SlideShare a Scribd company logo

MOBILE FORENSICS RESEARCH ON ANDROID AND BLACKBERRY

STO STRATEGY
STO STRATEGY

The document discusses techniques for analyzing data from BlackBerry and Android mobile devices for forensic purposes. It compares the approaches used for each mobile operating system and describes the types of data that can be extracted, including contacts, messages, call history, photos and more. The document outlines both logical extraction techniques using forensic software as well as physical acquisition methods. It also discusses challenges like password protection, network isolation techniques to prevent remote wiping, and bypassing authentication to access encrypted device data.

Technology
1 of 8
Download to read offline
ANDROID FORENSICS MOBILE VOl.2NO.4 STEP BY STEP ANALYSIS OF FACEBOOK AND TWITTER DATA ON ANDROID DEVICES EMULATION DETECTION TECHNIQUES FOR ANDROID ANDROID FORENSICS A CASE STUDY OF THE NAXUS S VIRTUAL DEVICE APPROACH TO EXTRACTING DATA USING HARDWARE AND SOFTWARE MECHANISMS POTENTIAL IDENTITY THEFT OVER APPLE’S iOS DEVICES CELLEBRITE A “STANDARD” IN MOBILE FORENSICS HOW TO ADDRESS END USER RISK AGREEMENT FOR BYOD Issue 03/2013 (8) April
STATE_OF_ART OF MOBILE FORENSICS Comparative research of techniques on BlackBerry OS (incl. PlayBook) and Android OS by Yury Chemerkin At present, the BlackBerry holds the palm of insufficient security examination despite of existing approaches more than Android (because Android was not developed to be secured) but all security techniques implemented in these mobile devices are indecisive argument on security. It means its argument to the forensics. All security agencies are facing with dealing with mobiles forensics repeatedly. What you will learn: • What’s the difference between similar mobile OS based on different kernels (BB OS, Playbook OS) • How’s differ the Android forensics from BlackBerry What you should know: • Basic knowledge on forensics Android & BlackBerry • Basic knowledge on classic forensics techniques and live forensics (live monitoring) techniques 22 F orensics tools may give incredible opportunity to gain all kind of data but there are too many slight objections. Until companies go in only one of ways – classic forensics or live monitoring (DLP or else) – it fails, because of limited cases and therefore forensics field need more effective synthesis of mechanism. Introduction Mobile device forensics is relating to recovery of digital evidence or data from a mobile device. The memory type, custom interface and proprietary nature of mobile devices require a different forensic process compared to other forensics. Mobile extraction techniques tend to be unique less especially throughout logical acquisition. This level manages with known data types for any user and this data set rarely differs among of iOS, Android or BlackBerry. Data set often contains the following items such as messages (SMS/ MMS/Email/IM), social network data, contacts, calendar, phone logs, wallet and other financial application data, media data (Audio/Photos/Videos) and other data even file structure, browser data (web history as a timeline and bookmarks), and shared folders. Nowadays mobile devices provide amount of features to integrate all possible communications following aggregation with data on BlackBerry as well as Android. The native and third party applications often connect to the email, maps IM messenger and social statutes. They keep users connected and do far more. The BlackBerry apps environment is known is wide-bind and amazing than Android. On another hand, An-
STATE_OF_ART OF MOBILE FORENSICS droid has enough not only third-party applications that is very different but also hundreds variations depend on manufacturer. As opposed to the BlackBerry PlayBook is on QNX OS offers implemented modern technologies take away from real development. All above brings in the zoo-world of mobile phones and highlights issues of misusing security techniques in development area. New special skills that forensics experts required rarely based on experience only. Each year the classic forensics techniques face on a huge problem while live forensics (or live monitoring) gives new opportunities to manipulate with data. Sometimes, company IT Policy or OS vision may be helpful to be sure that no triggers will break investigation. Physical approach is trust but nonoperability, while logical is more dangerous because of synchronization process via network, cellular, and OTA. There are too many cases when it cannot afford not to use prevent methods or tools to simplify the classic forensics. This paper describes technical problems encountered by forensics as well as different live solutions maybe useful and those became “right” way with vendors’ development. Approach There are several techniques are pertaining to mobile forensic: • Physical acquisition technique is a bit-by-bit copy of an entire physical stories, doing a full physical copy (i.e., all the bits in memory, not just the files) of the entire memory store on the device. • Logical acquisition technique is a bit-by-bit copy of logical storage objects (e.g., directories and files). • Using commercially available forensic software tools (as extend previous) which, as time passes, are becoming increasingly more capable and sophisticated. • Backup – this technique is relatively easy, and it allows a significant amount of user-created data (photographs, songs, and emails, texts) to be preserved. • Manual acquisition technique is user interface utilizing to get pictures of data from the screen, simply manipulating the phone (by navigating through the email, photographs, or contacts list, for example) while videotaping and/or photographing the results. As the manual acquisition has no difference among mobile devices, so it would be missed as well as physical acquisition aimed to gain deleted data without relying on the file system itself. Logical techniques highlights easy and fast data extracting, "simple" data type (format) or SQL-based type (format). www.eForensicsMag.com Potential Data as Evidence Potential attack vector can be various, however, the most popular of them are: Table 1. Extractable data Type OS BlackBerry BlackBerry Smarpthone Playbook Address Book + - Calendar Events + - Call History + - Browser history and bookmarks + + Process Management + - Memos and Tasks + - Screen-shots + + Camera-shots + + Videocamera-shots + + Clipboard + + Location tracking (cell, wifi, + gps, bluetooth) + SMS/MMS/Emails/IM + - Saved Messages + - Pictures, Videos, Voice notes, and other files + + File and Folder structure + + IMs + - Passwords + + Clipboard + + Network Isolantion One of the main ongoing considerations for analysts is preventing the device from any network changes that is achievable for PlayBook sometimes, which has not cellular connection, but only a network connection (Wi-Fi, 4G). As mentioned early it might bring in new data. However, any interaction with the devices like plugging and unplugging the device will modify them. The first idea is dismounting encryption or preventing of blocking to examine the device while it is running. PlayBook as another else device is difficult to analyze forensically without negative affecting because of storage cannot be easily removed, storage is only internal and there no external storage like SD-card as it is for BlackBerry smartphone. The worst case in forensics is remote wiping initiated or data added/overwritten outside control from any triggers often SMS or incoming call is impossible through BlackBerry Bridge even: SMS for 23
BlackBerry Bridge simply didn’t developed and incoming call notification cannot be caught as well as all Bridge’s events throughout API. Nevertheless, forensics experts still have to prevent a connection. A powerful way “airplane mode” (or the same named in different way) helps. Android problem to stop network communications is awful GUI and forensics officer should press and hold the Power off button and select Airplane mode at first (if this hotkey will work) or then press Menu (from the home screen), Settings, finally, the Wireless option which is generally near the top. It’s only to disable cellular network while to block wireless connection like Bluetooth or Wi-Fi he have to walk out home screen to the settings that have upset because time is counting and no one can be sure if setting GUI is the same among devices. BlackBerry allows do it very quickly by clicking on tray on home screen. Push-Technology BlackBerry (smartphone) was primary engineered for email and come with a built-in mobile phone providing access to the email from anywhere. It is always on and participating in wireless push technology and does not require any kind of desktop synchronization like the others. BlackBerry PlayBook is an add-on for BlackBerry smartphone only, because BlackBerry Bridge accesses mail, calendaring and contacts directly from a tethered BlackBerry phone. PlayBook does not have neither push technology for email/ calendar/else (only IMAP4 and POP3 except MS Exchange link) nor BIS except BlackBerry Mobile Fusion that managed non-blackberry smartphone devices and BES existed in company. In addition, email and social accounts may broke and ask user reenter his password that may help to discard pushing data. It means the PlayBook is not all always on there is rarely types of information can be pushed to it following overwriting or deletion. Similar to the PlayBook, Android gives a time to change network state. For example, only main email box folders maybe changed via IMAP or Exchange because PlayBook or Android need a time or manually “update”-button pressing to retrieve new data from Internet. As opposed to smartphone, PlayBook and Android was made filled by stand-alone applications that might use internet connect in standby mode or when applications swiped down; by default, PlayBook has option to restrict activity in this state. The PlayBook address-book application has Facebook, Twitter and LinkedIn connections, but synchronizing has never happened before user runs application and waits until it is done. Sometimes it takes one minute even or more. 24 Password Protection BlackBerry devices come with password protection and attempt limit (by defaults – five out ten, min – three out ten; PlayBook may differ from five to ten where “ten” is often for PlayBook device and “five” is for BlackBerry Desktop Software and plugged PlayBook). If it is exceed, device will wipe then (factory resetting). All data stored on external memory will keep because that’s not part of the factory configuration if talking about smartphone not PlayBook, which has not external storage. The ability to circumvent the pass code on an Android device is becoming more important as they are utilized frequently and do not allow data extraction in most cases as well as for BlackBerry. There are three types of pass codes on Android. • pattern lock as default on the initial Android devices when users are accessing the device should draw a pattern on the locked phone. • pass code is the simple personal identification number (PIN) which is commonly found on other mobile devices. • full alphanumeric code that’s more secure than PIN. If the device screen is active, it should be checked to change existing short period (from less than a minute up to about 1 hour). Password Extraction and Byspassing BlackBerry Accessing encrypted information stored in password-protected backups it possible via Elcomsoft products that offer to restore the original password of backup and device. The toolkit allows eligible customers acquiring bit-to-bit images of devices’ file systems, extracting phone secrets (pass codes, passwords, and encryption keys) and decrypting the file system dump. It also reads BlackBerry Wallet data and Password Keeper data. The recovery of BlackBerry password is possible only if the user-selectable Device Password security option is enabled to encrypt media card data. Android As Android devices used the pattern lock for pass code protection instead of a numeric or alphanumeric code, there’s an interesting option that a clean touch screen is primarily, but touch screen marked with fingerprint and fingerprint’s directed a good solution to bypass pattern lock. Therefore, it is possible to determine the pattern lock of a device by enhancing photographs of the device’s screen [6]. Android has so-called Password and Pattern Lock Protection. Password Lock can contain characters, numbers, and special marks while the first
STATE_OF_ART OF MOBILE FORENSICS of them looks like a number set of gestures that must be performed to unlock device where is allowed to choose at least four of nine points in tendigit set. Directions between them will be stored in file “/data/system/gesture.key” on internal storage as hashed sequence of byte via SHA-1. Password Lock’s file is stored in file “/data/system/pc.key” on internal storage as hashed sequence of byte via SHA-1 too. It works only if the device is already rooted and has USB Debugging mode ON. Live techniques (or spyware) Security researcher Thomas Cannon [6] developed a technique that allows a screen lock bypass by installing directly an app through the new webbased Android Market. The procedure is quite simple really. Android sends out a number of broadcast messages that an application can receive, such as SMS received. An application has to register its receiver to receive broadcast messages. Once application launched it is just calling the disableKeyguard() method in KeyguardManager. This is a legitimate API to enable applications to disable the screen lock e.g. an incoming phone call is detected. Similar techniques for BlackBerry were discussed [1], [4], [5]: • default feature to show password without asterisks that's a possible to screen-capture. If “screenshot” API isn’t disable it works (by defaults it’s allowed) • scaled preview for typed character through virtual keyboard. It works too and maybe screenshooted. As further consideration agent may XOR two screenshots and extract preview of pressed key as well as typed text. • stealing password during synchronization from BlackBerry Desktop Software. It works because of security issues of Windows API. Moreover, it works not only to grab device password but backup password too. • redrawing fake-window to catch typed password on device. Some social engineering aspect to announce “something is crashed and lock the device, please unlock by re-entering a password” The last two techniques (stealing and redrawing) work on PlayBook as well. Moreover, developers must have a swipe-down event listeners else application will not be closed or minimized until battery discharges. Classic Forensics Gathering Logs and Dumps The main evidence procedure violates the forensic method by requiring to record logs kept and dump. It is possible to view some debug log on the device www.eForensicsMag.com pressing hotkeys on BlackBerry smartphone, while Android and Playbook did not provide the same feature, or throughout SDK Tools. BlackBerry Smartphone The BlackBerry SDK tools or BBSAK Allow to extract BlackBerry event logs to the text file via USB. Two tools named “javeloader.exe” and “loader.exe” allow to extract not only events logs but also dump of device, all executable modules (.cod file), with dependence modules, screenshots, device info. The first of them needs PIN and Password while the second does not [1]. BlackBerry PlayBook All SDK provided by RIM, e.g. Adobe Air SDK has a tool “blackberry-connect” is just a wrapper for “Connect.jar”. But before connect RSA key-pair should be generated by “ssh-keygen -t rsa -b 4096” and “Dev Mode” option enabled. Then should be typed target ip (often 169.254.0.1 for USB), device password and ssh key as parameters. This tools extracts device information (like os, fingerprint, hardware id, vendors id, debug mode tokens, etc.), application list information (like module, version, icon ID, name, vendor, source, etc.) and more. Also, Wi-Fi logs stored ip, dns, subnet mask, information about (un-)successful attempts may only be analysed by manual acquisition. Android Some kind of data storage mechanism providing the low-level interaction with the network, web servers, etc. is available to the developers to store and retrieve via packages named as java.net and android.net. Such log-files store actions with date and time stamps, error/warning/successful authenticate events, logins, some data as email addresses, access keys, private keys or application id keys as well as SQL db files may store all upload, downloaded and transferred data via an application often without ciphering. They might contain as much more data than BlackBerry if only developers hear and use them. Similar to the BlackBerry, Android has an SDK tool “adb” to gather information too that as a daemon running on the device and proxies the recursive copy only runs with shell permissions. Successful accessing aims to extracting (copying) the entire “/data” partition to the local directory and such useful files such as unencrypted apps, most of the tmpfs file systems that can include user data such as browser history, and system information found in “/proc,” “/sys,” and other readable directories. Backup BlackBerry Smartphone and Tablet Managing with backup starts with BlackBerry Desktop Manager that results “.ipd” (early, now it is 25
