1 / 42

Cellphone and Mobile Device Forensics An update on concepts

Cellphone and Mobile Device Forensics An update on concepts. Presented by Peter L. Fryer ACE, CFE, CISA, MPSC. Pencils Out Please!. Find the evidence.

byrd
Download Presentation

Cellphone and Mobile Device Forensics An update on concepts

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cellphone and Mobile Device ForensicsAn update on concepts Presented by Peter L. Fryer ACE, CFE, CISA, MPSC

  2. Pencils Out Please! Find the evidence

  3. Abstract – Mobile device forensic analysis is the current area in which the extraction, analysis and review of data collected from mobile devices is addressed. Current analysis trends include but are not limited to evidence collection, behaviour analysis and the detection of malware/ spyware on mobile devices. This presentation will provide clarity on forensic techniques and malware detection .

  4. Problem Statement Mobile devices form part of the battlefield on Internet based crime. Mobile devices now form an integral part of society and manages how we interact with our community.

  5. Nomophobia • Nomophobia - Nomophobia is the fear of being out of mobile phone contact. • 53% of users polled became anxious when their phones had no signal, low battery or was off. • The average distance that polled users where during the day from their handset rarely exceeded 1.5m Source - wikipedia

  6. Mobile Device Forensics • Widely used since 2002 • Effective court tested methodology • Collection, extraction and analysis of data on mobile devices

  7. THEN

  8. NOW

  9. Cell Phones – what is out there? GSM – 4 Operators - 41 million subscribers in South Africa (approx. 87% of the population) Worldwide: Approx 5 + Billion Subscribers(including 3G, WCDMA, HSPDA) source: gsmworld.com GSM Network Operators: Vodacom (largest provider approx. 21 million subscribers) MTN – Mobile Telephone Networks Cell-C Telkom – 8.ta

  10. Concept – Cellphone Forensics

  11. COMPUTER FORENSICS – Operating Systems Linux Windows Apple

  12. MOBILE – Operating Systems

  13. What information can we expect in a mobile phone handset? • Contacts • Calls (dialled, missed, received) • Text Messages • Multimedia Messages • Drafts • Pictures, Audio and Video Images • E-mail, Browser History, • Tasks / Notes / Calendars • Application Files • Maps, GPS Locations visited • Time & Dates

  14. Extraction Methodologies • Cable, Bluetooth (pairing) and IR • Chip Off - volatile • Recovery of logical data as well as deleted information • Deleted data includes: • SMS • Call logs • Files • Systems Files

  15. Data Cache WiFi connections, Internet Usage, Keyboard Cache and App Usage

  16. WiFi Connections

  17. GPS Co-ordinates

  18. Internet Usage

  19. Keyboard Cache Password

  20. App Usage

  21. Fun Fone Facts

  22. Physical Recovery • 8GB of useful data retrieved using “chip off” techniques

  23. Concept – Malware/ Spyware

  24. Mobile Device Vulnerabilities Mobile Phones have three vulnerabilities • Interception • Monitoring • Command and Control

  25. Interception • Network • Off air (passive) • Spyware

  26. Monitor • App usage • Malware/ Spyware • Collection

  27. Command and Control • Deploy as a BOT • Escalate user privileges • Premium service subscription

  28. Malware – what we know • Majority of malware deployments include social engineering • Deployment on two levels Level I Physical deployment Level II Social engineering (phishing)

  29. Deployment • Physical Access • Flash disk • Link to web download • Override user privileges • Social Engineering • Refer to web download (games, banking app) • Spoofed login to collect credentials

  30. Malware • Malware • Designed to exploit security • Trigger data costs (premium SMS/ data services) • Accelerate user privileges • Phones act BOTS for malicious attacks • Allows for remote control of device

  31. Spyware • Spyware • Deployed to compromise user created information • Covert interception and monitoring • Collect communications and data • Collect credentials (two factor authentication) • OTP • Password Reset Info

  32. Detection of Malware and Spyware • Behaviour analysis of device • Data usage tracking • App identification and logging • Deploy content management tools • Enforce local security policies • System file analysis

  33. Challenges for infosec practitioners • Mobile devices fall into the BYOD class • Behind firewall deployment of threats • Mobile devices differ drastically • No single tool to manage and audit devices • No single detection methodology • Multi platform approach to detection (expensive) • Difficult to monitor (form part of a closed network) • Devices not part of local network • No alert functionality on Mobile device • Apps installed as trusted

  34. What we need to know • Consult the experts

  35. Defence Strategy • Review user privileges • Install only trusted apps • Maintain physical security of device • Review data usage • No “rooting” or “jailbreaking”

  36. Research - spyware • Applications and software purchased • File system analysed • Deployed to several phones • Sony Ericsson • Samsung • Blackberry • Nokia

  37. Spyware Tested/ Reviewed • Killer Mobile – Tra v4.1 • Eblaster Mobile edition • MobileSpy IE • Spy Bubble • Cell-Tracker Pro

  38. Observations • Tools effective for capturing mainly text based data • Slows device response to user prompts • Battery drain extensive • Visual triggers • Data usage • Device activity • BB Log

  39. Concept Overview • Cellphone and Mobile Devices are to be included as primary evidence sources • Reliable evidence recovery from mobile devices • Detection methodologies exist for spyware and malware deployments • Accredited experts available locally

  40. FAQ • Is my phone bugged? • How am I tracked by using my cellphone? • Can I tell if my phone is bugged? • Can you recover deleted messages and data from my phone? • What is the safest phone in terms of defence against spyware?

  41. Q & A Thank you Peter L. Fryer peterfryer@riskdiversion.com 0827749960

More Related