SlideShare uma empresa Scribd logo

Trends in Mobile Device Data and Artifacts

Transferir como PPTX, PDF
Cellebrite
Cellebrite

Mobile devices now generate and store vast amounts of diverse data in multiple locations and formats. Trends include the dominance of mobile apps for communications and activities, which generate location data, media files, and other information stored both on devices and in the cloud. Device data includes detailed location histories from GPS, WiFi networks, and cell towers; installed apps and usage; contacts; messages; and metadata for calls, images, and other media. This data persists even after deletion and can provide insights into a user's online and real-world activities.

CelularTecnologia
1 de 23
Trends in Mobile Devices Data and Artifacts Inbar Ries, Senior Director, Forensics Products June, 2014
Trends Much More Data • Variety • Amount • Initiator - user and device New Data Management • Multiple locations • Multiple types
Mobile Apps Dominate Contacts – friends, favorites, groups Call logs Chats – messages, attachments Emails Location Images Malware Over 2 Million Apps in App Store & Google Play 102 Billion downloads in 2013
Device Internal Data Locations Media files metadata User ID (e.g. Apple ID) Tethering information Cloud backup indication Device power log (off/on) Installed applications & usage Application permissions
Locations ■Cell towers ■WiFi networks ■Applications location ■Media files ■Journeys taken from GPS applications/devices
The Device Knows Where his Owner has been ■The location data is derived by the cell towers and Wi-Fi hotspots the devices encountered ■The location service is enabled by default ■The data is stored in SQLite database for future use ■ Deleted data can be recovered
Locations in Android Devices Location reporting is available on devices running Android 2.3 or higher
Locations in iOS Devices ■iOS 4 and above ■Location accuracy Location service uses a combination of cellular, Wi-Fi, Bluetooth, and GPS to determine your location. ■System location service ■ iPhone will periodically send locations of where you have purchased or used Apps in an anonymous and encrypted form to Apple ■ iPhone will keep track of places you have recently been, as well as how often and when you visited them. This data is kept solely on your device
Location in Applications ■User location per activity ■Friend’s locations ■Other people nearby
Locations from TomTom devices The potential Detailed location info including Lat/Lon and timestamps Data stored on the device Encrypted triplog files
Image carving ■File carving is a powerful tool for recovering files and fragments of files ■Recovery of images that have a full or partial or corrupted header ■ Quick scan ■ Less false positive ■ Recovery of blocks of JPEG data without header information ■ Longer duration ■ Much more results ■ More false positive Internal & Confidential 13
Media files ■ Video and image files ■ Where – Latitude and longitude ■ When - capture time ■ Which camera - device make and model ■ Device owner ■ Other camera ■ How the area looks like
Malware ■Mobile malware increasing by 1000% in the last year ■Mainly on Android and BlackBerry platforms ■2013 - 143K malicious programs targeting mobile devices were detected ■Devices are affected by: ■ A fake version of a real site ■ Infected legit app ■ Unofficial websites where users can freely download apps
The Real Danger of Malware ■ Stealing of ■ Private information ■ Bank account information and password ■ Credit card numbers ■ Company intellectual property ■ Deleting data ■ Forcing the use of premium content ■ Bricking the device
Trends Much More Data • Variety • Amount • Initiator - User and device New Data Management • Multiple locations • Multiple types
SQLite Databases – Standard ■SQLite database is already installed in many devices including Android, Apple and Blackberry ■Multiple data types ■ Text, date and time, numbers ■ Files (image, audio, documents) ■ Deleted data can be recovered
SQLite Databases – Content ■Applications data ■ The data is per application and cannot be accessed by other applications ■ Data: User profile, messages, locations, contacts, images and more ■Device native applications including SMS, MMS, contact ■Device internal usage ■ The amount of data that is saved but not exposed to the user is massive ■Data: configuration, cached information, locations and more
Logs ■Logs can include errors but also valuable system information ■Transactions status ■Device information
Configuration files ■What can be found: ■ Date, time and time zone configuration ■ Applications permissions ■ Tethering data - Hotspot name, password and last activation time ■ Location service status - on/off ■Configuration files: ■ Apple – Plist, bplist ■ Android – XML preference files
Thank You www.cellebrite.com

Recomendados

There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...
Cellebrite
 
Reduce Lab Backlog with Mobile Data Forensic Previews
Reduce Lab Backlog with Mobile Data Forensic PreviewsReduce Lab Backlog with Mobile Data Forensic Previews
Reduce Lab Backlog with Mobile Data Forensic Previews
Cellebrite
 
