Utilizing Regent University library and Internet resources, research legal issues related to mobile device forensic activities. Share your findings. 300 words
Utilizing Regent University library and Internet resources, research legal issues related to mobile device forensic activities. Share your findings.
300 words
https://libguides.regent.edu/az/databases
Guide to Computer Forensics and Investigations Sixth Edition Chapter 12
Mobile Device Forensics and the Internet of Anything
‹#›
Guide to Computer Forensics and Investigations Sixth Edition
Chapter 12
Mobile Device Forensics
1
Explain the basic concepts of mobile device forensics
Describe procedures for acquiring data from mobile devices
Summarize the challenges of forensic acquisitions of data stored on Internet of Anything devices
Objectives
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
People store a wealth of information on cell phones
People don’t think about securing their phones
Items stored on cell phones:
Incoming, outgoing, and missed calls
Multimedia Message Service (MMS; text messages) and Short Message Service (SMS) messages
E-mail accounts
Instant-messaging (IM) logs
Web pages
Pictures, video, and music files
Understanding Mobile Device Forensics (1 of 3)
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
Items stored on cell phones: (cont’d)
Calendars and address books
Social media account information
GPS data
Voice recordings and voicemail
Bank account logins
Access to your home
A search warrant is needed to examine mobile devices because they can contain so much information
Understanding Mobile Device Forensics (2 of 3)
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
Investigating cell phones and mobile devices is a challenging tasks in digital forensics
No single standard exists for how and where phones store messages
New phones come out about every six months and they are rarely compatible with previous models
Understanding Mobile Device Forensics (3 of 3)
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
Mobile phone technology has advanced rapidly
By the end of 2008, mobile phones had gone through three generations:
Analog
Digital personal communications service (PCS)
Third-generation (3G)
Fourth-generation (4G) was introduced in 2009
Several digital networks are used in the mobile phone industry
Fifth-generation (5G) cellular networks
Expected to be finalized in 2020, will incorporate emerging technologies
Mobile Phone Basics (1 of 5)
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
Most Code Division Multiple Access (CDMA) networks conform to IS-95
These systems are referred to as CDMAOne
When they went to 3G services, they became CDMA2000
Global System for Mobile Communications (GSM) uses the Time Division Multiple Access (TDMA) technique
Multiple phones take turns sharing a channel
Mobile Phone Basics (2 of 5)
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
The 3G standard was developed by the International Telecommunications Union (ITU) under the United Nations
It is compatible with CDMA, GSM, and TDMA
The Enhanced Data GSM Environment (EDGE) standard was developed specifically for 3G
Mobile Phone Basics (3 of 5)
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
4G networks can use the following technologies:
Orthogonal Frequency Division Multiplexing (OFDM)
Mobile WiMAX
Ultra Mobile Broadband (UMB)
Multiple Input Multiple Output (MIMO)
Long Term Evolution (LTE)
Mobile Phone Basics (4 of 5)
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
Main components used for communication:
Base transceiver station (BTS)
Base station controller (BSC)
Mobile switching center (MSC)
Mobile Phone Basics (5 of 5)
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
Mobile devices can range from simple phones to smartphones, tablets, and smartwatches
Hardware components
Microprocessor, ROM, RAM, a digital signal processor, a radio module, a microphone and speaker, hardware interfaces, and an LCD display
Most basic phones have a proprietary OS
Although smartphones use the same OSs as PCs
Inside Mobile Devices (1 of 5)
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
Phones store system data in electronically erasable programmable read-only memory (EEPROM)
Enables service providers to reprogram phones without having to physically access memory chips
OS is stored in ROM
Nonvolatile memory
Available even if the phone loses power
Inside Mobile Devices (2 of 5)
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
Personal digital assistants (PDAs) have been mostly replaced by iPods, iPads, and other mobile devices
Their use has shifted to more specific markets
Such as medical or industrial PDAs
Peripheral memory cards used with PDAs:
Compact Flash (CF)
MultiMediaCard (MMC)
Secure Digital (SD)
Inside Mobile Devices (3 of 5)
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
Subscriber identity module (SIM) cards
Found most commonly in GSM devices
Consist of a microprocessor and internal memory
GSM refers to mobile phones as “mobile stations” and divides a station into two parts:
The SIM card and the mobile equipment (ME)
SIM cards come in three sizes
Portability of information makes SIM cards versatile
Inside Mobile Devices (4 of 5)
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
Subscriber identity module (SIM) cards (cont’d)
