Mobile Device Forensics. Rick Ayers



Similar documents
Test Results for Mobile Device Acquisition Tool: Lantern v2.3

Digital Forensics at the National Institute of Standards and Technology

Federated Testing: Well-Tested Tools, Shared Test Materials & Shared Test. Reports; The Computer Forensics Tool Catalog Website: Connecting

1 Test Results for Mobile Device Acquisition Tool viaextract v2.5

BlackLight v Test Results for Mobile Device Acquisition Tool

Deleted File Recovery Tool Testing Results

NIST Mobile Forensics Workshop and Webcast. Mobile Device Forensics: A Z

NIST CFTT: Testing Disk Imaging Tools

Validating Tools for Cell Phone Forensics

Cellebrite UFED Physical Pro Cell Phone Extraction Guide

Design and Implementation of Forensic System in Android Smart Phone

An Example of Mobile Forensics

Cell Phone Forensic Tools:

Cell Phone Forensic Tools:

Recover My Files v Test Results for Video File Carving Tool

Manual for USB, GPRS Modem

CTAP Wireless Equipment Distribution Program Factsheet

Case Study: Smart Phone Deleted Data Recovery

Cell Phone Forensics For Legal Professionals

Mobile Phone Forensic Analysis

USES OF INTERNET TECHNOLOGIES IN CHILD SEXUAL ABUSE CASES. Peer to Peer Networking TYPES OF TECHNOLOGY. Presentation Supplement. How can it be used?

User Guide. BlackBerry Storm 9530 Smartphone. Version: 4.7

Case Study: Mobile Device Forensics in Texting and Driving Cases

Mobile Operating Systems Lesson 07 Symbian OS

Palm Dialer Handbook

CSI Crime Scene Investigations

Agenda 22 maj Micro Systemation vad gör vi? XRY video. Micro Systemation AB. XRY Korta fakta. XRY Video. Mobiltelefoner som bevis.

Free University of Bozen/Bolzano Faculty of Computer Science. Thesis

Global System for Mobile Communication Technology

ER-260. SmartPhone Recovery Pro TM. User Guide. Rev Android Data Recovery Software for Windows OS

Tableau TD3 Forensic Imager Test Results for Digital Data Acquisition Tool

Mobile Phone Terminology Simplifying telecoms management

Developing Process for Mobile Device Forensics

Hands-free phone system features

Using your Encrypted BlackBerry

Mobile Device Forensics: A Brave New World?

GSMPBX version 1.3 Datasheet

Fromdistance MDM. Setting the standard in device management

Managing ios Devices. Andrew Wellington Division of Information The Australian National University XW11

MOTO. Quick Start Guide

Mitel MiCollab Client

SPYTEC 3000 The system for GSM communication monitoring

Nokia for Business. Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation

BlackBerry 10.3 Work and Personal Corporate

OXYGEN FORENSIC SUITE 2010 GETTING STARTED

Formal Education: Professional Qualifications: Professional Awards: Membership/Networking:

RHINO TRACKS STANDARD GPS VEHICLE TRACKER

Best Practices for Incident Responders Collecting Electronic Evidence

U.S. DEPARTMENT OF TRANSPORTATION FEDERAL AVIATION ADMINISTRATION National Policy

Industry Analysis of the Nigerian Mobile Technology Development

GOODS AND SERVICES TAX. A Guide On Zero-rating Telecommunication And Related Services Under Section 21(3)(q)

A Survey on Mobile Forensic for Android Smartphones

ODOT Surveyor s Conference

ZTE V790 WCDMA Mobile Phone After-sales Service Manual (Level 1) Version 1.0

Getting Started Guide

Introduction to Cloud Services

CDR500 Spy Recovery Pro

BlackBerry Internet Service. Version: User Guide

Certified Digital Forensics Examiner

Certified Digital Forensics Examiner

GSM Desktop phone DPH101. User manual v1.00

It s all about staying in touch

Policy and Profile Reference Guide

PD590-KT. Guide Android 4.4.2

Electronic Data Retention and Preservation Policy 1

Electronic Crime Scene Investigation: A Guide for First Responders, Second Edition

Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation

Pryvate App User Manual

TABLE OF CONTENTS YOUR PHONE 3

C E L L U L A R P H O N E E V I D E N C E DATA EXTRACTION AND DOCUMENTATION DET. CINDY MURPHY

Discovering Computers Chapter 3 Application Software

Your Phone This section introduces you to the hardware of the device.

