This document discusses the intersection of computer forensics and mobile device forensics. It introduces the speaker and defines computers, mobile devices, and other internet-connected things that fall under digital forensics. It then compares the hardware specifications, data storage locations, and amount of data found on computers, smartphones, and other devices. The document outlines risks, best practices for forensic data collection and analysis including chain of custody, documentation, and validation tools and methodologies. It also discusses differences between analyzing data on computers versus mobile devices and examples of computer and mobile device triage tools and techniques.
2. Speaker Introduction
• Rob Schroader, CEO
• rob@Paraben.com
• 801-796-0944
• 10 years of experience with digital forensic
professionals
• iPhone addict
3.
4. The Forensics of Things
• What is a Computer?
• What is a Mobile Device?
• What Else Connects to Internet/Social Media?
6. The Forensics of Things
• My Laptop
• Dual Core 2.0 GHz Processor
• 2 GB RAM
• 122 GB Hard Drive
7. What you do is the same as your suspect
does with…
• A computer
• Surf the internet
• Type documents
• Games
• Email
• A tablet
• Play games
• Surf the internet
• Email
• A cell phone
• Call friends
• Text friends
• Social Media
• Apps, Apps, Apps
8. Know Your Risks
• Device Type
• Computer
• Mobile
• Environment
• Weather
• Signals
• People
• There is no license to operate a computer/mobile.
10. Forensic Rules
•Chain of Custody
• First Responder is lab
•Documentation
• Set procedures
•Hash Validation
• Math is your friend
•Tools & Methodologies
• Validate tools before the field
11. Forensic Tools Questions
• Is it read only?
• Yes
• No
• Can I repeat my results?
• What are your validation steps?
12. Forensic Tools Questions
• Is the data verified and if so how?
• What hash values are used?
• Can those values be repeated?
• Are there other validations?
• Was it designed for forensics, and are the images gathered valid?
• Is it a commercial tool that is being used in forensics?
• How is the image file created?
15. Computers vs. Mobiles
•File Systems
• Windows (NTFS, FAT – Registry)
• MAC (HFS, HFS+)
• iPhones (iOS – Applications)
•Drives vs. Memory
•Logical vs. Physical
•Amount of Data
20. Computer Triage Example
•DP2C
• Targeted Data Collection
• Bootable
• Easy to Use
•P2C Data Triage
• Windows Systems
• iTunes Backups
• Mobile Device Acquisitions (DS Case Files)