.bbb file is just compress with tar) in a destination folder. This file stores • on BlackBerry smartphone very granulated data (incl. settings) like Address Book, Alarm, Attachment, AutoText, BlackBerry Bridge, BlackBerry Wallet, Bluetooth, Browser, Calendar, Camera, Certificate, etc. • on BlackBerry tablet only Application Data, Media and Settings. As PlayBook does not provide native Password Wallet, many third party applications often save data in shared documents folder in .db format easy analysed if no encryption. BlackBerry Simulation This feature unfortunately unavailable for Android and PlayBook, despite of that’s very useful and valuable. The BlackBerry Simulator built for simulating a backup copy of the physical device. This is helpful if the device is low on battery, needs to be turned off, or else not to alter the data on the physical device. Android Android did not provide a mechanism for users to backup their personal data despite of that the backup API is now available the synchronization provide outlook linking. Instead, a large number of backup applications were developed and distributed on the Android Market, often with “Save to SD Card” feature as well as putting into cloud. Anyway, backup area is covered by following items: • Application installers (if phone has root access, this includes APK Data and Market Links) • Contacts, Call log, Calendars • Browser bookmarks • SMS (text messages), MMS (attachments in messages) • System settings • Home screens (including HTC Sense UI) • Alarms, Dictionary, Music playlists • Integrated third-party applications Live Forensics (include files on storage) There some situations that is not desirable to shut down, seize the digital device, and perform the forensic analysis at the lab. For example, if there is an indication that an encryption mechanism is used on the digital device that was discovered, then the investigator should not shutdown this digital device. Otherwise, after shutdown all the information (potential evidence) that was encrypted will be unintelligible. By performing Live Analysis, the investigators attempt to extract the encryption key from the running system. 26 An up-to-date BlackBerry has many data, such as several mobile or home phone number, faxes, emails, work and home addresses, web-pages or dates; IM data and social data, private data such as tracking info, habits, time marked a free, time when user’s possible sleeping, time when user’s at home/company can come to light and many else. However, all those can be extracted only with API or Backup file. Android’s data set stores on internal storage and on external, but only internal storage keeps a strong folder structure because Android API controls it. Typically internal place to store any kind of data is “/data/data/” where cache and databases stored in “PackageName” folder. Android data stored on internal and external storage as binary (or simply text) files as well as packed into xml or SQLlite database formats. XML format allows including Boolean, integer, float or string data types provide developers to create, load, and save configuration values that power their application. Internal files allow developers to store very complicated data types and saved them in several places on the internal storage that by default, can only be read by the application and even the device owner is prevented from viewing the files unless they have root access. While files stored on the internal device’s storage have strict security and location parameters, files on the various external storage devices have far fewer constraints. SQLite is one of the most popular database formats appearing in many mobile systems for many reasons such as high quality, open source, tend to be very compact, cross-platform file, and finally, cause of the Android SDK provides API to use SQLite databases in their applications. The SQLite files are generally stored on the internal storage under / data/data/<packageName>/databases without any restrictions on creating databases elsewhere. The Android contact (address book) data is stored in file “/data/data/com.android.providers. contacts” on internal storage. This stores the call logs for the device in the calls table. There are over 30 tables in contacts2.db contains additional values about contacts and additional data about some extending by different accounts – Gmail, Exchange, Facebook, Twitter, etc. If pictures of the contacts are available, they are stored in the files directory and named thumbnail_photo_[NNNNN].jpg. Additionally, a Facebook data stores in file “/data/data/com.facebook/fb.db” and contains nearly all of the information includes albums, info_contacts, notifications, chatconversations, mailbox_messages, photos, chatmessages, search results, default user images, mailbox profiles, stream photos, events, mailbox threads, friends and others. Gmail data is located in “/data/ data/com.google.android.gm” which stores each configured Gmail account via separate SQLite
STATE_OF_ART OF MOBILE FORENSICS database filled by the entire e-mail content. GMaps data located on “/data/data/com.google. android.apps.maps” stores amount of information about maps, tiles, searches, and more in the files directory often provide by “search_history.db” or actual spoken directions stored as map data on the SD card in .wav files; the time stamps on the file prefaced with a “._speech” simplify movement timeline. In addition, Android provide a file-folder storage located “/data/data/com.android.providers.telephony” filled by the MMS attachments (images, video, or any other supported data), sms message as database table with all messages. A bit more information filepath “/data/data/com.android.mms” provides with cached data or data is outcoming. Clipboard is breakable too because user have to see a password to retype in another application that can easily be screen-captured or to copy into clipboard that not protected, because user still have to put data (password) into non-protected text-box, sometimes in plaintext even. In other words, endpoint object is vulnerable. As Clipboard API exists like getClipboard() on BlackBerry, getData() on PlayBook, getText() on Android. To access to the Pictures, Videos, Voice notes, and other files, some of them may be videocaptured or audiocaptured, forensics expert rarely need to intercept API events or break root rights; all needs is listen file events of creating and deleting files or grab these files from internal/external storage. Pictures are more inquisitive as camera-snapshots since it has EXIF-header. Metadata is, quite simply, data about data. EXIF header is stored in an “application segment” of a JPEG file, or as privately defined tags in a TIFF file. Not only basic cameras have these headers, but both mobile devices provide the “Camera Make” as RIM/ BlackBerry/Android/HTC data as well as “Camera Model” may often be device model. GPS or date tag often renames filename by placing into beginning city name except Android and PlayBook. They place GPS and date tag in EXIF only. Instant messaging is a well-established means of fast and effective communication. IM forensic were to answer the two questions as identifying an author of an IM conversation based strictly on author behaviour and classifying behaviour characteristics. For example, BlackBerry smartphone stores all chats (from Google, Yahoo, Windows Live, BlackBerry Messenger, AIM(AOL)) in plaintext mode in .csv file. File paths are often easy to find too [1]. On Playbook each application has access to its own working directory in the file system, and might access to the shared folder (sandbox) because of the access to the files and folders governed by UNIX-style groups and permissions. It means applications cannot create new directories in the www.eForensicsMag.com working directory; they can only access the folders listed below. Table 2. Playbook shared folders structure Folder What data contains Access type app The installed application’s files. read-only data The application’s private data. read and write access temp The application’s temporary working files. read and write access logs System logs for an application (stderr and stdout) read and write access shared Subfolders that contain shared data grouped by type. no access shared/ bookmarks Web browser bookmarks that can be shared among applications. read and write access shared/ books eBook files that can be shared among applications. read and write access shared/ clipboard Data copied or cut from another application (txt, html, uri format). read and write access shared/ documents Documents that can be shared among applications. read and write access shared/ downloads Web browser downloads. read and write access shared/misc Miscellaneous data that can be shared among applications. read and write access shared/ music Music files that can be shared among applications. read and write access shared/ photos Photos that can be shared among applications. read and write access shared/ videos Videos that can be shared among applications. read and write access shared/ voice Audio recordings that can be read and shared among applications. write access Despite of mentioned folders there is ability to recreate folder structure partially and have readonly access to files [7]. 27
References [1] Y. Chemerkin, “To get round to the heart of fortress,” Hakin9 Extra Magazine, Software Press Sp. z o.o. Sp. Komandytowa 02-682 Warszawa, vol. 1 №3 Issue 03/2011 (03) ISSN 1733-7186, pp. 20–37, August 2011 [2] Y. Chemerkin, “Comparison of Android and BlackBerry Forensic Techniques,” Hakin9 Extra Magazine, Software Press Sp. z o.o. Sp. Komandytowa 02-682 Warszawa, vol. 11 №4 Issue 04/2012 (11) ISSN 1733-7186, pp. 28–36, April 2012 [3] Y. Chemerkin, “When Developer’s API Simplify User-Mode Rootkits Developing,” Hakin9 Mobile Magazine, Software Press Sp. z o.o. Sp. Komandytowa 02-682 Warszawa, vol. 2 №2 Issue 02/2012 (3) ISSN 1733-7186, pp. 16–21, February 2012 [4] Y. Chemerkin, “When Developers API Simplify User-Mode Rootkits Development – Part II,” Hakin9 OnDemand Magazine, Software Press Sp. z o.o. Sp. Komandytowa 02-682 Warszawa, vol. 1 №4 Issue 04/2012 (4) ISSN 17337186, pp. 56–81, July 2012 [5] A. Hoog, Android Forensics: Investigation, Analysis and Mobile Security for Google Android. Syngress, 2011. [6] D. M. Gomez, A. Davis, BlackBerry PlayBook Security: Part one. NGS Secure, 2011. [7] Y. Chemerkin “Insecurity of blackberry solutions: Vulnerability on the edge of the technologies,” vol. 6, pp. 20-21, December 2011 [Annual InfoSecurity Russia Conf., 2011] [8] Y. Chemerkin, “BlackBerry Playbook – New Challenges” Hakin9 E-Book Magazine, Software Press Sp. z o.o. Sp. Komandytowa 02-682 Warszawa, vol. 1 №3 Issue 03/2012 (3) ISSN 1733-7186, pp. 1–34, September 2012 Conclusion The BlackBerry devices as well as Android devices share the same evidentiary value as any other Personal Digital Assistant (mobile device). As the investigator may suspect of most file systems, a delete is by no means a total removal of data on the device. However, the BlackBerry smartphone is always-on, wireless push technology adds a unique dimension to forensic examination. Android and Playbook instead tends to be more offline and wake up by user actions. Moreover, the trend of app world installation only is coming that means complication only. All mentioned above highlights value and up-todate techniques on forensics area, some of them based on issues misunderstanding development concepts or else. Similar to the BlackBerry, Pushtechnology allows information be pushed through its radio antenna at any time, potentially overwriting previously “deleted” data. Classic Forensics techniques or DLP system is ineffective to stop it because of time, applications that exchanged data in real-time. In addition, the password has a longterm problem. Some techniques very impactful but limited special cases. It’s obvious Android should be rooted, BlackBerry smartphone should have a backup or correspond to the forensics methods and tools, while Playbook limits with shared folder only and there’s no way to root it or mirror all data to the PlayBook simulator as it was for BlackBerry smartphone. The files store on external or internal storage might be useful to obtain some data stored in backup or available to API. It means forensics needs more practical and preventive techniques to extract data. Simply using developer’s API helps to grab data like password for social networks or mail inbox in blackberry smartphone cases that do not stored anywhere. In addition, IM chats do not store else external/internal storage and can only be accessible in way data extracting but if password is known and storage does not encrypted. It means 28 live techniques through API make sense only. Moreover, there is technique preventing successful USB or Bluetooth connection as a live-agent performing DDoS to the event-listener [8]. Finally, all security holes or vendor vision about security on their OS are very astounding to use, it reduces the risks for loss of valuable data and improve existing solutions. In addition, forensics expert protected from almost all objectives capable break and stop forensics investigation. Author bio Currently in the postgraduate program at RSUH on the Cloud Security thesis. Experience in Reverse Engineering, Software Programming, Cyber & Mobile Security Research, Documentation, and as a contributing Security Writer. Also, researching Cloud Security and Social Privacy. The last several years, worked on mobile & social security, forensics, cloud security & compliance & transparency. yury.chemerkin@gmail.com

