Pdas and forensic science
Download
1 / 7

PDAs and Forensic Science - PowerPoint PPT Presentation


  • 485 Views
  • Updated On :

PDAs and Forensic Science CGS5132 – Computer Forensics II 04.16.02 Aaron Weiss What will be covered? PDA Overview – What is a PDA? What Operating Systems are used? What are some popular brand names? Why should we learn about PDAs?

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'PDAs and Forensic Science' - andrew


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Pdas and forensic science l.jpg

PDAs and Forensic Science

CGS5132 – Computer Forensics II

04.16.02

Aaron Weiss


What will be covered l.jpg
What will be covered?

  • PDA Overview – What is a PDA? What Operating Systems are used? What are some popular brand names? Why should we learn about PDAs?

  • Data Imaging – Memory and file system structure; Imaging methods; Is an exact image possible?

  • Forensic Analysis – Recovery of deleted records; Importance of timing; Timestamps; Password Retrieval;

  • Relevant Software – ppd; CodeWarrior for Palm OS; PDA Defense;


Pda overview l.jpg
PDA Overview

  • PDA is acronym for “Personal Digital Assistant”; Also, commonly referred to as “Palm device” or “handheld.”

  • Common Name Brands: 3Com Palm (www.semi.org shows Palm leads industry), Handspring Visor, Casio Cassiopeia, Compaq iPaq, HP Jornada.

  • Operating Systems – Palm OS (Palm, Sony, Handspring), Windows for Palm (HP); MS Pocket PC (Compaq), Embedix (Sharp); Palm OS is most popular.

  • Why are PDAs important to us as forensic scientists?

    Annual sales growth expectations for 2001 – 2005 are between 15% and 30% (www.informationweek.com)


Data imaging l.jpg
Data Imaging

  • File Structure – (Palm OS) PDB, PRC, PQA; These databases are stored like files on a disk, using resource pointers. These “records” can be recovered.

  • Memory structure – Tied directly into file system; user data, program stack, pen strokes, key presses, and system events are stored in the dynamic portion of the memory. This memory has a different starting point for each processor.

  • Making an exact image – Specifically using ppd (most popular method); A MD5 hash applied to subsequent acquisitions of the same device will not match, due to the re-initialization of heaps.


Forensic analysis l.jpg
Forensic Analysis

  • Deleted records can be recovered. The Palm OS does not completely erase records until a successful HotSync has been completed.

  • Importance of timing – Deleted files; viewed encrypted files leaves the cleartext component on the system for some time; imaging success on first attempt is important because after a soft reset, some data can be lost.

  • Timestamps – 3 Timestamps: 4-Byte Value; creation date, modification date, and last backup date (if ever); These dates can be easily modified.

  • Password Retrieval – Passwords are transmitted through imaging into “Unsaved Preferences.”


Relevant software l.jpg
Relevant Software

  • ppd – Palm dd; based off of the Unix dd; This is the most popular Palm forensics software; http://www.@stake.com/research/tools/pdd-1.10.zip

  • CodeWarrior for Palm OS – Used to put Palm devices into “Debug Mode.” This allows communication via serial port, imaging, and can be used to overcome lockout protection. http://www.codewarrior.com/products/palm

  • PDA Defense – 3rd Party Lockout software; Difficult to bypass. http://www.pdadefense.com/palm.asp


References l.jpg
References

  • http://www.pdadefense.com/palm.asp

  • TUCOFS - The Ultimate Collection of Forensic Software

  • Psion Place: Message Boards: Developers: Forensic Analysis of Psion Devices

  • @stake Research Labs - Research Reports

  • http://www.informationweek.com

  • http://www.semi.org


ad