archives

Mobile Devices

This category contains 40 posts

The Future of Mobile Forensics

by Oleg Afonin, Danil Nikolaev & Yuri Gubanov © Belkasoft Research 2015 Most would agree that the golden age of mobile forensics is over. There is no longer an easy way to get through the passcode in new iOS devices running the latest version of iOS. Chip-off acquisition is dead for iOS devices due to … Continue reading

Capturing RAM Dumps and Imaging eMMC Storage on Windows Tablets

Oleg Afonin, Danil Nikolaev, Yuri Gubanov © Belkasoft Research 2015 While Windows desktops and laptops are relatively easy to acquire, the same cannot be said about portable Windows devices such as tablets and convertibles (devices with detachable keyboards). Having no FireWire ports and supplied with a limited set of external ports, these devices make attaching … Continue reading

SQLite Database Forensics – ‘Sleep Cycle’ Case Study

Recently one of our users, Dan Saunders, was kind enough to write up his experience using the Forensic Browser for SQLite on a database that was not supported by any other forensics tools – this is his story: SQLite databases are becoming more and more of a focus point for the present day Digital Forensics … Continue reading

Extracting data from dump of mobile devices running Android operating system

In this article, we are going to tell about opportunities of utilizing programs that are used on a day-to-day basis in computer forensics and examination for analysis of mobile devices running Android operating system. Introduction Most of the mobile devices in the world run Android operating system. It is no wonder that such devices are … Continue reading

Development of Digital Forensic Tools on Mobile Device, a Potential Area to Consider?

Case Study: MobileTriage – JPEG Metadata Triage – Automated Extraction of Information using Mobile Forensic Tools Background Mobile devices are now becoming part of our daily lives. These devices can now perform tasks or activities that were normally being processed in a normal desktop or laptop computers. Attachment to such devices is immensely increasing in … Continue reading

How To Decrypt WeChat EnMicroMsg.db Database?

WeChat is a smartphone application where users can chat with their friends, share pictures, videos and audio chats. Users can also make free video calls and voice calls with their friends as long as they have Internet connection. Recently, we received a request from the law enforcement agency to extract WeChat chat messages from an Android mobile … Continue reading

Why Offender Profiling is Changing Thanks to Mobile Forensics and Increasingly ‘Social’ Criminal Activity

by Yuval Ben-Moshe, senior director of forensic technologies at Cellebrite Mobile forensics has changed the methodology when it comes to offender profiling.  The frequent use of mobile devices has provided investigators with another source for profiling criminal suspects, as well as an insight into their habits and personalities. This is not just because of the … Continue reading

Samsung Galaxy Android 4.3 Jelly Bean acquisition using Joint Test Action Group (JTAG)

There have been some issues during data acquisitions with Samsung Galaxy having the Android 4.3, Jelly Bean as the operating system even if using the recommended steps for Logical File Dump, File System, or Physical Acquisitions for Cellebrite UFED Touch, Classic, and UFED4PC. All were unable to connect even if the mobile device was in … Continue reading

Webmail Forensics – Digging deeper into Browsers and Mobile Applications

Almost everyone who uses the Internet has a web-based email account. Many people have two or more, so the likelihood of a forensic investigator coming across a case involving webmail communication is very high. While law enforcement examiners can ask service providers for the email contents through a court order, corporate and non-government examiners have … Continue reading

WhatsApp – discovering timestamps of deleted messages

ABSTRACT:  This is a procedure for locating and parsing deleted messages timestamps in Android WhatsApp database. I did a little reverse engineering, using the hexadecimal tool of Physical Analyzer (UFED by Cellebrite), of the database of the popular messaging app WhatsApp for Android, because P.A. 3.8.6 does not display deleted messages WhatsApp, at least on … Continue reading

Man In The Middle Attack: Forensics

Yes, that’s right! Mr. Upset did not post ‘I am hating my new job’ as it appears in Figure 2, instead he wrote ‘I am loving my new job’. Then how did it happen and who did it? This article aims at addressing these questions. We fabricate a case where a person is an object … Continue reading

Extracting Evidence from Destroyed Skype Logs and Cleared SQLite Databases

Summary This article describes common approaches used for the recovery of cleared Skype histories and deleted chat logs, and discusses methods and techniques for recovering evidence from cleared and damaged SQLite databases. Introduction It is difficult to underestimate popularity of Skype. Hundreds of millions of people use Skype every day, generating a lot of potential … Continue reading

Analysis Of iOS Notes App

As part of my third year studying Digital Security,Forensics & Ethical Hacking at GCU, I took part in a group research project to study the artifacts created when using the notes app on an iPad Mini, and if they could be used as evidence. This post is really just going to explain what I did, … Continue reading

Streamlining Digital Forensics through Google Glass Eyes

The world of digital forensics involves the use of a very diverse array of tools, some highly specialized and technical and others pretty simple, as we all know, and these tools are constantly evolving as the digital landscape itself changes and becomes more complex (and more defensive if we’re also talking about those who try … Continue reading

Cyber Security Challenge in Scotland

Towards the end of August, I was part of the team who were offered to help out and participate at an exciting event held at Glasgow Caledonian University. The event ran over five days with each day varied in content and different challenges. In this post I aim to give a rough breakdown of each … Continue reading

Follow

Get every new post delivered to your Inbox.

Join 798 other followers