Recommended

When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.Yury Chemerkin
 
Comparison of android and black berry forensic techniques
Comparison of android and black berry forensic techniquesComparison of android and black berry forensic techniques
Comparison of android and black berry forensic techniquesYury Chemerkin
 
File000092
File000092File000092
File000092Desmond Devendran
 
Vulnerabilities in Mobile Devices
Vulnerabilities in Mobile DevicesVulnerabilities in Mobile Devices
Vulnerabilities in Mobile DevicesCSCJournals
 
[IJET-V1I6P2] Authors:Imran khan , Asst. Prof K.Suresh , Asst.Prof Miss Ranja...
[IJET-V1I6P2] Authors:Imran khan , Asst. Prof K.Suresh , Asst.Prof Miss Ranja...[IJET-V1I6P2] Authors:Imran khan , Asst. Prof K.Suresh , Asst.Prof Miss Ranja...
[IJET-V1I6P2] Authors:Imran khan , Asst. Prof K.Suresh , Asst.Prof Miss Ranja...IJET - International Journal of Engineering and Techniques
 
A Comparative Study of Different File Sharing Applications and Wi-Fi Direct T...
A Comparative Study of Different File Sharing Applications and Wi-Fi Direct T...A Comparative Study of Different File Sharing Applications and Wi-Fi Direct T...
A Comparative Study of Different File Sharing Applications and Wi-Fi Direct T...vivatechijri
 
File000091
File000091File000091
File000091Desmond Devendran
 
Introduction to computer
Introduction to computerIntroduction to computer
Introduction to computerRoshanMaharjan13
 

Recommended

When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.Yury Chemerkin
 
Comparison of android and black berry forensic techniques
Comparison of android and black berry forensic techniquesComparison of android and black berry forensic techniques
Comparison of android and black berry forensic techniquesYury Chemerkin
 
File000092
File000092File000092
File000092Desmond Devendran
 
Vulnerabilities in Mobile Devices
Vulnerabilities in Mobile DevicesVulnerabilities in Mobile Devices
Vulnerabilities in Mobile DevicesCSCJournals
 
[IJET-V1I6P2] Authors:Imran khan , Asst. Prof K.Suresh , Asst.Prof Miss Ranja...
[IJET-V1I6P2] Authors:Imran khan , Asst. Prof K.Suresh , Asst.Prof Miss Ranja...[IJET-V1I6P2] Authors:Imran khan , Asst. Prof K.Suresh , Asst.Prof Miss Ranja...
[IJET-V1I6P2] Authors:Imran khan , Asst. Prof K.Suresh , Asst.Prof Miss Ranja...IJET - International Journal of Engineering and Techniques
 
A Comparative Study of Different File Sharing Applications and Wi-Fi Direct T...
A Comparative Study of Different File Sharing Applications and Wi-Fi Direct T...A Comparative Study of Different File Sharing Applications and Wi-Fi Direct T...
A Comparative Study of Different File Sharing Applications and Wi-Fi Direct T...vivatechijri
 
File000091
File000091File000091
File000091Desmond Devendran
 
Introduction to computer
Introduction to computerIntroduction to computer
Introduction to computerRoshanMaharjan13
 
Over view of internet computer studies lesson
Over view of internet computer studies lessonOver view of internet computer studies lesson
Over view of internet computer studies lessonMukalele Rogers
 
Technology
TechnologyTechnology
TechnologyDeborah Oronzio
 
R15 a0533 cf converted
R15 a0533 cf convertedR15 a0533 cf converted
R15 a0533 cf convertedlillian Kobusingye
 
Information Technology (IT)
Information Technology (IT)Information Technology (IT)
Information Technology (IT)Malik Afzaal
 
Cell Phone Forensics Research
Cell Phone Forensics ResearchCell Phone Forensics Research
Cell Phone Forensics ResearchHouston Rickard
 
