Case Study: Smart Phone Deleted Data Recovery



Similar documents
Case Study: Mobile Device Forensics in Texting and Driving Cases

Case Study: Hiring a licensed Security Provider

Case Study: Cyber Stalking and Spyware in Divorce Cases

Mobile Operating Systems & Security

ONE Mail Direct for Mobile Devices

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING

BEST PRACTICES FOR A COLLECTION OF AN IOS MOBILE DEVICE

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

Massachusetts Digital Evidence Consortium. Digital Evidence Guide for First Responders

How to wipe personal data and from a lost or stolen mobile device

A Survey on Mobile Forensic for Android Smartphones

Mobile Device Management for CFAES

Cell Phone Forensics For Legal Professionals

How to Remotely Track Any Lost Smartphone, Tablet, or PC

Sophos Mobile Control User guide for Apple ios. Product version: 4

Kaspersky Security for Mobile

Feature List for Kaspersky Security for Mobile

Mobile Device Forensics: A Brave New World?

Answers to these questions will determine which mobile device types and operating systems can be allowed to access enterprise data.

MOBILE DEVICE FORENSICS 101: A GENERAL OVERVIEW OF SMARTPHONE INVESTIGATIONS

Chris Boykin VP of Professional Services

Lecture Embedded System Security A. R. Darmstadt, Introduction Mobile Security

Mobile Device Management and Security Glossary

Sophos Mobile Control User guide for Apple ios. Product version: 2 Document date: December 2011

Information Systems. Connecting Smartphones to NTU s System

BlackBerry Link for Windows. Version: User Guide

Xperia TM. Read about how Xperia TM devices can be administered in a corporate IT environment

Sophos Mobile Control User guide for Apple ios

Smart Ideas for Smartphone Security

Exchange 2010 ActiveSync: Connection

Guideline on Safe BYOD Management

MOBILE DEVICE SECURITY

BlackBerry 10.3 Work and Personal Corporate

SOMITS is located in the 1648 Pierce Drive School of Medicine Building, Suite AB51.

How To Protect The Agency From Hackers On A Cell Phone Or Tablet Device

IT Best Practices: Mobile Policies and Processes for Employeeowned

The Maximum Security Marriage:

MOBILE DEVICE SECURITY POLICY

Test Results for Mobile Device Acquisition Tool: Lantern v2.3

Security. Mobile Device FOR. by Rich Campagna, Subbu Iyer, and Ashwin Krishnan. John Wiley & Sons, Inc. Foreword by Mark Bauhaus.

Mobile Device Manual for 3G DVRs

Cellebrite UFED Physical Pro Cell Phone Extraction Guide

Android Physical Extraction - FAQ

Apple ios 8 Security

Successful ediscovery in a Bring Your Own Device Environment

AirWatch Enterprise Mobility Management. AirWatch Enterprise Mobility Management

Electronic Crime Scene Investigation: A Guide for First Responders, Second Edition

Encryption Made Simple for Lawyers

HIGH-SECURITY MOBILITY MANAGEMENT FROM BLACKBERRY

Synchronization Center

Mobile Operating Systems. Week I

Bring Your Own Device (BYOD) and Mobile Device Management.

Quick Start Guide. Version R9. English

Bring Your Own Device (BYOD) and Mobile Device Management. tekniqueit.com

SMALL BUSINESS. the basics. in telecommunications solutions

BYOD Policy for [AGENCY]

McAfee Enterprise Mobility Management Versus Microsoft Exchange ActiveSync

Choose Your Own Device (CYOD) and Mobile Device Management. gsolutionz.com

Georgia Institute of Technology Data Protection Safeguards Version: 2.0

Research Information Security Guideline

Kaseya 2. User Guide. Version 7.0. English

Sophos Mobile Control user help. Product version: 6.1

How To Protect Your Mobile Devices From Security Threats

M a as3 6 0 fo r M o bile D evice s

iphone in Business Mobile Device Management

LabTech Mobile Device Management Overview

What Happens When You Press that Button? Explaining Cellebrite UFED Data Extraction Processes

Absolute Manage MDM. John Wu Systems Engineer

When enterprise mobility strategies are discussed, security is usually one of the first topics

Getting Familiar With Android

What is Bitdefender BOX?

Corporate Mobile Policy Template

plantemoran.com What School Personnel Administrators Need to know

Full version is >>> HERE <<<

Sophos Mobile Control User guide for Android

Full version is >>> HERE <<<

Module 1: Facilitated e-learning

Bring Your Own Device. Individual Liable User Policy Considerations

Transcription:

