Difference between pages "Vendors" and "Applied Cellphone Forensics"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
(Software Vendors)
 
(Evidence Regulation and its Impacts in the Investigation Process)
 
Line 1: Line 1:
= Software Vendors =
+
===Applied Cellphone Forensics===
  
; [[AccessData]] - [[Forensic Toolkit]] ([[FTK]])
+
• Defining processes of the acquisition, preservation, analysis of evidence
: http://www.accessdata.com/products/
+
  
; [[ASR Data]] - [[SMART]]
+
• Presentation of physical and digital cellular phone evidence in the investigation process
: http://www.asrdata.com/SMART/
+
  
; [[BlackBag Technologies]]
+
• Evidence regulation and its impacts in the investigation process
: http://www.blackbagtech.com/software.html
+
  
; [[Computer Forensic Analysis]]
+
• Applications: practical forensic cases related to cellular phones
: http://www.porcupine.org/forensics/
+
  
; [[Computer Cop Forensic Examiner]]
+
====Introduction====
: http://www.computercop.com/examiner.html
+
Cellular telephones are a ubiquitous consumer device. Over 180 million subscribers are using one of over 500 different cellphones offered in the United States from over 30 different manufacturers, processing voice and data traffic over 4 carrier networks. Invariably, with so much voice and data traffic being sent from one cellphone to another, many of these phones can provide critical evidentiary data to crime scene  investigators. Unfortunately, the forensic acquisition and analysis of these phones is a new process in the computer forensics world. Several reasons exist, but the main reasons are the lack of awareness and training of law enforcement agencies. This paper is an effort to change this deficiency.
  
; [[Forensic and Security Services, Inc.]] - [[Rainbow Tables]]
+
====Processes of the Acquisition, Preservation, Analysis of Evidence ====
: http://www.For-Sec.com
+
Due to their nature, cell phones are acquired and preserved in the same action. This acquisition and preservation is done with various tools and technologies. It can be done through various cabling systems and various software applications. Examples of the cabling systems include Paraben’s Cell Seizure Toolkit, Susteen’s Law Enforcement Cabling Kit, or the various manufacturers data cables.  
  
; [[Guidance Software]] - [[EnCase]]
+
The various software applications include:<br>
: http://www.guidancesoftware.com/products/index.asp
+
Paraben’s Cell Seizure<br>
 +
Susteen’s SecureView<br>
 +
BITPim<br>
 +
Nokia’s Oxygen PM Forensic Edition<br>
 +
FloAt's Mobile Agent<br>
 +
iDEN Media Downloader<br>
 +
iDEN Phoenbook Manager<br>
 +
SmartMoto<br>
 +
GSM .XRY<br>
 +
SuperAgent RSS<br>
 +
MobilEdit<br>
 +
Tulp2G<br>
 +
Access Data’s FTK<br>
 +
Guidance Software’s EnCase<br>
  
; [[MaresWare Software]]
+
SIM Card software applications:<br>
: http://www.maresware.com/maresware/software.htm
+
SIM Seizure<br>
 +
SIMCon<br>
 +
Tulp2G<br>
  
; [[NTI - Forensics International]] Division of Armor Forensics
 
: http://www.forensics-intl.com/tools.html
 
  
; [[Nuix Pty Ltd]] - [[FBI]]
+
Overly simplified…<br>
: http://www.nuix.com.au
+
  
; [[Paraben Forensics]]
+
Is there a method for determining which application to use based on the phone?
: http://www.paraben-forensics.com/
+
Can this be built from a database of knowledge
  
; [[PyFlag]]
+
Process of Cellphone Acquisition.<br>
: http://pyflag.sourceforge.net/
+
1. Take phone off network via faraday technology<br>
 +
2. Connect power source and ensure at least 50% charge<br>
 +
3. Connect the data synchronization cable to the phone<br>
 +
4. Launch the software application for acquisition and analysis<br>
 +
5. Acquire the phones image<br>
  
; Steganography Analysis and Research Center
+
Process of SIM Card Acquisition.<br>
: General Product Information http://www.sarc-wv.com/products.aspx
+
1. Connect SIM Card to Computer through a compliant card reader<br>
: Steganography Application Fingerprint Database (SAFDB) http://www.sarc-wv.com/safdb.aspx
+
2. Launch the software application for acquisition and analysis<br>
: Steganography Analyzer Artifact Scanner (StegAlyzerAS) http://www.sarc-wv.com/stegalyzeras.aspx
+
3. Acquire and Analyze the SIM Card<br>
: Steganography Analyzer Signature Scanner (StegAlyzerSS) http://www.sarc-wv.com/stegalyzerss.aspx
+
  