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...Damir Delija
 
Societal Impact of Information Technology
Societal Impact of Information TechnologySocietal Impact of Information Technology
Societal Impact of Information Technologyvethics
 
Blackberry OS
Blackberry OSBlackberry OS
Blackberry OSSundeep Roxx
 
Blackberry final
Blackberry finalBlackberry final
Blackberry finalRanjeet Rajput
 
File000093
File000093File000093
File000093Desmond Devendran
 
Societal Impacts Of IT (Class X)
Societal Impacts Of IT (Class X)Societal Impacts Of IT (Class X)
Societal Impacts Of IT (Class X)Vatsal Unadkat
 
how_to_balance_security_and_productivity_with_famoc_and_samsung_knox
how_to_balance_security_and_productivity_with_famoc_and_samsung_knoxhow_to_balance_security_and_productivity_with_famoc_and_samsung_knox
how_to_balance_security_and_productivity_with_famoc_and_samsung_knoxMarta Kusinska
 
B.Ed class-1
B.Ed class-1B.Ed class-1
B.Ed class-1Santhosh Thomas
 
Black berry
Black berryBlack berry
Black berryTHE CREATORS
 
what is IT ? small collage project
what is IT ? small collage projectwhat is IT ? small collage project
what is IT ? small collage projectashokmer007
 
Enterprise it consumerization survey
Enterprise it consumerization surveyEnterprise it consumerization survey
Enterprise it consumerization surveyAndrew Wong
 
Android App
Android AppAndroid App
Android AppOnlineUser4
 
Information Technology, The Internet, and You
Information Technology, The Internet, and YouInformation Technology, The Internet, and You
Information Technology, The Internet, and YouAjboyDiog
 
T1 [intro to computer]
T1 [intro to computer]T1 [intro to computer]
T1 [intro to computer]ICAM
 
blackberry os 10
blackberry os 10blackberry os 10
blackberry os 10Aashu Singh
 
(Pdf) yury chemerkin intelligence_sec_2013
(Pdf) yury chemerkin intelligence_sec_2013(Pdf) yury chemerkin intelligence_sec_2013
(Pdf) yury chemerkin intelligence_sec_2013STO STRATEGY
 
Filtros bubba filters
Filtros bubba filtersFiltros bubba filters
Filtros bubba filtersLeandro Jenaro Salazar
 

More Related Content

What's hot

Over view of internet computer studies lesson
Over view of internet computer studies lessonOver view of internet computer studies lesson
Over view of internet computer studies lessonMukalele Rogers
 
Information Technology (IT)
Information Technology (IT)Information Technology (IT)
Information Technology (IT)Malik Afzaal
 
Cell Phone Forensics Research
Cell Phone Forensics ResearchCell Phone Forensics Research
Cell Phone Forensics ResearchHouston Rickard
 
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...Damir Delija
 
Societal Impact of Information Technology
Societal Impact of Information TechnologySocietal Impact of Information Technology
Societal Impact of Information Technologyvethics
 
Societal Impacts Of IT (Class X)
Societal Impacts Of IT (Class X)Societal Impacts Of IT (Class X)
Societal Impacts Of IT (Class X)Vatsal Unadkat
 
how_to_balance_security_and_productivity_with_famoc_and_samsung_knox
how_to_balance_security_and_productivity_with_famoc_and_samsung_knoxhow_to_balance_security_and_productivity_with_famoc_and_samsung_knox
how_to_balance_security_and_productivity_with_famoc_and_samsung_knoxMarta Kusinska
 
what is IT ? small collage project
what is IT ? small collage projectwhat is IT ? small collage project
what is IT ? small collage projectashokmer007
 
Enterprise it consumerization survey
Enterprise it consumerization surveyEnterprise it consumerization survey
Enterprise it consumerization surveyAndrew Wong
 
Information Technology, The Internet, and You
Information Technology, The Internet, and YouInformation Technology, The Internet, and You
Information Technology, The Internet, and YouAjboyDiog
 
T1 [intro to computer]
T1 [intro to computer]T1 [intro to computer]
T1 [intro to computer]ICAM
 
blackberry os 10
blackberry os 10blackberry os 10
blackberry os 10Aashu Singh
 

What's hot (20)

Over view of internet computer studies lesson
Over view of internet computer studies lessonOver view of internet computer studies lesson
Over view of internet computer studies lesson
 
Technology
TechnologyTechnology
Technology
 
R15 a0533 cf converted
R15 a0533 cf convertedR15 a0533 cf converted
R15 a0533 cf converted
 
Information Technology (IT)
Information Technology (IT)Information Technology (IT)
Information Technology (IT)
 
Cell Phone Forensics Research
Cell Phone Forensics ResearchCell Phone Forensics Research
Cell Phone Forensics Research
 
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
 
Societal Impact of Information Technology
Societal Impact of Information TechnologySocietal Impact of Information Technology
Societal Impact of Information Technology
 
Blackberry OS
Blackberry OSBlackberry OS
Blackberry OS
 
Blackberry final
Blackberry finalBlackberry final
Blackberry final
 
File000093
File000093File000093
File000093
 
Societal Impacts Of IT (Class X)
Societal Impacts Of IT (Class X)Societal Impacts Of IT (Class X)
Societal Impacts Of IT (Class X)
 
how_to_balance_security_and_productivity_with_famoc_and_samsung_knox
how_to_balance_security_and_productivity_with_famoc_and_samsung_knoxhow_to_balance_security_and_productivity_with_famoc_and_samsung_knox
how_to_balance_security_and_productivity_with_famoc_and_samsung_knox
 
B.Ed class-1
B.Ed class-1B.Ed class-1
B.Ed class-1
 
Black berry
Black berryBlack berry
Black berry
 
what is IT ? small collage project
what is IT ? small collage projectwhat is IT ? small collage project
what is IT ? small collage project
 
Enterprise it consumerization survey
Enterprise it consumerization surveyEnterprise it consumerization survey
Enterprise it consumerization survey
 
Android App
Android AppAndroid App
Android App
 
Information Technology, The Internet, and You
Information Technology, The Internet, and YouInformation Technology, The Internet, and You
Information Technology, The Internet, and You
 
T1 [intro to computer]
T1 [intro to computer]T1 [intro to computer]
T1 [intro to computer]
 
blackberry os 10
blackberry os 10blackberry os 10
blackberry os 10
 

Viewers also liked

(Pdf) yury chemerkin intelligence_sec_2013
(Pdf) yury chemerkin intelligence_sec_2013(Pdf) yury chemerkin intelligence_sec_2013
(Pdf) yury chemerkin intelligence_sec_2013STO STRATEGY
 
H3 de grieken
H3 de griekenH3 de grieken
H3 de griekenmhidema
 
Аутсорсинг маркетинга
Аутсорсинг маркетингаАутсорсинг маркетинга
Аутсорсинг маркетингаSoloten
 
SoloLoyalty Programmes
SoloLoyalty ProgrammesSoloLoyalty Programmes
SoloLoyalty ProgrammesSoloten
 
Institutional regulations
Institutional regulationsInstitutional regulations
Institutional regulationsgmisso33
 
(Pptx) yury chemerkin hacker_halted_2013
(Pptx) yury chemerkin hacker_halted_2013(Pptx) yury chemerkin hacker_halted_2013
(Pptx) yury chemerkin hacker_halted_2013STO STRATEGY
 
(Pdf) yury chemerkin balccon_2013
(Pdf) yury chemerkin balccon_2013(Pdf) yury chemerkin balccon_2013
(Pdf) yury chemerkin balccon_2013STO STRATEGY
 
(Pdf) yury chemerkin _i-society-2013 proceedings
(Pdf) yury chemerkin _i-society-2013 proceedings(Pdf) yury chemerkin _i-society-2013 proceedings
(Pdf) yury chemerkin _i-society-2013 proceedingsSTO STRATEGY
 
(Pdf) yury chemerkin hackfest.ca_2013
(Pdf) yury chemerkin hackfest.ca_2013(Pdf) yury chemerkin hackfest.ca_2013
(Pdf) yury chemerkin hackfest.ca_2013STO STRATEGY
 
Grammarly Test Club#2. Выступление Василия Кривоноса (VostokVenutes): "Тестир...
Grammarly Test Club#2. Выступление Василия Кривоноса (VostokVenutes): "Тестир...Grammarly Test Club#2. Выступление Василия Кривоноса (VostokVenutes): "Тестир...
Grammarly Test Club#2. Выступление Василия Кривоноса (VostokVenutes): "Тестир...GTestClub
 

Viewers also liked (16)

(Pdf) yury chemerkin intelligence_sec_2013
(Pdf) yury chemerkin intelligence_sec_2013(Pdf) yury chemerkin intelligence_sec_2013
(Pdf) yury chemerkin intelligence_sec_2013
 
Filtros bubba filters
Filtros bubba filtersFiltros bubba filters
Filtros bubba filters
 
Brasi1
Brasi1Brasi1
Brasi1
 
H3 de grieken
H3 de griekenH3 de grieken
H3 de grieken
 
Аутсорсинг маркетинга
Аутсорсинг маркетингаАутсорсинг маркетинга
Аутсорсинг маркетинга
 
SoloLoyalty Programmes
SoloLoyalty ProgrammesSoloLoyalty Programmes
SoloLoyalty Programmes
 
Institutional regulations
Institutional regulationsInstitutional regulations
Institutional regulations
 
(Pptx) yury chemerkin hacker_halted_2013
(Pptx) yury chemerkin hacker_halted_2013(Pptx) yury chemerkin hacker_halted_2013
(Pptx) yury chemerkin hacker_halted_2013
 
Una sonrisa
Una sonrisaUna sonrisa
Una sonrisa
 
23 verdades de la vida
23 verdades de la vida23 verdades de la vida
23 verdades de la vida
 
2 tazas de café
2 tazas de café2 tazas de café
2 tazas de café
 
(Pdf) yury chemerkin balccon_2013
(Pdf) yury chemerkin balccon_2013(Pdf) yury chemerkin balccon_2013
(Pdf) yury chemerkin balccon_2013
 
(Pdf) yury chemerkin _i-society-2013 proceedings
(Pdf) yury chemerkin _i-society-2013 proceedings(Pdf) yury chemerkin _i-society-2013 proceedings
(Pdf) yury chemerkin _i-society-2013 proceedings
 
(Pdf) yury chemerkin hackfest.ca_2013
(Pdf) yury chemerkin hackfest.ca_2013(Pdf) yury chemerkin hackfest.ca_2013
(Pdf) yury chemerkin hackfest.ca_2013
 
Grammarly Test Club#2. Выступление Василия Кривоноса (VostokVenutes): "Тестир...
Grammarly Test Club#2. Выступление Василия Кривоноса (VostokVenutes): "Тестир...Grammarly Test Club#2. Выступление Василия Кривоноса (VostokVenutes): "Тестир...
Grammarly Test Club#2. Выступление Василия Кривоноса (VostokVenutes): "Тестир...
 
