archives

mobile forensics

This tag is associated with 31 posts

New Security Measures In iOS 11 And Their Forensic Implications

by Oleg Afonin, Elcomsoft Apple is about to launch its next-generation iOS in just a few days. Researching developer betas, we discovered that iOS 11 implements a number of new security measures. The purpose of these measures is better protecting the privacy of Apple customers and once again increasing security of device data. While some … Continue reading

Cellular GPS Evidence: Waze + Cellebrite + CellHawk

by Patrick Siewert, Principal Consultant, Pro Digital Forensic Consulting It’s becoming common knowledge that location evidence on cellular devices can provide a wealth of evidence in any number of civil, criminal and investigative matters. Law enforcement agencies use cellular location evidence from service providers to help place a criminal suspect at or near a crime … Continue reading

Remote Forensics Of Windows 10 Mobile Devices

by Oleg Afonin, Elcomsoft Microsoft has developed Windows 10 as the one OS for all types of devices from servers to wearables. Desktops, laptops, two-in-ones, tablets and smartphones can (and do) run a version of Windows 10. There are countless forensic tools for acquiring evidence from the desktop version of Windows 10, much less for … Continue reading

Internet Of Things Mobility Forensics

by K M Sabidur Rahman & Matt Bishop (University of California Davis) and Albert Holt (NSA) Abstract The Internet of Things (IoT) comes with great possibilities as well as major security and privacy issues. Although digital forensics has long been studied in both academia and industry, mobility forensics is relatively new and unexplored. Mobility forensics deals … Continue reading

Samsung sBrowser – Android Forensics: A Look Into The Cache Files

by Robert Craig and Michael Lambert Abstract Samsung devices are a large portion of the Android OS market.  Samsung has its own Internet Browser, “sbrowser”, installed onto their devices.  All web browsers leave artifacts from user activity.  The “sbrowser” cache files were similar to other browsers.  An embedded source URL gave insight where the cached … Continue reading

Unlocking The Screen of an LG Android Smartphone with AT Modem Commands

by Oleg Davydov, CTO, Oxygen Forensics Modern smartphones are much more than just a device for voice calls. Now they contain a lot of personal data – contact list, communication history, photos, videos, Geo tags etc. Most smartphones can also work as a modem. Almost every modem is Hayes-compatible which means it supports commands of the … Continue reading

Mobile Forensics Monkey Wrench: iOS 10.2 and Encryption

by Patrick Siewert, Pro Digital Forensic Consulting It’s not secret to those involved in the study and practice of mobile forensics that Apple likes to throw us curve balls with almost every new iteration of the iOS operating system. It turns out, iOS 10.2 is no different (released December 12, 2016). A conversation began recently … Continue reading

Meeting A Forensic Challenge: Recovering Data From A Jolla Smartphone

by Davide Gabrini, Andrea Ghirardini, Mattia Epifani and Francesco Acchiappati Preface During the hacking camp MOCA 2016, at the end of a talk held by Davide “Rebus” Gabrini on passcode circumvention methods on mobile devices, a bystander offered an intriguing challenge: he offered for research purposes a smartphone to find out if and how someone … Continue reading

The Future of Mobile Forensics: November 2015 Follow-Up

by Oleg Afonin, Danil Nikolaev, Yuri Gubanov Mobile forensics is a moving target. In our recent article, “The Future of Mobile Forensics”, we described acquisition techniques that used to be state-of-the art back then. Weeks later, some things had changed already. Three months after the publication a lot of things have changed. Our publication was … Continue reading

The Future of Mobile Forensics

by Oleg Afonin, Danil Nikolaev & Yuri Gubanov © Belkasoft Research 2015 Most would agree that the golden age of mobile forensics is over. There is no longer an easy way to get through the passcode in new iOS devices running the latest version of iOS. Chip-off acquisition is dead for iOS devices due to … Continue reading

Capturing RAM Dumps and Imaging eMMC Storage on Windows Tablets

Oleg Afonin, Danil Nikolaev, Yuri Gubanov © Belkasoft Research 2015 While Windows desktops and laptops are relatively easy to acquire, the same cannot be said about portable Windows devices such as tablets and convertibles (devices with detachable keyboards). Having no FireWire ports and supplied with a limited set of external ports, these devices make attaching … Continue reading

Webmail Forensics – Digging deeper into Browsers and Mobile Applications

Almost everyone who uses the Internet has a web-based email account. Many people have two or more, so the likelihood of a forensic investigator coming across a case involving webmail communication is very high. While law enforcement examiners can ask service providers for the email contents through a court order, corporate and non-government examiners have … Continue reading

Bitcoin Forensics Part II: The Secret Web Strikes Back

In last week’s post, we talked about Bitcoin, Tor and some of the hidden websites only accessible via Tor, such as Silk Road, which was shut down by the FBI on October 1st. Well, just over a month later and Silk Road is back online: You can reach the new site at this link (again, … Continue reading

Bitcoin Forensics – A Journey into the Dark Web

There has been a lot of buzz around Tor, Bitcoin, and the so-called “dark web” (or “deep web”) since the FBI shut down the underground website “Silk Road” on Oct 1st. As many of you already know, Tor is a network of encrypted, virtual tunnels that allows people to use the internet anonymously, hiding their … Continue reading

Geo-tag Forensics

Introduction A geo-tagged image is an image which holds geographical identification metadata. This data consists of latitude and longitude co-ordinates (sometimes altitude also). Though there are some extremely powerful tools available for extracting geo-tag information from geo-tagged images but the insight knowledge of how a tool actually works and gets the data for us is … Continue reading

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 986 other followers