Smartphones and mobile data mining
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (1.64 MB, 19 trang )
Advanced
Techniques in
Forensic
Examination of
Smartphones
2010
(C) Oxygen Software, 2000-2010
Smartphones market growth
Data provided by FutureSource Consulting
Smartphones market is growing even while general mobile phones market falling
(C) Oxygen Software, 2000-2010
Smartphone is a small PC
(C) Oxygen Software, 2000-2010
Smartphone as: Cell phone
* - Usually these features are not utilized by smartphones
(C) Oxygen Software, 2000-2010
Smartphone as: Address book
(C) Oxygen Software, 2000-2010
Smartphone as: Planner
(C) Oxygen Software, 2000-2010
Smartphone as: Messenger
(C) Oxygen Software, 2000-2010
Smartphone as: GPS navigator
* - Available in EXIF header for many new models
** - Available in smartphones with Nokia LifeBlog application installed
(C) Oxygen Software, 2000-2010
Smartphone as: Web client
* - Available for some IM clients
(C) Oxygen Software, 2000-2010
Smartphone as: PC
(C) Oxygen Software, 2000-2010
Standard extraction methods
There are 2 standard ways to get forensic information from smartphones: logical and
physical analysis
(C) Oxygen Software, 2000-2010
Logical analysis for smartphones
Caller groups
Custom field labels
General phone
Speed dials
information
Messages from
Contacts*
custom
folders
Calendar
Event log
Deleted
messages
Notes
information
Calls history
Service center
timestamps
Messages*
GPS information
Files*
Location tagged data
Settings*
Web browser data
Bookmarks
IM
client data
* - Available data set is restricted and depends highly on manufacturer implementation
3rd party apps
1) The information extracted by all logical protocols is only the top of the iceberg
2) All logical protocols were developed for data synchronization
(C) Oxygen Software, 2000-2010
Physical analysis for smartphones
How to deal with
gigabytes of
that?
(C) Oxygen Software, 2000-2010
Standard extraction methods: Summary
(C) Oxygen Software, 2000-2010
How to extract data without a headache?
In 2002 Oxygen Software invented the 3rd way - analysis using a special agent
application working inside smartphone OS
* - Agent can extract all the information available for native OS applications
(C) Oxygen Software, 2000-2010
Agent application usage
General phone information & SIM card data
Contacts with all fields and custom field labels
Caller groups & Speed dials
Event Log
Calendar events
Tasks & Notes
Messages from standard and custom folders
Deleted messages information
Service center timestamp
Camera snapshots, video clips and voice records
File system
GPS & Location tagged information
Web browser cache & bookmarks
IM clients data
3rd party applications with their information
(C) Oxygen Software, 2000-2010
- Protected operating
system files
- Memory dump
Afraid of writing to device?
Comparison of phone content changes when performing analysis using
different approaches
* - Extra sync add-ons installation may be needed to extract some additional information (e.g. MMS)
** - Agent does not generate any log files
Unlike Agent, SyncML server is not a forensically designed app and is out of full
control from examiner. In addition - it makes more data modifications than Agent.
(C) Oxygen Software, 2000-2010
Summary
Smartphones is a considerable part of mobile device market
FutureSource Consulting forecasts that, between 2008 and 2013, annual sales of
smartphones will rise by 95% to over 300 million. It will be around 37% of all new mobile
phones, up from 13% in 2008.
Smartphones store much more important forensic information than plain cell
phones
Being a multiple-in-one device and having OS with open API smartphones are turning into
small PCs with big memory sizes, wide set of preinstalled applications and huge number of
available 3rd party applications.
Standard extraction methods are less effective for smartphones
All logical protocols were developed for sync purposes, thus they can only extract a top of
the iceberg. Physical analysis of gigabyte hex dumps takes a lot of time.
Agent application usage is the golden mean
The Agent application approach, introduced by Oxygen Software in 2002, almost achieves
the completeness of data extracted by physical methods. At the same time it works via
standard cables and adaptors and allows to present the extracted data in readable and
user-friendly format that is more peculiar to logical analysis.
(C) Oxygen Software, 2000-2010
Interested in more details?
Oxygen Forensic Suite 2010
www.oxygen-forensic.com
Oxygen Forensics for iPhone
www.iphone-forensics.com
+44 (0) 20 8133 8450 (UK)
+1 877 9-OXYGEN (USA)
£499
£899
Standard
Oxygen Forensic Suite and Oxygen Forensic Suite 2010 a the
trademarks of Oxygen Software.
Oxygen Software LLC was founded in year 2000 and since that
time our business is a PC-to-mobile communication.
Professional
(C) Oxygen Software, 2000-2010
![data mining and machine learning in cybersecurity [electronic resource]](https://media.store123doc.com/images/document/14/y/op/medium_hJlflZCPev.jpg)