Verification and Validation of Findings
Verification and Validation of FindingsVerification and Validation of Findings
Verification and Validation of Findings
Cellebrite
 
Technical Challenges in Cyber Forensics
Technical Challenges in Cyber ForensicsTechnical Challenges in Cyber Forensics
Technical Challenges in Cyber Forensics
Ollie Whitehouse
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensics
noorashams
 
computer forensics
computer forensicscomputer forensics
computer forensics
shivi123456
 
Best Cyber Crime Investigation Service Provider | Fornsec Solutions
Best Cyber Crime Investigation Service Provider | Fornsec SolutionsBest Cyber Crime Investigation Service Provider | Fornsec Solutions
Best Cyber Crime Investigation Service Provider | Fornsec Solutions
FORnSECSolutions
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics
abdullah roomi
 

Recomendados

There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...
Cellebrite
 
Reduce Lab Backlog with Mobile Data Forensic Previews
Reduce Lab Backlog with Mobile Data Forensic PreviewsReduce Lab Backlog with Mobile Data Forensic Previews
Reduce Lab Backlog with Mobile Data Forensic Previews
Cellebrite
 
Verification and Validation of Findings
Verification and Validation of FindingsVerification and Validation of Findings
Verification and Validation of Findings
Cellebrite
 
Technical Challenges in Cyber Forensics
Technical Challenges in Cyber ForensicsTechnical Challenges in Cyber Forensics
Technical Challenges in Cyber Forensics
Ollie Whitehouse
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensics
noorashams
 
computer forensics
computer forensicscomputer forensics
computer forensics
shivi123456
 
Best Cyber Crime Investigation Service Provider | Fornsec Solutions
Best Cyber Crime Investigation Service Provider | Fornsec SolutionsBest Cyber Crime Investigation Service Provider | Fornsec Solutions
Best Cyber Crime Investigation Service Provider | Fornsec Solutions
FORnSECSolutions
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics
abdullah roomi
 
Shelton mobile forensics
Shelton mobile forensicsShelton mobile forensics
Shelton mobile forensics
i4box Anon
 
Business Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicBusiness Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer Forensic
Dhiren Gala
 
Ce hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handlingCe hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handling
Vi Tính Hoàng Nam
 
Computer crimes and forensics
Computer crimes and forensics Computer crimes and forensics
Computer crimes and forensics
Avinash Mavuru
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1
Manu Mathew Cherian
 
Cyber forensics 02 mit-2014
Cyber forensics 02 mit-2014Cyber forensics 02 mit-2014
Cyber forensics 02 mit-2014
Muzzammil Wani
 
Codebits 2010
Codebits 2010Codebits 2010
Codebits 2010
Tiago Henriques
 
Lect 1 computer forensics
Lect 1 computer forensicsLect 1 computer forensics
Lect 1 computer forensics
Kabul Education University
 
Cyber forensics ppt
Cyber forensics pptCyber forensics ppt
Cyber forensics ppt
RoshiniVijayakumar1
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
Daksh Verma
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
Nikhil Mashruwala
 
Sued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital ForensicsSued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital Forensics
Anyck Turgeon, CFE/GRCP/CEFI/CCIP/C|CISO/CBA
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
Somya Johri
 
Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.
guestcf6f5b
 
I want to be a cyber forensic examiner
I want to be a cyber forensic examinerI want to be a cyber forensic examiner
I want to be a cyber forensic examiner
Neeraj Aarora
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
Shreya Singireddy
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
Neilg42
 
Computer Forensics: You can run but you can't hide
Computer Forensics: You can run but you can't hideComputer Forensics: You can run but you can't hide
Computer Forensics: You can run but you can't hide
Antonio Sanz Alcober
 
Cyber Forensics Module 2
Cyber Forensics Module 2Cyber Forensics Module 2
Cyber Forensics Module 2
Manu Mathew Cherian
 
Current Forensic Tools
Current Forensic Tools Current Forensic Tools
Current Forensic Tools
Jyothishmathi Institute of Technology and Science Karimnagar
 
Preparing to Testify About Mobile Device Evidence
Preparing to Testify About Mobile Device EvidencePreparing to Testify About Mobile Device Evidence
Preparing to Testify About Mobile Device Evidence
Cellebrite
 
