Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (20)
Semelhante a Digital forensics track schroader-rob when forensics collide
Semelhante a Digital forensics track schroader-rob when forensics collide (20)
Mais de ISSA LA
Mais de ISSA LA (20)
Último
Último (20)
Digital forensics track schroader-rob when forensics collide
- 1. When Computer Forensics & Mobile Forensics Collide
- 2. Speaker Introduction • Rob Schroader, CEO • rob@Paraben.com • 801-796-0944 • 10 years of experience with digital forensic professionals • iPhone addict
- 4. The Forensics of Things • What is a Computer? • What is a Mobile Device? • What Else Connects to Internet/Social Media?
- 5. The Forensics of Things • iPhone 6 – A7 Processor: • Dual Core 1.38 GHz Processor • 1 GB LPDDR3 RAM • 128 GB Storage • Huawei Ascend Mate 7 • Quad Core 1.8 GHz Processor • 2/3 GB RAM • 32 GB Storage • microSD Slot (128 GB)
- 6. The Forensics of Things • My Laptop • Dual Core 2.0 GHz Processor • 2 GB RAM • 122 GB Hard Drive
- 7. What you do is the same as your suspect does with… • A computer • Surf the internet • Type documents • Games • Email • A tablet • Play games • Surf the internet • Email • A cell phone • Call friends • Text friends • Social Media • Apps, Apps, Apps
- 8. Know Your Risks • Device Type • Computer • Mobile • Environment • Weather • Signals • People • There is no license to operate a computer/mobile.
- 9. Where’s the Data? •Computer •Mobile Device •Mobile Data on Computers •The Cloud…The Dreaded Cloud!!!
- 10. Forensic Rules •Chain of Custody • First Responder is lab •Documentation • Set procedures •Hash Validation • Math is your friend •Tools & Methodologies • Validate tools before the field
- 11. Forensic Tools Questions • Is it read only? • Yes • No • Can I repeat my results? • What are your validation steps?
- 12. Forensic Tools Questions • Is the data verified and if so how? • What hash values are used? • Can those values be repeated? • Are there other validations? • Was it designed for forensics, and are the images gathered valid? • Is it a commercial tool that is being used in forensics? • How is the image file created?
- 13. Non-Forensic •Does Anything Go? •Preserve Data •Do No Harm •Tools You Use
- 14. Outsourced vs. Internal •Costs •Time •Capabilities • Tools • People •Collection Only? •Collection Plus Analysis?
- 15. Computers vs. Mobiles •File Systems • Windows (NTFS, FAT – Registry) • MAC (HFS, HFS+) • iPhones (iOS – Applications) •Drives vs. Memory •Logical vs. Physical •Amount of Data
- 16. Computer Triage •Targeted Collection •Deleted Data • Is it necessary? •Email
- 17. Computer Triage •Chat Logs •Internet History •Recent Documents •Registry Data
- 18. Mobile Triage •Logical Acquisition •Deleted Data • Is it necessary? •Backup Files •Call Logs
- 19. Mobile Triage •SMS •Email – Not Likely •Contacts •Internet History • Chrome Account?
- 20. Computer Triage Example •DP2C • Targeted Data Collection • Bootable • Easy to Use •P2C Data Triage • Windows Systems • iTunes Backups • Mobile Device Acquisitions (DS Case Files)
- 25. Computer Triage Example •P2C Data Triage
- 26. Computer Triage Example •Limitations • Not Comprehensive • Registry and System Files • Time Constraints
- 27. Storage Devices • SD Cards • Used for Computer or Cell Phone? • Significant Data Storage (128 GB) • Computers • Documents • Program Files (QB, Quicken, Photoshop, Flow Charts, etc.) • Multimedia • Phones • Photos • Multimedia • App Data
- 28. Examples • From Device • From Computer
- 30. Examples • Apps • Not Parsed
- 31. Examples • Drop Box on Computer
- 32. Examples • Drop Box on iPhone
- 33. Examples • Computer Shows • 135 Files • iPhone Database Shows • 978 Files • Not All Listed Files Still on Phone
- 34. Examples • Mass Storage Devices (SD Cards, USB Drives, Etc.)
- 35. Should You Triage? • Can be Easy • Cost Savings • Immediate Results • Expanded Skill Set • Anyone Can Do It
- 36. Any Questions?