Love
Love Love
Love
 

Similar to MOBILE FORENSICS RESEARCH ON ANDROID AND BLACKBERRY

Blackberry playbook – new challenges
Blackberry playbook – new challengesBlackberry playbook – new challenges
Blackberry playbook – new challengesYury Chemerkin
 
Blackberry playbook – new challenges
Blackberry playbook – new challengesBlackberry playbook – new challenges
Blackberry playbook – new challengesSTO STRATEGY
 
Comparison of android and black berry forensic techniques
Comparison of android and black berry forensic techniquesComparison of android and black berry forensic techniques
Comparison of android and black berry forensic techniquesSTO STRATEGY
 
BBA 3551, Information Systems Management Course Learn.docx
BBA 3551, Information Systems Management Course Learn.docxBBA 3551, Information Systems Management Course Learn.docx
BBA 3551, Information Systems Management Course Learn.docxtarifarmarie
 
SOK:An overview of data extraction techniques from mobile phones
SOK:An overview of data extraction techniques from mobile phonesSOK:An overview of data extraction techniques from mobile phones
SOK:An overview of data extraction techniques from mobile phonesAshish Sutar
 
Version 3.6 Powerpoint March10
Version 3.6 Powerpoint March10Version 3.6 Powerpoint March10
Version 3.6 Powerpoint March10jpmccormack
 
Infoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updatedInfoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updatedKim Jensen
 
Be Prepared For Byod
Be Prepared For ByodBe Prepared For Byod
Be Prepared For ByodNováccent
 
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxIoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxmariuse18nolet
 
Final Year Projects Computer Science (Information security) -2015
Final Year Projects Computer Science (Information security) -2015Final Year Projects Computer Science (Information security) -2015
Final Year Projects Computer Science (Information security) -2015Syed Ubaid Ali Jafri
 
ContentsMobile Forensic3Introduction3What It Is3How I.docx
ContentsMobile Forensic3Introduction3What It Is3How I.docxContentsMobile Forensic3Introduction3What It Is3How I.docx
ContentsMobile Forensic3Introduction3What It Is3How I.docxrichardnorman90310
 
Basic computer courses in Ambla Cantt! Batra Computer Centre
Basic computer courses in Ambla Cantt! Batra Computer CentreBasic computer courses in Ambla Cantt! Batra Computer Centre
Basic computer courses in Ambla Cantt! Batra Computer CentreSimran Grover
 
Securing mobile devices in the business environment
Securing mobile devices in the business environmentSecuring mobile devices in the business environment
Securing mobile devices in the business environmentIBM Software India
 
Mti byod wp_uk
Mti byod wp_ukMti byod wp_uk
Mti byod wp_ukJ
 
Chapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptxChapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptx1SI19IS064TEJASS
 
Tablet Access to Business Applications
Tablet Access to Business ApplicationsTablet Access to Business Applications
Tablet Access to Business Applications Array Networks
 
2010 12-03 a-lawyers_guidetodata
2010 12-03 a-lawyers_guidetodata2010 12-03 a-lawyers_guidetodata
2010 12-03 a-lawyers_guidetodataSteph Cliche
 

Similar to MOBILE FORENSICS RESEARCH ON ANDROID AND BLACKBERRY (20)

Blackberry playbook – new challenges
Blackberry playbook – new challengesBlackberry playbook – new challenges
Blackberry playbook – new challenges
 
Blackberry playbook – new challenges
Blackberry playbook – new challengesBlackberry playbook – new challenges
Blackberry playbook – new challenges
 
Comparison of android and black berry forensic techniques
Comparison of android and black berry forensic techniquesComparison of android and black berry forensic techniques
Comparison of android and black berry forensic techniques
 
BBA 3551, Information Systems Management Course Learn.docx
BBA 3551, Information Systems Management Course Learn.docxBBA 3551, Information Systems Management Course Learn.docx
BBA 3551, Information Systems Management Course Learn.docx
 
SOK:An overview of data extraction techniques from mobile phones
SOK:An overview of data extraction techniques from mobile phonesSOK:An overview of data extraction techniques from mobile phones
SOK:An overview of data extraction techniques from mobile phones
 
Version 3.6 Powerpoint March10
Version 3.6 Powerpoint March10Version 3.6 Powerpoint March10
Version 3.6 Powerpoint March10
 
Infoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updatedInfoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updated
 
Be Prepared For Byod
Be Prepared For ByodBe Prepared For Byod
Be Prepared For Byod
 
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxIoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
 
Final Year Projects Computer Science (Information security) -2015
Final Year Projects Computer Science (Information security) -2015Final Year Projects Computer Science (Information security) -2015
Final Year Projects Computer Science (Information security) -2015
 
ContentsMobile Forensic3Introduction3What It Is3How I.docx
ContentsMobile Forensic3Introduction3What It Is3How I.docxContentsMobile Forensic3Introduction3What It Is3How I.docx
ContentsMobile Forensic3Introduction3What It Is3How I.docx
 
Basic computer courses in Ambla Cantt! Batra Computer Centre
Basic computer courses in Ambla Cantt! Batra Computer CentreBasic computer courses in Ambla Cantt! Batra Computer Centre
Basic computer courses in Ambla Cantt! Batra Computer Centre
 
Securing mobile devices in the business environment
Securing mobile devices in the business environmentSecuring mobile devices in the business environment
Securing mobile devices in the business environment
 
DLP and MDM Datasheet
DLP and MDM DatasheetDLP and MDM Datasheet
DLP and MDM Datasheet
 
Mti byod wp_uk
Mti byod wp_ukMti byod wp_uk
Mti byod wp_uk
 
Technology update
Technology updateTechnology update
Technology update
 
Chapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptxChapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptx
 
Tablet Access to Business Applications
Tablet Access to Business ApplicationsTablet Access to Business Applications
Tablet Access to Business Applications
 
CS_UNIT 2(P3).pptx
CS_UNIT 2(P3).pptxCS_UNIT 2(P3).pptx
CS_UNIT 2(P3).pptx
 
2010 12-03 a-lawyers_guidetodata
2010 12-03 a-lawyers_guidetodata2010 12-03 a-lawyers_guidetodata
2010 12-03 a-lawyers_guidetodata
 

More from STO STRATEGY

(Pdf) yury chemerkin hacktivity_2013
(Pdf) yury chemerkin hacktivity_2013(Pdf) yury chemerkin hacktivity_2013
(Pdf) yury chemerkin hacktivity_2013STO STRATEGY
 
(Pdf) yury chemerkin _ita_2013 proceedings
(Pdf) yury chemerkin _ita_2013 proceedings(Pdf) yury chemerkin _ita_2013 proceedings
(Pdf) yury chemerkin _ita_2013 proceedingsSTO STRATEGY
 
(Pdf) yury chemerkin ita_2013
(Pdf) yury chemerkin ita_2013(Pdf) yury chemerkin ita_2013
(Pdf) yury chemerkin ita_2013STO STRATEGY
 
(Pdf) yury chemerkin deep_intel_2013
(Pdf) yury chemerkin deep_intel_2013(Pdf) yury chemerkin deep_intel_2013
(Pdf) yury chemerkin deep_intel_2013STO STRATEGY
 
(Pdf) yury chemerkin _ath_con_2013
(Pdf) yury chemerkin _ath_con_2013(Pdf) yury chemerkin _ath_con_2013
(Pdf) yury chemerkin _ath_con_2013STO STRATEGY
 
(Pdf) yury chemerkin def_con_2013
(Pdf) yury chemerkin def_con_2013(Pdf) yury chemerkin def_con_2013
(Pdf) yury chemerkin def_con_2013STO STRATEGY
 
(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013STO STRATEGY
 
(Pdf) yury chemerkin _confidence_2013
(Pdf) yury chemerkin _confidence_2013(Pdf) yury chemerkin _confidence_2013
(Pdf) yury chemerkin _confidence_2013STO STRATEGY
 
(Pdf) yury chemerkin _null_con_2013
(Pdf) yury chemerkin _null_con_2013(Pdf) yury chemerkin _null_con_2013
(Pdf) yury chemerkin _null_con_2013STO STRATEGY
 
(Pdf) yury chemerkin _icitst_2012
(Pdf) yury chemerkin _icitst_2012(Pdf) yury chemerkin _icitst_2012
(Pdf) yury chemerkin _icitst_2012STO STRATEGY
 
Yury chemerkin _cyber_crime_forum_2012
Yury chemerkin _cyber_crime_forum_2012Yury chemerkin _cyber_crime_forum_2012
Yury chemerkin _cyber_crime_forum_2012STO STRATEGY
 
