10. Trial and error, type simple sequences 1,2, 3, 4 or 0000, date of birth. After 3 trials the SIM card is blocked.
  11. Get the PUK from the service provider – court order might be required to unlock the phone.
  12. If the phone is immersed in a liquid, remove SIM card and battery and place in a container, send a sample of the liquid or investigation.
  13. If the phone has a visible physical damage, the cause of the damage should be investigated, even if the evidence can still be extracted.
Source: ACPO, Mobile Forensic Module at Portsmouth University

Comments

Post a Comment

Popular posts from this blog

Mobile Forensic Data Acquisition Methods

-
Image
Mobile Forensic Data Acquisition Methods When conducting data acquisition method on mobile phone, consider 5 data acquisition method that might be helpful for the result of investigation: Cellular data acquisition SIM file system acquisition Logical acquisition Physical acquisition File system acquisition Otherwise, Mobile storage and evidence locations can be located on several location including: Internal memory (RAM, ROM or flash memory (NAND/NOR) is used to store mobile phone’s OS, applications and data) SIM Card (Stores personal information, address books, messages, and service-related information) External memory (Stores personal information such as audio, video, images, etc) Extraction methods on mobile phone consist of several methods depend on the type and brand of the phone: Apple & Blackberry :- Vendor of OS and hardware. Symbian & Android & Windows :- Different vendors for OS and hardware ( Proprietary OS).  Consider these steps whe...
Read more

Big Data Analysis in Public Sector: Opportunities, Tools, and Ethics

-
Image
Big Data Analysis in Public Sector: Opportunities, Tools, and Ethics Hendratna Mutaqin Abstract Big Data has a significant role in helping the individual, corporate, and government to get a better decision-making which supported by credible evidence. The problem emerges when traditional approaches cannot handle the big data so that sophisticated tools like Hadoop, Visualization Product, NoSQL are required to deal with it. Although having many advantages, the users have to follow the big data ethical rules. Big data ethics must be concerned to evitable any indictments from the other party. Introduction Big data analytic helps users to make predictions and solve problems. It can reduce the mistake when making a prediction, reducing cost of living and increasing the income. The vast, unstructured, and unsolved by traditional methods will be challenged to analyze the big data. This paper discusses the opportunity of big data for the public sector, technologies to handle and th...
Read more

How to get a bitlocker password?

-
Image
The easiest way to find your bitlocker password is by using Command Prompt. 1. Type cmd on your windows and run as Administrator 2. C:\Windows\system32>manage-bde -protectors -get c: BitLocker Drive Encryption: Configuration Tool version 10.0.19041 Copyright (C) 2013 Microsoft Corporation. All rights reserved. Volume C: [System] All Key Protectors  Numerical Password:       ID: {06AE1787-XXXXXXXXXXXXXXX}       Password:         715869-275543-0555554-2DDD4-AAAAA-BBBBB-YYYYY-XXXX Now you can find the bitlocker password. The command below is to find bitlocker password for Drive D C:\Windows\system32>manage-bde -protectors -get d:
Read more