The SIM card is necessary for the ME to work and serves these additional purposes:
Identifies the subscriber to the network
Stores service-related information
Can be used to back up the device
Many phones now include SD cards for external storage
Inside Mobile Devices (5 of 5)
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
The main concerns with mobile devices are loss of power, synchronization with cloud services, and remote wiping
All mobile devices have volatile memory
Making sure they don’t lose power before you can retrieve RAM data is critical
Mobile device attached to a PC via a USB cable should be disconnected from the PC immediately
Helps prevent synchronization that might occur automatically and overwrite data
Understanding Acquisition Procedures for Mobile Devices (1 of 7)
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
Depending on the warrant or subpoena, the time of seizure might be relevant
Messages might be received on the mobile device after seizure
Isolate the device from incoming signals with one of the following options:
Place the device in airplane mode
Place the device in a paint can
Use a Faraday bag
Turn the device off
Understanding Acquisition Procedures for Mobile Devices (2 of 7)
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
The drawback of using these isolating options is that the mobile device is put into roaming mode
Accelerates battery drainage
SANS DFIR Forensics recommends:
If device is on and unlocked – isolate it from the network, disable the screen lock, remove passcode
If device is on and locked – what you can do varies depending on the type of device
If device is off – attempt a physical static acquisition and turn the device on
Understanding Acquisition Procedures for Mobile Devices (3 of 7)
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
Check these areas in the forensics lab :
Internal memory
SIM card
Removable or external memory cards
Network provider
Checking network provider requires a search warrant or subpoena
A new complication has surfaced because backups might be stored in a cloud provided by the carrier or third party
Understanding Acquisition Procedures for Mobile Devices (4 of 7)
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
Due to the growing problem of mobile devices being stolen, service providers have started using remote wiping to remove a user’s personal information stored on a stolen device
Memory storage on a mobile device is usually a combination of volatile and nonvolatile memory
The file system for a SIM card is a hierarchical structure
Understanding Acquisition Procedures for Mobile Devices (5 of 7)
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
Understanding Acquisition Procedures for Mobile Devices (6 of 7)
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
Information that can be retrieved falls into four categories:
Service-related data, such as identifiers for the SIM card and the subscriber
Call data, such as numbers dialed
Message information
Location information
If power has been lost, PINs or other access codes might be required to view files
Understanding Acquisition Procedures for Mobile Devices (7 of 7)
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
Mobile forensics is an evolving science
Biggest challenge is dealing with constantly changing phone models
Procedures for working with mobile forensics software:
Identify the mobile device
Make sure you have installed the mobile device forensics software
Attach the phone to power and connect cables
Start the forensics software and download information
Mobile Forensics Equipment (1 of 6)
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
SIM card readers
A combination hardware/software device used to access the SIM card
You need to be in a forensics lab equipped with appropriate antistatic devices
General procedure is as follows:
Remove the device’s back panel
Remove the battery
Remove the SIM card from holder
Insert the SIM card into the card reader
Mobile Forensics Equipment (2 of 6)
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
SIM card readers (cont’d)
A variety of SIM card readers are available
Some are forensically sound and some are not
Documenting messages that haven’t been read yet is critical
Use a tool that takes pictures of each screen
Mobile phone forensics tools and methods
AccessData FTK Imager
MacLockPick 3.0
Mobile Forensics Equipment (3 of 6)
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
NIST guidelines list six types of mobile forensics methods:
Manual extraction
Logical extraction
Physical extraction
Hex dumping and Joint Test Action Group (JTAG) extraction
Chip-off
Micro read
Mobile Forensics Equipment (4 of 6)
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
Paraben Software offers several tools:
E3:DS – for mobile device investigations
DataPilot – has a collection of cables that can interface with phones from different manufacturers
BitPam – used to view data on many CDMA phones
Cellebrite UFED Forensic System – works with smartphones, PDAs, tablets, and GPS devices
MOBILedit Forensic – contains a built-in write-blocker
Mobile Forensics Equipment (5 of 6)
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
Software tools differ in the information they display and the level of detail
Some tools are designed for updating files, not retrieving data