Interview Techniques for a Mobile Crime World
Interview Techniques for a Mobile Crime WorldInterview Techniques for a Mobile Crime World
Interview Techniques for a Mobile Crime World
Cellebrite
 

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Shelton mobile forensics
Shelton mobile forensicsShelton mobile forensics
Shelton mobile forensics
 
Business Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicBusiness Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer Forensic
 
Ce hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handlingCe hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handling
 
Computer crimes and forensics
Computer crimes and forensics Computer crimes and forensics
Computer crimes and forensics
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1
 
Cyber forensics 02 mit-2014
Cyber forensics 02 mit-2014Cyber forensics 02 mit-2014
Cyber forensics 02 mit-2014
 
Codebits 2010
Codebits 2010Codebits 2010
Codebits 2010
 
Lect 1 computer forensics
Lect 1 computer forensicsLect 1 computer forensics
Lect 1 computer forensics
 
Cyber forensics ppt
Cyber forensics pptCyber forensics ppt
Cyber forensics ppt
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
 
Sued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital ForensicsSued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital Forensics
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
 
Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.
 
I want to be a cyber forensic examiner
I want to be a cyber forensic examinerI want to be a cyber forensic examiner
I want to be a cyber forensic examiner
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
 
Computer Forensics: You can run but you can't hide
Computer Forensics: You can run but you can't hideComputer Forensics: You can run but you can't hide
Computer Forensics: You can run but you can't hide
 
Cyber Forensics Module 2
Cyber Forensics Module 2Cyber Forensics Module 2
Cyber Forensics Module 2
 
Current Forensic Tools
Current Forensic Tools Current Forensic Tools
Current Forensic Tools
 

Destaque

Ricostruzione forense di NTFS con metadati parzialmente danneggiati
Ricostruzione forense di NTFS con metadati parzialmente danneggiatiRicostruzione forense di NTFS con metadati parzialmente danneggiati
Ricostruzione forense di NTFS con metadati parzialmente danneggiati
Andrea Lazzarotto
 
Dal checco Dezzani, Digital Evidence Digital Forensics
Dal checco Dezzani, Digital Evidence Digital ForensicsDal checco Dezzani, Digital Evidence Digital Forensics
Dal checco Dezzani, Digital Evidence Digital Forensics
Andrea Rossetti
 

Destaque (10)

Preparing to Testify About Mobile Device Evidence
Preparing to Testify About Mobile Device EvidencePreparing to Testify About Mobile Device Evidence
Preparing to Testify About Mobile Device Evidence
 
Interview Techniques for a Mobile Crime World
Interview Techniques for a Mobile Crime WorldInterview Techniques for a Mobile Crime World
Interview Techniques for a Mobile Crime World
 
With UFED Physical Analyzer, investigative team helps prove a case for capita...
With UFED Physical Analyzer, investigative team helps prove a case for capita...With UFED Physical Analyzer, investigative team helps prove a case for capita...
With UFED Physical Analyzer, investigative team helps prove a case for capita...
 
Cellebrite Predictions Survey 2015
Cellebrite Predictions Survey 2015Cellebrite Predictions Survey 2015
Cellebrite Predictions Survey 2015
 
Preparing Testimony about Cellebrite UFED In a Daubert or Frye Hearing
Preparing Testimony about Cellebrite UFED In a Daubert or Frye HearingPreparing Testimony about Cellebrite UFED In a Daubert or Frye Hearing
Preparing Testimony about Cellebrite UFED In a Daubert or Frye Hearing
 
Ricostruzione forense di NTFS con metadati parzialmente danneggiati
Ricostruzione forense di NTFS con metadati parzialmente danneggiatiRicostruzione forense di NTFS con metadati parzialmente danneggiati
Ricostruzione forense di NTFS con metadati parzialmente danneggiati
 
Come si creano le app Android
Come si creano le app AndroidCome si creano le app Android
Come si creano le app Android
 
Cdma ppt for ECE
Cdma ppt for ECECdma ppt for ECE
Cdma ppt for ECE
 
2015-06 Monica Palmirani, L'informazione giuridica nella società della conos...
2015-06 Monica Palmirani, L'informazione giuridica nella società della conos...2015-06 Monica Palmirani, L'informazione giuridica nella società della conos...
2015-06 Monica Palmirani, L'informazione giuridica nella società della conos...
 
