New User Special Price Expires in

Let's log you in.

Sign in with Facebook


Don't have a StudySoup account? Create one here!


Create a StudySoup account

Be part of our community, it's free to join!

Sign up with Facebook


Create your account
By creating an account you agree to StudySoup's terms and conditions and privacy policy

Already have a StudySoup account? Login here

Class 05

by: Marcos Pedro Ferreira Leal Silva

Class 05 CIT 365

Marcos Pedro Ferreira Leal Silva
GPA 7.6
Mobile Device Forensics
Darren Hayes

Almost Ready


These notes were just uploaded, and will be ready to view shortly.

Purchase these notes here, or revisit this page.

Either way, we'll remind you when they're ready :)

Preview These Notes for FREE

Get a free preview of these Notes, just enter your email below.

Unlock Preview
Unlock Preview

Preview these materials now for free

Why put in your email? Get access to more of this material and other relevant free materials for your school

View Preview

About this Document

Those are my notes from the Android Devices Lecture
Mobile Device Forensics
Darren Hayes
Class Notes
25 ?




Popular in Mobile Device Forensics

Popular in Information technology

This 4 page Class Notes was uploaded by Marcos Pedro Ferreira Leal Silva on Thursday October 1, 2015. The Class Notes belongs to CIT 365 at Pace University taught by Darren Hayes in Fall 2015. Since its upload, it has received 28 views. For similar materials see Mobile Device Forensics in Information technology at Pace University.

Similar to CIT 365 at Pace

Popular in Information technology


Reviews for Class 05


Report this Material


What is Karma?


Karma is the currency of StudySoup.

You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!

Date Created: 10/01/15
Mobile Device Forensics Dr Darren Hayes Class 05 ANDROID DEVICES LECTURE Pick a team project The students were allowed to choose between 5 topics which are detailed in the pdf available in blackboard We were given few minutes to do some research about each topic and then choose a team Palestrant James lntro James is a recent graduated that works in mobile devices forensics field When he was a student one of his greatest projects was a inexpensive JTAG solution to extract data from mobiles Working for the Government he has all kinds of crimes around hind like homicides rapes child abuse etc Android vs iOS We would like to focus on comparing both systems good and bad aspects in the eye of forensics not just the final consumer eye iOS Android Closed system makes everything harder Open Code 08 to the investigator as Apple can change Major changes every new release that locations of the files encryption security are about one year measures without any communication Many different variations on each device Encrypt data when turned off and just LG Samsung HTC etc that could make decrypt it when password is provided harder to obtain the data Android Overview Android systems has many specific partitions as Boot Recovery User Data and System Files Some variations occur from one manufacturer other but those are the most basic ones To get access to the user data files and system files where usually is the sensitive data about investigation the investigator has some options 0 Brute Force Attack the password in the case which the device is password protected Usually a external tool is used as MFC Dongle This approach is extremely slow and could delete or encrypt the files after some wrong tentatives which is not the investigators desire o JTAG the device and copy all information of it but it is very slow requires that the phone is opened and requires specific tools 0 Boot modified version of the 08 with CWM ClockWork Mod or TWRP Team Win Recovery Project and configure full access to the files modifying some files as initprop in the root folder This is the easiest and fastest option butit needs to be treated with extremely care because some systems detect the alteration of the boot partition and erases every user data in that case This method is discussable and is overlooked by lawyers since that device is modified in the process as the boot partition needs to be rewritten The best argument used is that usually sensitive data is in the user and system partitions that are unaltered but it s up to each judgelawyerboss to decide how treat each case 0 Boot into download mode and copy files through ADB commands It s probably one of the safest and fastest ways to copy but just work with selected models Some operations can be easily done with ADB Android Device Bridge but it can only be used on a device if the USB Debugging mode is on in Developer Options By default the developer Options are hidden in androids and can be turned on fast tapping seven times on the build info in Preferences gt About Some files can provide extremely important info about the phone as the apndb and apsdb One provide networks information as MAC SSlD and Timestamp and the other one provides Cellular Antenna Information The most interesting part is that both are always updated even without connecting to those networks which can be extremely useful Imagine hypothetically that John Smith murder John Doe in Doe s house and then return to his own house Supposing Mr Smith had his Android phone when he visited Mr Doe s house the MAC SSlD and Timestamp would be recorded in his database even if he didn t connect to Mr Doe s network This is a great way to prove presence or trace a path httpwwwwigglecom is a great source of MAC and SSlD addresses As stated before brute force attack could allow access to the files in the device but it would take probably a long time Android phones are somehow weak in their security once you have access to the files Anyone that obtained access could get the gesturekey file that is simply a hash but it could easily be consulted in a password hash database to get the full password One of the great challenges nowadays is data encrypted in mobiles Once the data is encrypted is a hard and time consuming task to recover the data To help this some techniques as M m is used where the temperature slows down the encryption process and gives more time to the investigator to catch some data iOS Overview The security of iDevices is really good the decryption of data is done once the phone is rebooted and the password is inserted correctly If we had a phone with dead battery that s encrypted much effort is necessary to access the data The encryption is simple there is a function F that takes the PIN number which is the password plus the UID number that is a unique serial number printed on the chip inside the iDevice and executes FPN UID to encrypt all the data As we don t have access to the PIN number we use many techniques to get the UID number and then calculate the encryption function with all available PIN numbers which was about 104 but now is about 106 When Steve Jobs closes a door he opens a Window Even though is pretty hard to get data stored into a encrypted iDevice most of them uses cloud services that could be easily approached in other ways with legal requisitions taking the hard part away from the forensic investigator and making this specific part bureaucratic


Buy Material

Are you sure you want to buy this material for

25 Karma

Buy Material

BOOM! Enjoy Your Free Notes!

We've added these Notes to your profile, click here to view them now.


You're already Subscribed!

Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'

Why people love StudySoup

Bentley McCaw University of Florida

"I was shooting for a perfect 4.0 GPA this semester. Having StudySoup as a study aid was critical to helping me achieve my goal...and I nailed it!"

Amaris Trozzo George Washington University

"I made $350 in just two days after posting my first study guide."

Jim McGreen Ohio University

"Knowing I can count on the Elite Notetaker in my class allows me to focus on what the professor is saying instead of just scribbling notes the whole time and falling behind."


"Their 'Elite Notetakers' are making over $1,200/month in sales by creating high quality content that helps their classmates in a time of need."

Become an Elite Notetaker and start selling your notes online!

Refund Policy


All subscriptions to StudySoup are paid in full at the time of subscribing. To change your credit card information or to cancel your subscription, go to "Edit Settings". All credit card information will be available there. If you should decide to cancel your subscription, it will continue to be valid until the next payment period, as all payments for the current period were made in advance. For special circumstances, please email


StudySoup has more than 1 million course-specific study resources to help students study smarter. If you’re having trouble finding what you’re looking for, our customer support team can help you find what you need! Feel free to contact them here:

Recurring Subscriptions: If you have canceled your recurring subscription on the day of renewal and have not downloaded any documents, you may request a refund by submitting an email to

Satisfaction Guarantee: If you’re not satisfied with your subscription, you can contact us for further help. Contact must be made within 3 business days of your subscription purchase and your refund request will be subject for review.

Please Note: Refunds can never be provided more than 30 days after the initial purchase date regardless of your activity on the site.