LabTech Mobile Device Management Overview

The GSM and GPRS network T /301

Welcome to. Vodafone

Use of C-SIM (R-UIM) in Roaming G CDMA Latin America Regional Conference

Teleworking Technology Guide and Checklist. UW Information Technology. November 2012

Junos Pulse for Google Android

Montgomery College Course Designator/Course Number: CS 110 Course Title: Computer Literacy

Configuring connection settings

Are free Android virus scanners any good?

Certified Digital Forensics Examiner

Transcription:

Mobile Device Forensics Rick Ayers

Disclaimer Certain commercial entities, equipment, or materials may be identified in this presentation in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose.

Motivation for Mobile Device Tool Testing Mobile Device Tool Classification Acquisition Levels Evidence Sources Challenges CFTT Program Tool Validation Common Anomalies Agenda

Motivation

Mobile Device: Tool Classification Mobile Devices PDAs Windows Mobile Palm OS Non-Cellular Cellular Smart Phones BlackBerry Devices Cell Phones Non-GSM GSM Handset Subscriber Identity Module (SIM)

--Source Sam Brothers, DHS Acquisition Levels

Evidence Sources Phonebook Calendar To do list Electronic mail Instant messages Web information Electronic documents Photos Videos Audio GPS coordinates Social network data Subscriber identifiers Equipment identifiers Service Provider Last dialed numbers Phone number log Short text messages Enhanced messages Multimedia messages Last active location (voice and data) Other networks encountered

Multiple interfaces Acquisition support for old and current models Quality Control Closed mobile device operating systems Challenges

CFTT Computer Forensics Tool Testing Project James Lyle, Project Leader 100 Bureau Drive, Stop 8970 Gaithersburg, MD 20899-8970 USA E-mail cftt@nist.gov Website: www.cftt.nist.gov

CFTT Overview CFTT Computer Forensics Tool Testing Program provides a measure of assurance that the tools used in the investigations of computer-related crimes produce valid results. Directed by a steering committee composed of representatives of the law enforcement community. The steering committee selects tool categories for investigation and testing. A vendor may request testing of a tool, however the steering committee makes the decision about which tools to test. CFTT is a joint project of: NIJ, DHS, OLES, FBI, DoD, Secret Service and other agencies.

CFTT Methodology Test Specification Requirements Test Plan Test Cases and Assertions Setup and Test Procedures Final Test Report Generation

Requirements Requirements Statements that define expectations of a tool or application. Core Requirements Requirements that all mobile device acquisition tools shall meet. Optional Requirements Requirements that all mobile device acquisition tools shall meet on the condition that specified features or options are offered by the tool.

CFTT Methodology Test Specification Requirements Test Plan Test Cases and Assertions Setup and Test Procedures Final Test Report Generation

Test Plan Test Cases Describe the combination of test parameters required to test each assertion. Example: Acquire mobile device internal memory over tool-supported interfaces (e.g., cable, Bluetooth, IrDA) Assertions General statements or conditions checked after a test is executed Example: If a cellular forensic tool provides support for connectivity of the target device then the tool shall successfully recognize the target device via all tool-supported interfaces (e.g., cable, Bluetooth, IrDA).

CFTT Methodology Test Specification Requirements Test Plan Test Cases and Assertions Setup and Test Procedures Final Test Report Generation

Setup and Test Procedures Objective: Provide third parties with information for an independent evaluation or replication of posted test results. Example contents: Techniques for populating mobile devices and Subscriber Identity Modules (SIMs) ADNs, LDNs, SMS, EMS Test Case Execution Procedures

CFTT Methodology Test Specification Requirements Test Plan Test Cases and Assertions Setup and Test Procedures Final Test Report Generation

Test Report Results summary Sufficient for most readers to assess the suitability of the tool for the intended use Test case selection Test case run details Results by test assertion An overview of the test cases executed, assertions checked and any anomalies found.

Tool Validation Tool validation results issued by the CFTT project at NIST provide information necessary for: Toolmakers to improve tools Users to make informed choices about acquiring and using computer forensic tools And for interested parties to understand the tools capabilities

Common Anomalies Non-ASCII characters Truncated entries Connectivity issues Acquisitions ending in errors Subscriber related data not reported (IMEI, MSISDN) Unsuccessful recovery of non-overwritten recoverable deleted data Unsuccessful recovery of Internet and application related data

Thank You! Contact Information: Rick Ayers richard.ayers@nist.gov susan.ballou@nist.gov http://www.cftt.nist.gov http://www.cfreds.nist.gov http://www.nsrl.nist.gov

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information