1 / 15

How the heck do they know that? The state of Computer and Cell Phone Forensics

How the heck do they know that? The state of Computer and Cell Phone Forensics. Ralph Gorgal , G-C Partners, LLC David Cowen, G-C Partners, LLC. Who the heck are you?. Author of Hacking Exposed: Computer Forensics (1 st – 3 rd editions)

yen-doyle
Download Presentation

How the heck do they know that? The state of Computer and Cell Phone Forensics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. How the heck do they know that? The state of Computer and Cell Phone Forensics Ralph Gorgal, G-C Partners, LLC David Cowen, G-C Partners, LLC

  2. Who the heck are you? • Author of Hacking Exposed: Computer Forensics (1st – 3rd editions) • Author of Infosec Pro Guide to Computer Forensics • Co-Author of Anti Hacker Toolkit 3rd Edition • Expert Witness in Computer Forensics • Captain of the National Collegiate Cyber Defense Competition Redteam • Developer of Triforce ANJP

  3. What the heck are we talking about? • Computers and cell phones • The state of smart phones as computers • Standard Forensics on phones • Recovery of deleted data • The Cloud • Device Specific data sources

  4. Ask Questions! • As we go ask questions, this talk is for you .. I already know this stuff

  5. Cell phones as computers • Smart phones have more processing power than your first computer • Smart phones have their own operating systems • Manufacturers control who gets to be the administrator of the OS • Forensic examiners work within their confines, unless they can break out jail

  6. Standard Forensics on Cell Phones • Logical Extraction • Support by almost every manufacturer • Same function as a standard backup • Physical Extraction • Requires a ‘jailbreak’ or some other bypass technique • Allows full access to the underlying device

  7. Recovery of Deleted Data • Deleted database records (Logical and Physical) • Deleted Files (Physical) • Old Backups, we talk more about this later

  8. Advanced Recovery Techniques • JTAG • Chip Off • MicroRead

  9. Cloud Storage • iCloud, OneDrive, Google Drive its all in the cloud • Cloud Storage • Cloud Backups

  10. Computer and Cell Phone interaction • Data Transfer • Backups

  11. iPhone • iTunes • Backups • Data Transfer • iCloud • Generational Backups • Data Transfer

  12. Android • Google Drive • Backups • Data Transfer • History Sync • User data • Data from all other Google connected devices

  13. Windows Phone • OneDrive • Backup • Encryption Keys • Data Transfer • Search History • Desktop sync

  14. Blackberry • Blackberry Desktop Manager • Backups • Data Transfer

  15. Questions? • Email: dcowen@g-cpartners.com • Twitter: @hecfblog • Blog: www.learndfir.com

More Related