; [[Tech Assist, Inc.]]
+
Process of Cellphone Analysis.<br>
: http://www.toolsthatwork.com/
+
What are we looking for:<br>
 +
GSM: IMEI<br>
 +
CDMA: ESN<br>
 +
Short Dial Numbers<br>
 +
SMS Messages<br>
 +
Phone Settings (language, date/time, tone/volume etc)<br>
 +
Stored Audio Recordings<br>
 +
Stored Computer Files<br>
 +
Logged incoming calls and dialed numbers<br>
 +
Stored Executable Programs<br>
 +
GPRS, WAP and Internet settings<br>
 +
Calendar and Contacts<br>
 +
Calls Made, Received, and Missed<br>
 +
Ring Tones, Games, Pictures, Videos and other Downloaded information<br>
  
; [[Technology Pathways]] - [[Pro Discover]]
 
: http://www.techpathways.com/
 
  
; [[Wetstone Technologies]]
+
Process of SIM Card Analysis.<br>
:http://www.wetstonetech.com/page/page/3004314.htm
+
What are we looking for:<br>
 +
Location Information<br>
 +
SMS Messages<br>
 +
Abbreviated Dialing Numbers<br>
 +
Last Numbers Dialed<br>
  
; [[X-Ways Software]]
 
: http://www.x-ways.net/
 
  
= Hardware Vendors =
+
====Presentation of Physical and Digital Cellular Phone Evidence in the Investigation Process ====
; [[BlackBag Technologies]]
+
Cellular Phone<br>
: http://www.blackbagtech.com/hardware.html
+
Forensic Evidence Folder Organization<br>
: [[Write Blockers]]
+
Analog – Screenshots of phones<br>
 +
Digital – Reports from applications<br>
 +
Word Document for binding information together<br>
  
; [[Digital Intelligence]]
 
: http://www.digitalintelligence.com/forensichardware.php
 
: [[Write Blockers]], [[forensic field kit]]s, etc.
 
  
; [[Forensic-Computers]]
+
====Evidence Regulation and its Impacts in the Investigation Process ====
: http://www.forensic-computers.com/
+
Cellphones are not hard drives<br>
: Various systems, [[Write Blockers]], [[forensic field kit]]s, etc.
+
Live versus dead animals<br>
  
; [[ForensicPC]]
+
Hard Drives are coming tho: http://itvibe.com/news/3934/
: http://www.forensicpc.com/
+
: Various [[Write Blockers]], [[forensic field kit]]s, forensics software, etc.
+
  
; [[MyKey Tech]]
+
====Applications: Practical Forensic Cases Related to Cellular Phones ====
: http://www.mykeytech.com/
+
Examples???
: [[Write Blockers]]
+
 
+
; [[Paraben Forensics]]
+
: http://www.paraben-forensics.com/catalog/index.php?cPath=26
+
: [[Write Blockers]], [[forensic field kit]]s, etc.
+
 
+
; [[Technology Pathways]]
+
: http://www.techpathways.com/
+
: [[Write Blockers]]
+
 
+
; [[Wiebetech]]
+
: http://wiebetech.com/
+
: Various [[Write Blockers]], [[forensic field kit]]s, etc.
+
 
+
= Training =
+
 
+
== Open for everyone ==
+
 
+
* [http://www.accessdata.com/training/ AccessData Training]
+
* [http://www.forensics-intl.com/training.html Armor Forensics (NTI - Forensics International)]
+
* [http://www.asrdata.com/training/ ASR Data Training]
+
* [http://www.blackbagtech.com/training.html BlackBag Tech Training]
+
* [http://www.cce-bootcamp.com/ Certified Computer Examiner BootCamp]
+
* [http://www.cftco.com/ Computer Forensics Training Center On-Line]
+
* [http://www.e-fense.com/training.html e-fense Inc]
+
* [http://www.nuix.com.au/screencasts.html FBI Screencast Training]
+
* [http://www.guidancesoftware.com/training/index.asp Guidance Software (EnCase) Training]
+
* [http://www.infosecinstitute.com/courses/security_training_courses.html InfoSec Institute]
+
* [http://www.crazytrain.com/training.html Linux Data Forensics Training]
+
* [http://www.maresware.com/maresware/training/maresware.htm Maresware Training]
+
* [http://www.paraben-training.com/ Paraben Forensics Training]
+
* [http://www.sarc-wv.com/training.aspx Steganography Analysis and Research Center]
+
* [http://www.techpathways.com/DesktopDefault.aspx?tabindex=5&tabid=9 Technology Pathways Pro Discover Training]
+
* [http://www.vigilar.com/training.html Vigilar]
+
* [http://www.wetstonetech.com/page/page/3004314.htm Wetstone Technologies]
+
 