Case Study: Smart Phone Deleted Data Recovery

Company profile McCann Investigations is a full service private investigations firm providing complete case solutions by employing cutting-edge computer forensics and traditional PI tools and techniques. For 25 years, McCann s investigators have worked in the public and private sector encompassing law enforcement, physical and electronic security and computer forensics. McCann works with Law Firms, Financial Firms, Private and Public companies and individuals in cases including contentious divorce, child custody issues, fraud, embezzlement, spyware/malware detection, civil and criminal background investigations, due diligence. McCann Investigations tools include: Computer Forensics Mobile Device Forensics Spyware/Malware Detection Network Breach Detection Digital Debugging IT Network Vulnerability Assessments Background Investigations Under Cover Work Surveillance Corporate Intelligence E-Discovery Business Situation The United States oil and gas industry has a dominant presence in the Houston area. As a result, Houston has the highest number of Fortune 500 companies second only the New York. Because of the dense concentration of companies in the Houston area who are focused on the oil and gas industry, competition becomes fierce where protection of intellectual property rights are paramount to a company s success. Most companies have very tight non-compete agreements in place with employees to ensure the protection of company assets, including intellectual property. In this case, XYZ Energy Company holds certain intellectual property rights from the design of its equipment, its drilling techniques to their customer list. Noncompete agreements are in place to deter an employee from in effect stealing intellectual property from an employer and creating a competing entity using the former employer s technology, vendors and in most cases, selling that technology to the same customers. CASE STUDY: SMARTPHONE DELETED DATA RECOVERY PAGE 2

XYZ Energy, upon learning of the formation of the competing company by its former employees contacted McCann Investigations because they believed that communications regarding the new venture had taken place on the company smartphones used by the former employees. McCann Investigations has found that in most cases involving the violation of a non-compete agreement and the theft of intellectual property theft, the former employees almost always use their company laptops or smartphones to communicate with co-conspirators. Although the data has been deleted, in most cases, that data can be recovered by an experienced computer forensics expert. It is important to note, that in order for the data to be admissible as evidence in civil or even criminal litigation, the data must be extracted and stored in a forensically sound manner by a third party licensed computer forensics examiner. Allowing the company s IT personnel to extract the data would deem the evidence contaminated and inadmissible in a court of law. It is extremely important that once the suspicion of wrong-doing arises, that the device is immediately powered down and delivered to a qualified computer forensics expert. Technical situation XYZ Energy s standard issue company phones are iphones. While iphones have by far the best security options in the smartphone market, passwords are easily cracked and data can often be recovered from several years past. It should be noted that Android and Windows based phones are even more easily accessed for forensics investigations. Factory re-setting any of these phones will essentially wipe all of the data. However, if the phone has been backed up to a laptop or a desktop, the data will be stored on that device and is recoverable. The following are the types of devices that can typically be imaged for recoverable data: Smartphones - iphones, Android, Blackberry, Microsoft Windows Mobile, Symbian Mobile phones - standard phones such as CDMA, TDMA, GSM SIM cards contained in mobile phones Removable flash storage contained in mobile devices Tablet devices - ipad, Android tablet, Microsoft tablet Other mobile devices - PDA devices, GPS devices, ipods, Palm Pilots, digital cameras, digital video recorders, digital audio recorders, MP3 players, flash storage devices, 2-way pagers CASE STUDY: SMARTPHONE DELETED DATA RECOVERY PAGE 2

Mobile device operating systems are not as standard or stable as computer operating systems, so locating and reporting on data is more difficult and time consuming than on a Mac or PC. While recovering deleted data from a smartphone is can be successful in most circumstances, there are problems which can arise in the imaging process: Standard Imaging Protocols - Mobile devices should follow standard forensic imaging protocols to avoid data being changed, written or updated on the devices. An incoming phone call could cause an older call log entry to be overwritten potentially spoiling the state of the evidence. The same can be true about allowing the mobile device to send or receive text messages, MMS, phone calls, emails, application updates, etc. Methods to prevent this include cloning the SIM card for GSM devices to prevent network access and only powering on the device in a "stronghold box" or "Faraday Bag" which prevent any types of wireless, cellular, Bluetooth, Wi-Fi or phone carrier signals from reaching the phone. Advanced Security Settings Some newer devices prevent any type of access to information without the passcode. Self-Destruct Mode - Some devices have the capability to securely erase themselves if the wrong password is entered too many times. SIM Card Passwords - Most SIM cards have hardware based password control that can lock out the card after too many wrong passwords. (Locked SIM cards can sometimes be unlocked with help from mobile provider by providing a SIM carrier specific PUK code.) Remote Self-Destruct Allows self-destruct commands to be sent remotely by Blackberry or Exchange server administrators. (This is another reason to be sure the mobile devices are handled by specially trained forensic experts with the proper equipment.) While permanently wiping data from a smart phone is possible, the average user typically is not tech savvy enough to accomplish this. In most cases, a computer forensics examiner will be able to recover deleted data. CASE STUDY: SMARTPHONE DELETED DATA RECOVERY PAGE 3

Solution McCann Investigations received smart phone of the former employee. Through forensic imaging of the device, McCann Investigators were able to recover deleted emails, text messages, call history and images from the device. Upon investigation of the text messages, emails and call history, it was determined that the employee was in communication with another former employee and they had in fact started a competing company using intellectual property of XYZ Energy. It was also determined that the former employee had been in communication with clients as well regarding the new company. With this data, extracted in a forensically sound manner, XYZ Energy was able to provide information to their attorney and begin proceedings to file civil litigations and injunctions against the former employee and their co-horts. Products and Services Used: Computer Forensics Technician Licensed Private Investigator in the State of Texas with certification is computer forensics. Oxygen Forensic Suite Leading software application to forensically image Smartphones. CASE STUDY: SMARTPHONE DELETED DATA RECOVERY PAGE 4

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information