Dal checco Dezzani, Digital Evidence Digital Forensics
Dal checco Dezzani, Digital Evidence Digital ForensicsDal checco Dezzani, Digital Evidence Digital Forensics
Dal checco Dezzani, Digital Evidence Digital Forensics
 

Semelhante a Trends in Mobile Device Data and Artifacts

Mobile Middleware and Mobility in the Enterprise - Yad Jaura, Marketing Manag...
Mobile Middleware and Mobility in the Enterprise - Yad Jaura, Marketing Manag...Mobile Middleware and Mobility in the Enterprise - Yad Jaura, Marketing Manag...
Mobile Middleware and Mobility in the Enterprise - Yad Jaura, Marketing Manag...
mfrancis
 
User's Guide to Online Privacy
User's Guide to Online PrivacyUser's Guide to Online Privacy
User's Guide to Online Privacy
cdunk12
 
Mobile security services 2012
Mobile security services 2012Mobile security services 2012
Mobile security services 2012
Tjylen Veselyj
 
DIGITAL FORENSICS_PRESENTATION
DIGITAL FORENSICS_PRESENTATIONDIGITAL FORENSICS_PRESENTATION
DIGITAL FORENSICS_PRESENTATION
Amina Baha
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
Milap Oza
 

Semelhante a Trends in Mobile Device Data and Artifacts (20)

Mobile_Forensics- General Introduction & Software.pptx
Mobile_Forensics- General Introduction & Software.pptxMobile_Forensics- General Introduction & Software.pptx
Mobile_Forensics- General Introduction & Software.pptx
 
Hacker Halted 2014 - EMM Limits & Solutions
Hacker Halted 2014 - EMM Limits & SolutionsHacker Halted 2014 - EMM Limits & Solutions
Hacker Halted 2014 - EMM Limits & Solutions
 
Mobile Middleware and Mobility in the Enterprise - Yad Jaura, Marketing Manag...
Mobile Middleware and Mobility in the Enterprise - Yad Jaura, Marketing Manag...Mobile Middleware and Mobility in the Enterprise - Yad Jaura, Marketing Manag...
Mobile Middleware and Mobility in the Enterprise - Yad Jaura, Marketing Manag...
 
css ppt.ppt
css ppt.pptcss ppt.ppt
css ppt.ppt
 
Uncover important digital evidence with digital forensic tools
Uncover important digital evidence with digital forensic toolsUncover important digital evidence with digital forensic tools
Uncover important digital evidence with digital forensic tools
 
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
 
An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile Security
 
Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013
 
Data in Motion - tech-intro-for-paris-hackathon
Data in Motion - tech-intro-for-paris-hackathonData in Motion - tech-intro-for-paris-hackathon
Data in Motion - tech-intro-for-paris-hackathon
 
User's Guide to Online Privacy
User's Guide to Online PrivacyUser's Guide to Online Privacy
User's Guide to Online Privacy
 
Mobile security services 2012
Mobile security services 2012Mobile security services 2012
Mobile security services 2012
 
Automation In Android & iOS Application Review
Automation In Android & iOS Application Review�Automation In Android & iOS Application Review�
Automation In Android & iOS Application Review
 
Smart phone and mobile phone risks
Smart phone and mobile phone risksSmart phone and mobile phone risks
Smart phone and mobile phone risks
 
Examining computer and evidence collection
Examining computer and evidence collectionExamining computer and evidence collection
Examining computer and evidence collection
 
Android Security and Peneteration Testing
Android Security and Peneteration TestingAndroid Security and Peneteration Testing
Android Security and Peneteration Testing
 
DIGITAL FORENSICS_PRESENTATION
DIGITAL FORENSICS_PRESENTATIONDIGITAL FORENSICS_PRESENTATION
DIGITAL FORENSICS_PRESENTATION
 
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageOwasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
 
Hidden security and privacy consequences around mobility (Infosec 2013)
Hidden security and privacy consequences around mobility (Infosec 2013)Hidden security and privacy consequences around mobility (Infosec 2013)
Hidden security and privacy consequences around mobility (Infosec 2013)
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
 
CASBs: Real World Use Cases
CASBs: Real World Use CasesCASBs: Real World Use Cases
CASBs: Real World Use Cases
 

Último

Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)
Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)
Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)
Cara Menggugurkan Kandungan 087776558899
 
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCRFULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
nishacall1
 
9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service
nishacall1
 
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
Delhi Call girls
 

Último (6)

Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)
Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)
Obat Penggugur Kandungan Di Apotik Kimia Farma (087776558899)
 
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCRFULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
 
9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 52 (Delhi) Call Girl Service
 
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
 
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost LoverPowerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
 
Leading Mobile App Development Companies in India (2).pdf
Leading Mobile App Development Companies in India (2).pdfLeading Mobile App Development Companies in India (2).pdf
Leading Mobile App Development Companies in India (2).pdf
 

Trends in Mobile Device Data and Artifacts

  • 1. Trends in Mobile Devices Data and Artifacts Inbar Ries, Senior Director, Forensics Products June, 2014
  • 2. Trends Much More Data • Variety • Amount • Initiator - user and device New Data Management • Multiple locations • Multiple types
  • 3. Mobile Apps Dominate Contacts – friends, favorites, groups Call logs Chats – messages, attachments Emails Location Images Malware Over 2 Million Apps in App Store & Google Play 102 Billion downloads in 2013
  • 4. Device Internal Data Locations Media files metadata User ID (e.g. Apple ID) Tethering information Cloud backup indication Device power log (off/on) Installed applications & usage Application permissions
  • 5.
  • 6. Locations ■Cell towers ■WiFi networks ■Applications location ■Media files ■Journeys taken from GPS applications/devices
  • 7. The Device Knows Where his Owner has been ■The location data is derived by the cell towers and Wi-Fi hotspots the devices encountered ■The location service is enabled by default ■The data is stored in SQLite database for future use ■ Deleted data can be recovered
  • 8. Locations in Android Devices Location reporting is available on devices running Android 2.3 or higher
  • 9. Locations in iOS Devices ■iOS 4 and above ■Location accuracy Location service uses a combination of cellular, Wi-Fi, Bluetooth, and GPS to determine your location. ■System location service ■ iPhone will periodically send locations of where you have purchased or used Apps in an anonymous and encrypted form to Apple ■ iPhone will keep track of places you have recently been, as well as how often and when you visited them. This data is kept solely on your device
  • 10.
  • 11. Location in Applications ■User location per activity ■Friend’s locations ■Other people nearby
  • 12. Locations from TomTom devices The potential Detailed location info including Lat/Lon and timestamps Data stored on the device Encrypted triplog files
  • 13. Image carving ■File carving is a powerful tool for recovering files and fragments of files ■Recovery of images that have a full or partial or corrupted header ■ Quick scan ■ Less false positive ■ Recovery of blocks of JPEG data without header information ■ Longer duration ■ Much more results ■ More false positive Internal & Confidential 13
  • 14. Media files ■ Video and image files ■ Where – Latitude and longitude ■ When - capture time ■ Which camera - device make and model ■ Device owner ■ Other camera ■ How the area looks like
  • 15. Malware ■Mobile malware increasing by 1000% in the last year ■Mainly on Android and BlackBerry platforms ■2013 - 143K malicious programs targeting mobile devices were detected ■Devices are affected by: ■ A fake version of a real site ■ Infected legit app ■ Unofficial websites where users can freely download apps
  • 16. The Real Danger of Malware ■ Stealing of ■ Private information ■ Bank account information and password ■ Credit card numbers ■ Company intellectual property ■ Deleting data ■ Forcing the use of premium content ■ Bricking the device
  • 17.
  • 18. Trends Much More Data • Variety • Amount • Initiator - User and device New Data Management • Multiple locations • Multiple types
  • 19. SQLite Databases – Standard ■SQLite database is already installed in many devices including Android, Apple and Blackberry ■Multiple data types ■ Text, date and time, numbers ■ Files (image, audio, documents) ■ Deleted data can be recovered
  • 20. SQLite Databases – Content ■Applications data ■ The data is per application and cannot be accessed by other applications ■ Data: User profile, messages, locations, contacts, images and more ■Device native applications including SMS, MMS, contact ■Device internal usage ■ The amount of data that is saved but not exposed to the user is massive ■Data: configuration, cached information, locations and more
  • 21. Logs ■Logs can include errors but also valuable system information ■Transactions status ■Device information
  • 22. Configuration files ■What can be found: ■ Date, time and time zone configuration ■ Applications permissions ■ Tethering data - Hotspot name, password and last activation time ■ Location service status - on/off ■Configuration files: ■ Apple – Plist, bplist ■ Android – XML preference files

Notas do Editor

  1. This is an example of location database