(Pdf) yury chemerkin info_securityrussia_2011
(Pdf) yury chemerkin info_securityrussia_2011(Pdf) yury chemerkin info_securityrussia_2011
(Pdf) yury chemerkin info_securityrussia_2011STO STRATEGY
 
Pen test career. how to begin
Pen test career. how to beginPen test career. how to begin
Pen test career. how to beginSTO STRATEGY
 
AWS Security Challenges
AWS Security ChallengesAWS Security Challenges
AWS Security ChallengesSTO STRATEGY
 
When developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part iiWhen developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part iiSTO STRATEGY
 
Social network privacy.
Social network privacy.Social network privacy.
Social network privacy.STO STRATEGY
 
Social network privacy
Social network privacySocial network privacy
Social network privacySTO STRATEGY
 
Interview with yury chemerkin
Interview with yury chemerkinInterview with yury chemerkin
Interview with yury chemerkinSTO STRATEGY
 
To get round to the heart of fortress
To get round to the heart of fortressTo get round to the heart of fortress
To get round to the heart of fortressSTO STRATEGY
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewSTO STRATEGY
 

More from STO STRATEGY (20)

(Pdf) yury chemerkin hacktivity_2013
(Pdf) yury chemerkin hacktivity_2013(Pdf) yury chemerkin hacktivity_2013
(Pdf) yury chemerkin hacktivity_2013
 
(Pdf) yury chemerkin _ita_2013 proceedings
(Pdf) yury chemerkin _ita_2013 proceedings(Pdf) yury chemerkin _ita_2013 proceedings
(Pdf) yury chemerkin _ita_2013 proceedings
 
(Pdf) yury chemerkin ita_2013
(Pdf) yury chemerkin ita_2013(Pdf) yury chemerkin ita_2013
(Pdf) yury chemerkin ita_2013
 
(Pdf) yury chemerkin deep_intel_2013
(Pdf) yury chemerkin deep_intel_2013(Pdf) yury chemerkin deep_intel_2013
(Pdf) yury chemerkin deep_intel_2013
 
(Pdf) yury chemerkin _ath_con_2013
(Pdf) yury chemerkin _ath_con_2013(Pdf) yury chemerkin _ath_con_2013
(Pdf) yury chemerkin _ath_con_2013
 
(Pdf) yury chemerkin def_con_2013
(Pdf) yury chemerkin def_con_2013(Pdf) yury chemerkin def_con_2013
(Pdf) yury chemerkin def_con_2013
 
(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013
 
(Pdf) yury chemerkin _confidence_2013
(Pdf) yury chemerkin _confidence_2013(Pdf) yury chemerkin _confidence_2013
(Pdf) yury chemerkin _confidence_2013
 
(Pdf) yury chemerkin _null_con_2013
(Pdf) yury chemerkin _null_con_2013(Pdf) yury chemerkin _null_con_2013
(Pdf) yury chemerkin _null_con_2013
 
(Pdf) yury chemerkin _icitst_2012
(Pdf) yury chemerkin _icitst_2012(Pdf) yury chemerkin _icitst_2012
(Pdf) yury chemerkin _icitst_2012
 
Yury chemerkin _cyber_crime_forum_2012
Yury chemerkin _cyber_crime_forum_2012Yury chemerkin _cyber_crime_forum_2012
Yury chemerkin _cyber_crime_forum_2012
 
(Pdf) yury chemerkin info_securityrussia_2011
(Pdf) yury chemerkin info_securityrussia_2011(Pdf) yury chemerkin info_securityrussia_2011
(Pdf) yury chemerkin info_securityrussia_2011
 
Pen test career. how to begin
Pen test career. how to beginPen test career. how to begin
Pen test career. how to begin
 
AWS Security Challenges
AWS Security ChallengesAWS Security Challenges
AWS Security Challenges
 
When developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part iiWhen developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part ii
 
Social network privacy.
Social network privacy.Social network privacy.
Social network privacy.
 
Social network privacy
Social network privacySocial network privacy
Social network privacy
 
Interview with yury chemerkin
Interview with yury chemerkinInterview with yury chemerkin
Interview with yury chemerkin
 
To get round to the heart of fortress
To get round to the heart of fortressTo get round to the heart of fortress
To get round to the heart of fortress
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of view
 