+
== Law enforcement only ==
+
 
+
* [http://www.fletc.gov/cfi/fy06tibsched.htm Federal Law Enforcement Training Center]
+
* [http://www.cops.org/ IACIS Computer Training/Certification]
+
* [http://nw3c.org/ocr/courses_desc.cfm National White Collar Crime Center]
+
* [http://www.search.org/programs/hightech/courses.asp Search.Org]
+

Revision as of 20:17, 14 February 2006

Contents

Applied Cellphone Forensics

• Defining processes of the acquisition, preservation, analysis of evidence

• Presentation of physical and digital cellular phone evidence in the investigation process

• Evidence regulation and its impacts in the investigation process

• Applications: practical forensic cases related to cellular phones

Introduction

Cellular telephones are a ubiquitous consumer device. Over 180 million subscribers are using one of over 500 different cellphones offered in the United States from over 30 different manufacturers, processing voice and data traffic over 4 carrier networks. Invariably, with so much voice and data traffic being sent from one cellphone to another, many of these phones can provide critical evidentiary data to crime scene investigators. Unfortunately, the forensic acquisition and analysis of these phones is a new process in the computer forensics world. Several reasons exist, but the main reasons are the lack of awareness and training of law enforcement agencies. This paper is an effort to change this deficiency.

Processes of the Acquisition, Preservation, Analysis of Evidence

Due to their nature, cell phones are acquired and preserved in the same action. This acquisition and preservation is done with various tools and technologies. It can be done through various cabling systems and various software applications. Examples of the cabling systems include Paraben’s Cell Seizure Toolkit, Susteen’s Law Enforcement Cabling Kit, or the various manufacturers data cables.

The various software applications include:
Paraben’s Cell Seizure
Susteen’s SecureView
BITPim
Nokia’s Oxygen PM Forensic Edition
FloAt's Mobile Agent
iDEN Media Downloader
iDEN Phoenbook Manager
SmartMoto
GSM .XRY
SuperAgent RSS
MobilEdit
Tulp2G
Access Data’s FTK
Guidance Software’s EnCase

SIM Card software applications:
SIM Seizure
SIMCon
Tulp2G


Overly simplified…

Is there a method for determining which application to use based on the phone? Can this be built from a database of knowledge

Process of Cellphone Acquisition.
1. Take phone off network via faraday technology
2. Connect power source and ensure at least 50% charge
3. Connect the data synchronization cable to the phone
4. Launch the software application for acquisition and analysis
5. Acquire the phones image

Process of SIM Card Acquisition.
1. Connect SIM Card to Computer through a compliant card reader
2. Launch the software application for acquisition and analysis
3. Acquire and Analyze the SIM Card

Process of Cellphone Analysis.
What are we looking for:
GSM: IMEI
CDMA: ESN
Short Dial Numbers
SMS Messages
Phone Settings (language, date/time, tone/volume etc)
Stored Audio Recordings
Stored Computer Files
Logged incoming calls and dialed numbers
Stored Executable Programs
GPRS, WAP and Internet settings
Calendar and Contacts
Calls Made, Received, and Missed
Ring Tones, Games, Pictures, Videos and other Downloaded information


Process of SIM Card Analysis.
What are we looking for:
Location Information
SMS Messages
Abbreviated Dialing Numbers
Last Numbers Dialed


Presentation of Physical and Digital Cellular Phone Evidence in the Investigation Process

Cellular Phone
Forensic Evidence Folder Organization
Analog – Screenshots of phones
Digital – Reports from applications
Word Document for binding information together


Evidence Regulation and its Impacts in the Investigation Process

Cellphones are not hard drives
Live versus dead animals

Hard Drives are coming tho: http://itvibe.com/news/3934/

Applications: Practical Forensic Cases Related to Cellular Phones

Examples???