Popular in Course
Popular in Department
verified elite notetaker
This 5 page Class Notes was uploaded by James Cha on Saturday January 17, 2015. The Class Notes belongs to a course at a university taught by a professor in Fall. Since its upload, it has received 90 views.
Reviews for TINFO444Week1.pdf
Report this Material
What is Karma?
Karma is the currency of StudySoup.
You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!
Date Created: 01/17/15
T INFO 444 1St Week CHAPTER 1 Computers vs Cell Phone Forensics Computers allow examiners a bit by bit copy an image Note Conventional forensics computer tools utilities methods and methodology may NOT be the same Unlike computers the STORAGE AREA can vary and have limitations Deleted data on phones is very specific on the make and model Phones require AT or similar communication commands Traditional USB write blocking will NOT WORK Mobile Device Forensics A branch of digital forensics relating to the recovery of digital evidence or data from a mobile device under forensically sound conditions Cell Phone Forensics The process of recovering cellular related data through forensic and validated means RECOVERING What will you need to start recovering such as data A crime or incident civil Legal process fulfilled more in depth in chapter 2 DATA Considered to be the quotmeat and potato of cell phone forensics The data tells a story There are 2 TYPES OF DATA LOGICAL and PHYSICAL VALIDATING Validating is the process that makes the exam stand up The exam is only as good as the examiner not the tool utility or method they employ to get the data REM EM BER this does NOT apply to just forensic examiners It starts with those first on the scene NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY NIST A measurement standards laboratory otherwise known as a National Metrological Institute NMI which is a nonregulatory agency of the US Department of Commerce THEIR MISSION To promote US innovation and industrial competitiveness by advancing measurement science standards and technology in ways that enhance economic security to improve our quality of life Example Excerpts 0 Organizations should ensure that their policies contain clear statements about forensic considerations involving cell phones 0 Organizations should create and maintain procedures and guidelines for performing forensic tasks on cell phones 0 Organizations should ensure that their forensic professionals are prepared to conduct activities in cell phone forensics o Forensic professionals especially first responders to incidents should understand their roles and responsibilities for cell phone forensics and receive training and education on related forensic tools policies guidelines and procedures LOGICAL DATA What you see is what you get Logical data is quotclean data in that it is pretty easy to read It is ANYTHING you can see VISUALLY stored in your phone Considered to be the most common in court SIM cards microSD cards handsets Example of SMS messages found through logical tools 123556 2533122819 Unread NEW VMAIL O URG 1 Total 86 2112013 92305 2533636784 Unsent 1m broke don ask l2f28i 2012 63230 3865069522 Read We Have Possible Job Positions For A Phone Intemiev Call 253880105 Isabella Walker HR Tacoma Office Just quotNIquot If not Interested 12232012 82336 W 8082505791 Unsent 32151m broke dont ask 1212013 34250 W 2532732418 Unsen All5601 Plate i to look on a dark 39ed mc 77 TC 791m broke dont ask Unsent What thai Im dont PHYSICAL DATA In regards to recovering deleted data it is make model and OS specific Harder to read and usually interpreted by HAND with various binaryhex tools specific to the phone in question It is TIME CONSUMING and KNOWLEDGETRAINING based How is evidence contaminated Network connectivity Police officers investigators scene technicians 0 Most Common Issues I Turning on or off the device without evaluation I No network isolation I Changing user values thumb jockey related sending a call sms etc Witnesses suspects and other individuals 0 Witnesses with good intentions can alter data Be aware of defense issues when using data from witness phones 0 Suspects have a plethora of user settings and applications at their disposal Be aware that the default location for storage can be changed This is especially true with Androids 0 Others such as parents friends and associates overdue victims can have many people sending inquiries to your target phone This comes back to network isolation Be aware that undelivered messages can hit the phone after it is powered back on Applications and other USER installed devices or settings enableddisabled o The market for smart phones allows access to install a varying degree of applications These can allow off device storage backup and communications Additionally users can quotsetup their phone to perform certain tasks These tasks do not necessarily need network connectivity to execute alarm is one example Other circumstances 0 Prolonged exposure to environments water heat rain snow etc NETWORK CONTAMINATION Phones have limited storage capacities data can be pushed out OTA commands to include applications and utilities to wipe the device remotely iOS Android Blackberry FARADAY Michael FARADAY was a British scientist chemist physicist and philosopher who greatly contributed to the fields of electromagnetism and electrochemistry His main discoveries include that of the magnetic field electromagnetic induction diamagnetism and electrolysis FARADAY The process of stopping suspending or blocking a device from receiving a signal of any kind is named after Michael Faraday Simply known as Faraday or Faradaying Examples 0 MESH Positives and Negatives I Easy to use Washable I Reusable I Touch screen issues I Cost and I May require two sheets o BAGS Positives and Negatives I Reusable Washable Cost and I Can t see interface Data cable acts as antennae 0 SINGLE USE BAGS Positives and Negatives I Cost I One time use onlyand I Allows for documentation I Easy to use 0 NO MESH OR quotFLIGHT MODE ALUMNUM FOIL Minimum 3 wraps Positives and Negatives I Can t see interface I Chargingdata cable acts as antennae I Cost I Reusability o ARSON Paint CANS Positives and Negatives I Reusability I Low cost I No datacharging cable I Can t see interface o CONTAINERS and TENTS I Generally not practical for field use I HIGH COST
Are you sure you want to buy this material for
You're already Subscribed!
Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'