Recently uploaded

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

MOBILE FORENSICS RESEARCH ON ANDROID AND BLACKBERRY

  • 1. ANDROID FORENSICS MOBILE VOl.2NO.4 STEP BY STEP ANALYSIS OF FACEBOOK AND TWITTER DATA ON ANDROID DEVICES EMULATION DETECTION TECHNIQUES FOR ANDROID ANDROID FORENSICS A CASE STUDY OF THE NAXUS S VIRTUAL DEVICE APPROACH TO EXTRACTING DATA USING HARDWARE AND SOFTWARE MECHANISMS POTENTIAL IDENTITY THEFT OVER APPLE’S iOS DEVICES CELLEBRITE A “STANDARD” IN MOBILE FORENSICS HOW TO ADDRESS END USER RISK AGREEMENT FOR BYOD Issue 03/2013 (8) April
  • 2. STATE_OF_ART OF MOBILE FORENSICS Comparative research of techniques on BlackBerry OS (incl. PlayBook) and Android OS by Yury Chemerkin At present, the BlackBerry holds the palm of insufficient security examination despite of existing approaches more than Android (because Android was not developed to be secured) but all security techniques implemented in these mobile devices are indecisive argument on security. It means its argument to the forensics. All security agencies are facing with dealing with mobiles forensics repeatedly. What you will learn: • What’s the difference between similar mobile OS based on different kernels (BB OS, Playbook OS) • How’s differ the Android forensics from BlackBerry What you should know: • Basic knowledge on forensics Android & BlackBerry • Basic knowledge on classic forensics techniques and live forensics (live monitoring) techniques 22 F orensics tools may give incredible opportunity to gain all kind of data but there are too many slight objections. Until companies go in only one of ways – classic forensics or live monitoring (DLP or else) – it fails, because of limited cases and therefore forensics field need more effective synthesis of mechanism. Introduction Mobile device forensics is relating to recovery of digital evidence or data from a mobile device. The memory type, custom interface and proprietary nature of mobile devices require a different forensic process compared to other forensics. Mobile extraction techniques tend to be unique less especially throughout logical acquisition. This level manages with known data types for any user and this data set rarely differs among of iOS, Android or BlackBerry. Data set often contains the following items such as messages (SMS/ MMS/Email/IM), social network data, contacts, calendar, phone logs, wallet and other financial application data, media data (Audio/Photos/Videos) and other data even file structure, browser data (web history as a timeline and bookmarks), and shared folders. Nowadays mobile devices provide amount of features to integrate all possible communications following aggregation with data on BlackBerry as well as Android. The native and third party applications often connect to the email, maps IM messenger and social statutes. They keep users connected and do far more. The BlackBerry apps environment is known is wide-bind and amazing than Android. On another hand, An-
  • 3. STATE_OF_ART OF MOBILE FORENSICS droid has enough not only third-party applications that is very different but also hundreds variations depend on manufacturer. As opposed to the BlackBerry PlayBook is on QNX OS offers implemented modern technologies take away from real development. All above brings in the zoo-world of mobile phones and highlights issues of misusing security techniques in development area. New special skills that forensics experts required rarely based on experience only. Each year the classic forensics techniques face on a huge problem while live forensics (or live monitoring) gives new opportunities to manipulate with data. Sometimes, company IT Policy or OS vision may be helpful to be sure that no triggers will break investigation. Physical approach is trust but nonoperability, while logical is more dangerous because of synchronization process via network, cellular, and OTA. There are too many cases when it cannot afford not to use prevent methods or tools to simplify the classic forensics. This paper describes technical problems encountered by forensics as well as different live solutions maybe useful and those became “right” way with vendors’ development. Approach There are several techniques are pertaining to mobile forensic: • Physical acquisition technique is a bit-by-bit copy of an entire physical stories, doing a full physical copy (i.e., all the bits in memory, not just the files) of the entire memory store on the device. • Logical acquisition technique is a bit-by-bit copy of logical storage objects (e.g., directories and files). • Using commercially available forensic software tools (as extend previous) which, as time passes, are becoming increasingly more capable and sophisticated. • Backup – this technique is relatively easy, and it allows a significant amount of user-created data (photographs, songs, and emails, texts) to be preserved. • Manual acquisition technique is user interface utilizing to get pictures of data from the screen, simply manipulating the phone (by navigating through the email, photographs, or contacts list, for example) while videotaping and/or photographing the results. As the manual acquisition has no difference among mobile devices, so it would be missed as well as physical acquisition aimed to gain deleted data without relying on the file system itself. Logical techniques highlights easy and fast data extracting, "simple" data type (format) or SQL-based type (format). www.eForensicsMag.com Potential Data as Evidence Potential attack vector can be various, however, the most popular of them are: Table 1. Extractable data Type OS BlackBerry BlackBerry Smarpthone Playbook Address Book + - Calendar Events + - Call History + - Browser history and bookmarks + + Process Management + - Memos and Tasks + - Screen-shots + + Camera-shots + + Videocamera-shots + + Clipboard + + Location tracking (cell, wifi, + gps, bluetooth) + SMS/MMS/Emails/IM + - Saved Messages + - Pictures, Videos, Voice notes, and other files + + File and Folder structure + + IMs + - Passwords + + Clipboard + + Network Isolantion One of the main ongoing considerations for analysts is preventing the device from any network changes that is achievable for PlayBook sometimes, which has not cellular connection, but only a network connection (Wi-Fi, 4G). As mentioned early it might bring in new data. However, any interaction with the devices like plugging and unplugging the device will modify them. The first idea is dismounting encryption or preventing of blocking to examine the device while it is running. PlayBook as another else device is difficult to analyze forensically without negative affecting because of storage cannot be easily removed, storage is only internal and there no external storage like SD-card as it is for BlackBerry smartphone. The worst case in forensics is remote wiping initiated or data added/overwritten outside control from any triggers often SMS or incoming call is impossible through BlackBerry Bridge even: SMS for 23
  • 4. BlackBerry Bridge simply didn’t developed and incoming call notification cannot be caught as well as all Bridge’s events throughout API. Nevertheless, forensics experts still have to prevent a connection. A powerful way “airplane mode” (or the same named in different way) helps. Android problem to stop network communications is awful GUI and forensics officer should press and hold the Power off button and select Airplane mode at first (if this hotkey will work) or then press Menu (from the home screen), Settings, finally, the Wireless option which is generally near the top. It’s only to disable cellular network while to block wireless connection like Bluetooth or Wi-Fi he have to walk out home screen to the settings that have upset because time is counting and no one can be sure if setting GUI is the same among devices. BlackBerry allows do it very quickly by clicking on tray on home screen. Push-Technology BlackBerry (smartphone) was primary engineered for email and come with a built-in mobile phone providing access to the email from anywhere. It is always on and participating in wireless push technology and does not require any kind of desktop synchronization like the others. BlackBerry PlayBook is an add-on for BlackBerry smartphone only, because BlackBerry Bridge accesses mail, calendaring and contacts directly from a tethered BlackBerry phone. PlayBook does not have neither push technology for email/ calendar/else (only IMAP4 and POP3 except MS Exchange link) nor BIS except BlackBerry Mobile Fusion that managed non-blackberry smartphone devices and BES existed in company. In addition, email and social accounts may broke and ask user reenter his password that may help to discard pushing data. It means the PlayBook is not all always on there is rarely types of information can be pushed to it following overwriting or deletion. Similar to the PlayBook, Android gives a time to change network state. For example, only main email box folders maybe changed via IMAP or Exchange because PlayBook or Android need a time or manually “update”-button pressing to retrieve new data from Internet. As opposed to smartphone, PlayBook and Android was made filled by stand-alone applications that might use internet connect in standby mode or when applications swiped down; by default, PlayBook has option to restrict activity in this state. The PlayBook address-book application has Facebook, Twitter and LinkedIn connections, but synchronizing has never happened before user runs application and waits until it is done. Sometimes it takes one minute even or more. 24 Password Protection BlackBerry devices come with password protection and attempt limit (by defaults – five out ten, min – three out ten; PlayBook may differ from five to ten where “ten” is often for PlayBook device and “five” is for BlackBerry Desktop Software and plugged PlayBook). If it is exceed, device will wipe then (factory resetting). All data stored on external memory will keep because that’s not part of the factory configuration if talking about smartphone not PlayBook, which has not external storage. The ability to circumvent the pass code on an Android device is becoming more important as they are utilized frequently and do not allow data extraction in most cases as well as for BlackBerry. There are three types of pass codes on Android. • pattern lock as default on the initial Android devices when users are accessing the device should draw a pattern on the locked phone. • pass code is the simple personal identification number (PIN) which is commonly found on other mobile devices. • full alphanumeric code that’s more secure than PIN. If the device screen is active, it should be checked to change existing short period (from less than a minute up to about 1 hour). Password Extraction and Byspassing BlackBerry Accessing encrypted information stored in password-protected backups it possible via Elcomsoft products that offer to restore the original password of backup and device. The toolkit allows eligible customers acquiring bit-to-bit images of devices’ file systems, extracting phone secrets (pass codes, passwords, and encryption keys) and decrypting the file system dump. It also reads BlackBerry Wallet data and Password Keeper data. The recovery of BlackBerry password is possible only if the user-selectable Device Password security option is enabled to encrypt media card data. Android As Android devices used the pattern lock for pass code protection instead of a numeric or alphanumeric code, there’s an interesting option that a clean touch screen is primarily, but touch screen marked with fingerprint and fingerprint’s directed a good solution to bypass pattern lock. Therefore, it is possible to determine the pattern lock of a device by enhancing photographs of the device’s screen [6]. Android has so-called Password and Pattern Lock Protection. Password Lock can contain characters, numbers, and special marks while the first
  • 5. STATE_OF_ART OF MOBILE FORENSICS of them looks like a number set of gestures that must be performed to unlock device where is allowed to choose at least four of nine points in tendigit set. Directions between them will be stored in file “/data/system/gesture.key” on internal storage as hashed sequence of byte via SHA-1. Password Lock’s file is stored in file “/data/system/pc.key” on internal storage as hashed sequence of byte via SHA-1 too. It works only if the device is already rooted and has USB Debugging mode ON. Live techniques (or spyware) Security researcher Thomas Cannon [6] developed a technique that allows a screen lock bypass by installing directly an app through the new webbased Android Market. The procedure is quite simple really. Android sends out a number of broadcast messages that an application can receive, such as SMS received. An application has to register its receiver to receive broadcast messages. Once application launched it is just calling the disableKeyguard() method in KeyguardManager. This is a legitimate API to enable applications to disable the screen lock e.g. an incoming phone call is detected. Similar techniques for BlackBerry were discussed [1], [4], [5]: • default feature to show password without asterisks that's a possible to screen-capture. If “screenshot” API isn’t disable it works (by defaults it’s allowed) • scaled preview for typed character through virtual keyboard. It works too and maybe screenshooted. As further consideration agent may XOR two screenshots and extract preview of pressed key as well as typed text. • stealing password during synchronization from BlackBerry Desktop Software. It works because of security issues of Windows API. Moreover, it works not only to grab device password but backup password too. • redrawing fake-window to catch typed password on device. Some social engineering aspect to announce “something is crashed and lock the device, please unlock by re-entering a password” The last two techniques (stealing and redrawing) work on PlayBook as well. Moreover, developers must have a swipe-down event listeners else application will not be closed or minimized until battery discharges. Classic Forensics Gathering Logs and Dumps The main evidence procedure violates the forensic method by requiring to record logs kept and dump. It is possible to view some debug log on the device www.eForensicsMag.com pressing hotkeys on BlackBerry smartphone, while Android and Playbook did not provide the same feature, or throughout SDK Tools. BlackBerry Smartphone The BlackBerry SDK tools or BBSAK Allow to extract BlackBerry event logs to the text file via USB. Two tools named “javeloader.exe” and “loader.exe” allow to extract not only events logs but also dump of device, all executable modules (.cod file), with dependence modules, screenshots, device info. The first of them needs PIN and Password while the second does not [1]. BlackBerry PlayBook All SDK provided by RIM, e.g. Adobe Air SDK has a tool “blackberry-connect” is just a wrapper for “Connect.jar”. But before connect RSA key-pair should be generated by “ssh-keygen -t rsa -b 4096” and “Dev Mode” option enabled. Then should be typed target ip (often 169.254.0.1 for USB), device password and ssh key as parameters. This tools extracts device information (like os, fingerprint, hardware id, vendors id, debug mode tokens, etc.), application list information (like module, version, icon ID, name, vendor, source, etc.) and more. Also, Wi-Fi logs stored ip, dns, subnet mask, information about (un-)successful attempts may only be analysed by manual acquisition. Android Some kind of data storage mechanism providing the low-level interaction with the network, web servers, etc. is available to the developers to store and retrieve via packages named as java.net and android.net. Such log-files store actions with date and time stamps, error/warning/successful authenticate events, logins, some data as email addresses, access keys, private keys or application id keys as well as SQL db files may store all upload, downloaded and transferred data via an application often without ciphering. They might contain as much more data than BlackBerry if only developers hear and use them. Similar to the BlackBerry, Android has an SDK tool “adb” to gather information too that as a daemon running on the device and proxies the recursive copy only runs with shell permissions. Successful accessing aims to extracting (copying) the entire “/data” partition to the local directory and such useful files such as unencrypted apps, most of the tmpfs file systems that can include user data such as browser history, and system information found in “/proc,” “/sys,” and other readable directories. Backup BlackBerry Smartphone and Tablet Managing with backup starts with BlackBerry Desktop Manager that results “.ipd” (early, now it is 25