In general, tools designed to edit information, although they are user friendly, usually aren’t forensically sound
Mobile Forensics Equipment (6 of 6)
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
Cellebrite is often used by law enforcement
You can determine the device’s make and model, learn what has to be done before connecting a mobile device to the UFED device, and then retrieve the data
Three options for data extraction:
Logical
File system
Physical
You can also simply connect a mobile device to a computer to browse the file system and examine and retrieve files
Needs a USB write-blocker
Using Mobile Forensics Tools (1 of 4)
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
Using Mobile Forensics Tools (2 of 4)
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
Using Mobile Forensics Tools (3 of 4)
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
Many mobile forensics tools are available
Most aren’t free
Methods and techniques for acquiring evidence will change as market continues to expand and mature
Subscribe to user groups and professional organizations to stay abreast of what’s happening in the industry
Using Mobile Forensics Tools (4 of 4)
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
In 2010, VMware and BlackBerry were developing
Type 2 hypervisors for mobile devices
Useful for security and protecting personal information but will add another level of complexity to forensics investigations
Separate personal information from business-related data
Bring your own device (BYOD) practices make it even more difficult
Internet of Things (IoT)
The number of devices that connect to the Internet is higher than the amount of people
That number is expected to reach 50 billion in the next few decades
Understanding Forensics in the Internet of Anything (1 of 3)
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
Evolution from Internet of Thing (IoT) to Internet of Everything (IoE) to Internet of Anything (IoA)
IoE adds features that aren’t tangible but are widespread on the Internet
Google search engine and YouTube
IoA includes cars, homes, pets, livestock, and applications for making all these things work together
Eventually will include 5G smart devices
5G devices categories:
enhanced Mobile Broadband (eMBB)
Ultra-reliable and Low-latency Communications (uRLLC)
massive Machine Type Communications (mMTC)
Understanding Forensics in the Internet of Anything (2 of 3)
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
5G devices introduce new challenges for digital forensics:
People-to-device communications (P2D)
Device-to-device (D2D) communications
Device-to-cloud (D2C) communications
Wearable computers will pose many new challenges for investigators
Vehicle system forensics
Addresses the many parts that have sensors in cars
Understanding Forensics in the Internet of Anything (3 of 3)
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
People store a wealth of information on smartphones, including calls, text messages, picture and music files, address books, and more
Mobile devices have gone through four generations: analog, digital personal communications service (PCS), third-generation (3G), and fourth-generation (4G)
5G standards are being negotiated and developed by the IMT 2020 working group of the International Telecommunications Union
Mobile devices range from basic, inexpensive phones used primarily for phone calls to smartphones
Summary (1 of 3)
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
Data can be retrieved from several different places in phones
Use of personal digital assistants (PDAs) has declined due to the popularity of smartphones
As with computers, proper search and seizure procedures must be followed for mobile devices
To isolate a mobile device from incoming messages, you can put it in airplane mode, turn the device off, or place it in a special treated paint can or evidence bag
SIM cards store data in a hierarchical file structure
Mobile device forensics is becoming more important as these devices grow in popularity
Summary (2 of 3)
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
Many software tools are available for reading data stored in mobile devices
The Internet of Things (IoT) has resulted in yet another challenge for digital forensics investigators
Collecting information from wearable computers will pose many new challenges for investigators
Summary (3 of 3)
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use.
‹#›
image1.png
image2.png
image3.png
image4.jpeg
image5.png
image6.png
image7.jpeg
image8.png
image15.png
image16.jpeg
image17.jpg
image18.jpeg
image19.jpeg
,
Guide to Computer Forensics and Investigations Sixth Edition Chapter 11
E-mail and Social Media Investigations
‹#›
Guide to Computer Forensics and Investigations Sixth Edition
Chapter 11
E-mail and Social Media Investigations
1
Explain the role of e-mail in investigations
Describe client and server roles in e-mail
Describe tasks in investigating e-mail crimes and violations
Explain the use of e-mail server logs
Describe some specialized e-mail forensics tools
Explain how to apply digital forensics methods to investigating social media communications
Objectives
© 2019 Cengage. May not be copied, scanned, or duplicated, in whole or in part
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.