1 / 19

Advanced Techniques in Forensic Examination of Smartphones

Advanced Techniques in Forensic Examination of Smartphones. 2010. Smartphones market growth. Data provided by FutureSource Consulting Smartphones market is growing even while general mobile phones market falling. Smartphone is a small PC. Smartphone as: Cell phone.

janice
Download Presentation

Advanced Techniques in Forensic Examination of Smartphones

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Advanced Techniques in Forensic Examination of Smartphones 2010 (C) Oxygen Software, 2000-2010 http://www.oxygen-forensic.com

  2. Smartphones market growth Data provided by FutureSource Consulting Smartphones market is growing even while general mobile phones market falling (C) Oxygen Software, 2000-2010 http://www.oxygen-forensic.com

  3. Smartphone is a small PC (C) Oxygen Software, 2000-2010 http://www.oxygen-forensic.com

  4. Smartphone as: Cell phone * - Usually these features are not utilized by smartphones (C) Oxygen Software, 2000-2010 http://www.oxygen-forensic.com

  5. Smartphone as: Address book (C) Oxygen Software, 2000-2010 http://www.oxygen-forensic.com

  6. Smartphone as: Planner (C) Oxygen Software, 2000-2010 http://www.oxygen-forensic.com

  7. Smartphone as: Messenger (C) Oxygen Software, 2000-2010 http://www.oxygen-forensic.com

  8. Smartphone as: GPS navigator * - Available in EXIF header for many new models ** - Available in smartphones with Nokia LifeBlog application installed (C) Oxygen Software, 2000-2010 http://www.oxygen-forensic.com

  9. Smartphone as: Web client * - Available for some IM clients (C) Oxygen Software, 2000-2010 http://www.oxygen-forensic.com

  10. Smartphone as: PC (C) Oxygen Software, 2000-2010 http://www.oxygen-forensic.com

  11. Standard extraction methods There are 2 standard ways to get forensic information from smartphones: logical and physical analysis (C) Oxygen Software, 2000-2010 http://www.oxygen-forensic.com

  12. Logical analysis for smartphones Caller groups Custom field labels Speed dials Messages from custom folders Event log Deleted messages information Service center timestamps GPS information Location tagged data Web browser data IM client data 3rd party apps General phone information Contacts* Calendar Notes Calls history Messages* Files* Settings* Bookmarks * - Available data set is restricted and depends highly on manufacturer implementation 1) The information extracted by all logical protocols is only the top of the iceberg 2) All logical protocols were developed for data synchronization (C) Oxygen Software, 2000-2010 http://www.oxygen-forensic.com

  13. Physical analysis for smartphones How to deal with gigabytes of that? (C) Oxygen Software, 2000-2010 http://www.oxygen-forensic.com

  14. Standard extraction methods: Summary (C) Oxygen Software, 2000-2010 http://www.oxygen-forensic.com

  15. How to extract data without a headache? In 2002 Oxygen Software invented the 3rd way - analysis using a special agent application working inside smartphone OS * - Agent can extract all the information available for native OS applications (C) Oxygen Software, 2000-2010 http://www.oxygen-forensic.com

  16. Agent application usage • General phone information & SIM card data • Contacts with all fields and custom field labels • Caller groups & Speed dials • Event Log • Calendar events • Tasks & Notes • Messages from standard and custom folders • Deleted messages information • Service center timestamp • Camera snapshots, video clips and voice records • File system • GPS & Location tagged information • Web browser cache & bookmarks • IM clients data • 3rd party applicationswith their information - Protected operating system files - Memory dump (C) Oxygen Software, 2000-2010 http://www.oxygen-forensic.com

  17. Afraid of writing to device? Comparison of phone content changes when performing analysis using different approaches * - Extra sync add-ons installation may be needed to extract some additional information (e.g. MMS) ** - Agent does not generate any log files Unlike Agent, SyncML server is not a forensically designed app and is out of full control from examiner. In addition -it makes more data modifications than Agent. (C) Oxygen Software, 2000-2010 http://www.oxygen-forensic.com

  18. Summary Smartphones is a considerable part of mobile device marketFutureSource Consulting forecasts that, between 2008 and 2013, annual sales of smartphones will rise by 95% to over 300 million. It will be around 37% of all new mobile phones, up from 13% in 2008.Smartphones store much more important forensic information than plain cell phonesBeing a multiple-in-one device and having OS with open API smartphones are turning into small PCs with big memory sizes, wide set of preinstalled applications and huge number of available 3rd party applications.Standard extraction methods are less effective for smartphonesAll logical protocols were developed for sync purposes, thus they can only extract a top of the iceberg. Physical analysis of gigabyte hex dumps takes a lot of time.Agent application usage is the golden meanThe Agent application approach, introduced by Oxygen Software in 2002, almost achieves the completeness of data extracted by physical methods. At the same time it works via standard cables and adaptors and allows to present the extracted data in readable and user-friendly format that is morepeculiar to logical analysis. (C) Oxygen Software, 2000-2010 http://www.oxygen-forensic.com

  19. Interested in more details? Oxygen Forensic Suite 2010 www.oxygen-forensic.com Oxygen Forensics for iPhone www.iphone-forensics.com +44 (0) 20 8133 8450(UK) +1 877 9-OXYGEN (USA) Oxygen Forensic Suite and Oxygen Forensic Suite 2010 a the trademarks of Oxygen Software. Oxygen Software LLC was founded in year 2000 and since that time our business is a PC-to-mobile communication. £499 Standard £899 Professional (C) Oxygen Software, 2000-2010 http://www.oxygen-forensic.com

More Related