  • 6. .bbb file is just compress with tar) in a destination folder. This file stores • on BlackBerry smartphone very granulated data (incl. settings) like Address Book, Alarm, Attachment, AutoText, BlackBerry Bridge, BlackBerry Wallet, Bluetooth, Browser, Calendar, Camera, Certificate, etc. • on BlackBerry tablet only Application Data, Media and Settings. As PlayBook does not provide native Password Wallet, many third party applications often save data in shared documents folder in .db format easy analysed if no encryption. BlackBerry Simulation This feature unfortunately unavailable for Android and PlayBook, despite of that’s very useful and valuable. The BlackBerry Simulator built for simulating a backup copy of the physical device. This is helpful if the device is low on battery, needs to be turned off, or else not to alter the data on the physical device. Android Android did not provide a mechanism for users to backup their personal data despite of that the backup API is now available the synchronization provide outlook linking. Instead, a large number of backup applications were developed and distributed on the Android Market, often with “Save to SD Card” feature as well as putting into cloud. Anyway, backup area is covered by following items: • Application installers (if phone has root access, this includes APK Data and Market Links) • Contacts, Call log, Calendars • Browser bookmarks • SMS (text messages), MMS (attachments in messages) • System settings • Home screens (including HTC Sense UI) • Alarms, Dictionary, Music playlists • Integrated third-party applications Live Forensics (include files on storage) There some situations that is not desirable to shut down, seize the digital device, and perform the forensic analysis at the lab. For example, if there is an indication that an encryption mechanism is used on the digital device that was discovered, then the investigator should not shutdown this digital device. Otherwise, after shutdown all the information (potential evidence) that was encrypted will be unintelligible. By performing Live Analysis, the investigators attempt to extract the encryption key from the running system. 26 An up-to-date BlackBerry has many data, such as several mobile or home phone number, faxes, emails, work and home addresses, web-pages or dates; IM data and social data, private data such as tracking info, habits, time marked a free, time when user’s possible sleeping, time when user’s at home/company can come to light and many else. However, all those can be extracted only with API or Backup file. Android’s data set stores on internal storage and on external, but only internal storage keeps a strong folder structure because Android API controls it. Typically internal place to store any kind of data is “/data/data/” where cache and databases stored in “PackageName” folder. Android data stored on internal and external storage as binary (or simply text) files as well as packed into xml or SQLlite database formats. XML format allows including Boolean, integer, float or string data types provide developers to create, load, and save configuration values that power their application. Internal files allow developers to store very complicated data types and saved them in several places on the internal storage that by default, can only be read by the application and even the device owner is prevented from viewing the files unless they have root access. While files stored on the internal device’s storage have strict security and location parameters, files on the various external storage devices have far fewer constraints. SQLite is one of the most popular database formats appearing in many mobile systems for many reasons such as high quality, open source, tend to be very compact, cross-platform file, and finally, cause of the Android SDK provides API to use SQLite databases in their applications. The SQLite files are generally stored on the internal storage under / data/data/<packageName>/databases without any restrictions on creating databases elsewhere. The Android contact (address book) data is stored in file “/data/data/com.android.providers. contacts” on internal storage. This stores the call logs for the device in the calls table. There are over 30 tables in contacts2.db contains additional values about contacts and additional data about some extending by different accounts – Gmail, Exchange, Facebook, Twitter, etc. If pictures of the contacts are available, they are stored in the files directory and named thumbnail_photo_[NNNNN].jpg. Additionally, a Facebook data stores in file “/data/data/com.facebook/fb.db” and contains nearly all of the information includes albums, info_contacts, notifications, chatconversations, mailbox_messages, photos, chatmessages, search results, default user images, mailbox profiles, stream photos, events, mailbox threads, friends and others. Gmail data is located in “/data/ data/com.google.android.gm” which stores each configured Gmail account via separate SQLite
  • 7. STATE_OF_ART OF MOBILE FORENSICS database filled by the entire e-mail content. GMaps data located on “/data/data/com.google. android.apps.maps” stores amount of information about maps, tiles, searches, and more in the files directory often provide by “search_history.db” or actual spoken directions stored as map data on the SD card in .wav files; the time stamps on the file prefaced with a “._speech” simplify movement timeline. In addition, Android provide a file-folder storage located “/data/data/com.android.providers.telephony” filled by the MMS attachments (images, video, or any other supported data), sms message as database table with all messages. A bit more information filepath “/data/data/com.android.mms” provides with cached data or data is outcoming. Clipboard is breakable too because user have to see a password to retype in another application that can easily be screen-captured or to copy into clipboard that not protected, because user still have to put data (password) into non-protected text-box, sometimes in plaintext even. In other words, endpoint object is vulnerable. As Clipboard API exists like getClipboard() on BlackBerry, getData() on PlayBook, getText() on Android. To access to the Pictures, Videos, Voice notes, and other files, some of them may be videocaptured or audiocaptured, forensics expert rarely need to intercept API events or break root rights; all needs is listen file events of creating and deleting files or grab these files from internal/external storage. Pictures are more inquisitive as camera-snapshots since it has EXIF-header. Metadata is, quite simply, data about data. EXIF header is stored in an “application segment” of a JPEG file, or as privately defined tags in a TIFF file. Not only basic cameras have these headers, but both mobile devices provide the “Camera Make” as RIM/ BlackBerry/Android/HTC data as well as “Camera Model” may often be device model. GPS or date tag often renames filename by placing into beginning city name except Android and PlayBook. They place GPS and date tag in EXIF only. Instant messaging is a well-established means of fast and effective communication. IM forensic were to answer the two questions as identifying an author of an IM conversation based strictly on author behaviour and classifying behaviour characteristics. For example, BlackBerry smartphone stores all chats (from Google, Yahoo, Windows Live, BlackBerry Messenger, AIM(AOL)) in plaintext mode in .csv file. File paths are often easy to find too [1]. On Playbook each application has access to its own working directory in the file system, and might access to the shared folder (sandbox) because of the access to the files and folders governed by UNIX-style groups and permissions. It means applications cannot create new directories in the www.eForensicsMag.com working directory; they can only access the folders listed below. Table 2. Playbook shared folders structure Folder What data contains Access type app The installed application’s files. read-only data The application’s private data. read and write access temp The application’s temporary working files. read and write access logs System logs for an application (stderr and stdout) read and write access shared Subfolders that contain shared data grouped by type. no access shared/ bookmarks Web browser bookmarks that can be shared among applications. read and write access shared/ books eBook files that can be shared among applications. read and write access shared/ clipboard Data copied or cut from another application (txt, html, uri format). read and write access shared/ documents Documents that can be shared among applications. read and write access shared/ downloads Web browser downloads. read and write access shared/misc Miscellaneous data that can be shared among applications. read and write access shared/ music Music files that can be shared among applications. read and write access shared/ photos Photos that can be shared among applications. read and write access shared/ videos Videos that can be shared among applications. read and write access shared/ voice Audio recordings that can be read and shared among applications. write access Despite of mentioned folders there is ability to recreate folder structure partially and have readonly access to files [7]. 27
  • 8. References [1] Y. Chemerkin, “To get round to the heart of fortress,” Hakin9 Extra Magazine, Software Press Sp. z o.o. Sp. Komandytowa 02-682 Warszawa, vol. 1 №3 Issue 03/2011 (03) ISSN 1733-7186, pp. 20–37, August 2011 [2] Y. Chemerkin, “Comparison of Android and BlackBerry Forensic Techniques,” Hakin9 Extra Magazine, Software Press Sp. z o.o. Sp. Komandytowa 02-682 Warszawa, vol. 11 №4 Issue 04/2012 (11) ISSN 1733-7186, pp. 28–36, April 2012 [3] Y. Chemerkin, “When Developer’s API Simplify User-Mode Rootkits Developing,” Hakin9 Mobile Magazine, Software Press Sp. z o.o. Sp. Komandytowa 02-682 Warszawa, vol. 2 №2 Issue 02/2012 (3) ISSN 1733-7186, pp. 16–21, February 2012 [4] Y. Chemerkin, “When Developers API Simplify User-Mode Rootkits Development – Part II,” Hakin9 OnDemand Magazine, Software Press Sp. z o.o. Sp. Komandytowa 02-682 Warszawa, vol. 1 №4 Issue 04/2012 (4) ISSN 17337186, pp. 56–81, July 2012 [5] A. Hoog, Android Forensics: Investigation, Analysis and Mobile Security for Google Android. Syngress, 2011. [6] D. M. Gomez, A. Davis, BlackBerry PlayBook Security: Part one. NGS Secure, 2011. [7] Y. Chemerkin “Insecurity of blackberry solutions: Vulnerability on the edge of the technologies,” vol. 6, pp. 20-21, December 2011 [Annual InfoSecurity Russia Conf., 2011] [8] Y. Chemerkin, “BlackBerry Playbook – New Challenges” Hakin9 E-Book Magazine, Software Press Sp. z o.o. Sp. Komandytowa 02-682 Warszawa, vol. 1 №3 Issue 03/2012 (3) ISSN 1733-7186, pp. 1–34, September 2012 Conclusion The BlackBerry devices as well as Android devices share the same evidentiary value as any other Personal Digital Assistant (mobile device). As the investigator may suspect of most file systems, a delete is by no means a total removal of data on the device. However, the BlackBerry smartphone is always-on, wireless push technology adds a unique dimension to forensic examination. Android and Playbook instead tends to be more offline and wake up by user actions. Moreover, the trend of app world installation only is coming that means complication only. All mentioned above highlights value and up-todate techniques on forensics area, some of them based on issues misunderstanding development concepts or else. Similar to the BlackBerry, Pushtechnology allows information be pushed through its radio antenna at any time, potentially overwriting previously “deleted” data. Classic Forensics techniques or DLP system is ineffective to stop it because of time, applications that exchanged data in real-time. In addition, the password has a longterm problem. Some techniques very impactful but limited special cases. It’s obvious Android should be rooted, BlackBerry smartphone should have a backup or correspond to the forensics methods and tools, while Playbook limits with shared folder only and there’s no way to root it or mirror all data to the PlayBook simulator as it was for BlackBerry smartphone. The files store on external or internal storage might be useful to obtain some data stored in backup or available to API. It means forensics needs more practical and preventive techniques to extract data. Simply using developer’s API helps to grab data like password for social networks or mail inbox in blackberry smartphone cases that do not stored anywhere. In addition, IM chats do not store else external/internal storage and can only be accessible in way data extracting but if password is known and storage does not encrypted. It means 28 live techniques through API make sense only. Moreover, there is technique preventing successful USB or Bluetooth connection as a live-agent performing DDoS to the event-listener [8]. Finally, all security holes or vendor vision about security on their OS are very astounding to use, it reduces the risks for loss of valuable data and improve existing solutions. In addition, forensics expert protected from almost all objectives capable break and stop forensics investigation. Author bio Currently in the postgraduate program at RSUH on the Cloud Security thesis. Experience in Reverse Engineering, Software Programming, Cyber & Mobile Security Research, Documentation, and as a contributing Security Writer. Also, researching Cloud Security and Social Privacy. The last several years, worked on mobile & social security, forensics, cloud security & compliance & transparency. yury.chemerkin@gmail.com