Difference between pages "Applied Cellphone Forensics" and "Microsoft PocketPC"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
(Windows Mobile 2003, Windows Mobile 2003 Second Edition, and Windows Mobile 5.0)
 
Line 1: Line 1:
===Applied Cellphone Forensics===
+
__TOC__
  
• Defining processes of the acquisition, preservation, analysis of evidence
+
=Overview=
 +
A Pocket PC is commonly referred to as a handheld computer that runs a version of Microsoft’s proprietary mobile operating systems.
  
• Presentation of physical and digital cellular phone evidence in the investigation process
+
[[Image:Pocketpc.jpg|thumb|Acer Pocket PC]]
  
• Evidence regulation and its impacts in the investigation process
+
Microsoft Pocket PC, sometimes referred to as P/PC or PPC, is based upon the Windows CE framework.  Variants of this operating system include versions such as Pocket PC 2000, Pocket PC 2002, Windows Mobile 2003/2003 SE, and Windows Mobile 5.0.  Variants also exist for [[SmartPhones]], such as Windows Mobile 2003 Smartphone edition. 
  
• Applications: practical forensic cases related to cellular phones
+
One of the key benefits of Microsoft's Windows Mobile platform is file format compatibility with the desktop versions of the company's productivity software.  Mobile versions of Microsoft software, such as Pocket Word, Pocket Excel, and Pocket PowerPoint, allow individuals to view and edit these files outside of the home and office.
  
====Introduction====
+
Another benefit is integration with Microsoft's cross-platform solution, the .NET Framework.  The .NET Framework and its associated class libraries handle things such as memory management, file I/O, and many other functions. The .NET Framework allows programmers to develop code in one of several .NET languages, such as C# and VB.NET.  Pocket PCs run a simplified version of the framework called the .NET Compact Framework.
Cellular telephones are a ubiquitous consumer device. Over 180 million subscribers are using one of over 500 different cellphones offered in the United States from over 30 different manufacturers, processing voice and data traffic over 4 carrier networks. Invariably, with so much voice and data traffic being sent from one cellphone to another, many of these phones can provide critical evidentiary data to crime scene investigators. Unfortunately, the forensic acquisition and analysis of these phones is a new process in the computer forensics world. Several reasons exist, but the main reasons are the lack of awareness and training of law enforcement agencies. This paper is an effort to change this deficiency.
+
  
====Processes of the Acquisition, Preservation, Analysis of Evidence ====
+
In order to maintain synchronization and connectivity with desktop computers, Microsft developed the ActiveSync program. The user merely has to connect the Pocket PC to the desktop computer in order to synchronize items such as appointments, contact lists, and even multimedia files.
Due to their nature, cell phones are acquired and preserved in the same action. This acquisition and preservation is done with various tools and technologies. It can be done through various cabling systems and various software applications. Examples of the cabling systems include Paraben’s Cell Seizure Toolkit, Susteen’s Law Enforcement Cabling Kit, or the various manufacturers data cables.  
+
  
The various software applications include:<br>
+
In 2001, [[PDAs]] running Palm OS variants held a market share of about 72%, while Pocket PC held a meager 15% of the market.  However, by the fourth quarter of 2004, Microsoft Pocket PC and Palm OS were practically tied with regards to market share -- Pocket PC-based devices had a market share of 40.2% while Palm OS claimed 40.7% of the market.  This upward trend clearly illustrates the growing popularity of Pocket PC-based devices, and thus the increased likelihood that one will encounter such a device in the field.
Paraben’s Cell Seizure<br>
+
Susteen’s SecureView<br>
+
BITPim<br>
+
Nokia’s Oxygen PM Forensic Edition<br>
+
FloAt's Mobile Agent<br>
+
iDEN Media Downloader<br>
+
iDEN Phoenbook Manager<br>
+
SmartMoto<br>
+
GSM .XRY<br>
+
SuperAgent RSS<br>
+
MobilEdit<br>
+
Tulp2G<br>
+
Access Data’s FTK<br>
+
Guidance Software’s EnCase<br>
+
  
SIM Card software applications:<br>
 
SIM Seizure<br>
 
SIMCon<br>
 
Tulp2G<br>
 
  
 +
== History ==
  
Overly simplified…<br>
+
Windows CE, which serves as the framework for the Pocket PC operating systems, began its life in November of 1996.  The NEC MobilePro 200 and the Casio A-10 were the first two PDA-type devices available with this early version of the operating system, which was dubbed Handheld PC 1.0.
  
Is there a method for determining which application to use based on the phone?
+
Subsequently, Microsoft released iterations of its mobile operating systems with names such as Handheld PC 2.0 (1997), Palm-Size PC 2.0 (1998), Handheld PC Professional Edition (1998).
Can this be built from a database of knowledge
+
  
Process of Cellphone Acquisition.<br>
+
As development of Windows CE continued, manufacturers began to build more esoteric devices around it, such as internet TV set-top boxes and web-enabled telephones.
1. Take phone off network via faraday technology<br>
+
2. Connect power source and ensure at least 50% charge<br>
+
3. Connect the data synchronization cable to the phone<br>
+
4. Launch the software application for acquisition and analysis<br>
+
5. Acquire the phones image<br>
+
  
Process of SIM Card Acquisition.<br>
+
Pocket PC officially began its public life when it was previewed at the Consumer Electronics Show in 2000. Codenamed "Rapier", the first version of the Pocket PC operating system was simply named Pocket PC.
1. Connect SIM Card to Computer through a compliant card reader<br>
+
2. Launch the software application for acquisition and analysis<br>
+
3. Acquire and Analyze the SIM Card<br>
+
  
Process of Cellphone Analysis.<br>
+
=Pocket PC Variants=
What are we looking for:<br>
+
GSM: IMEI<br>
+
CDMA: ESN<br>
+
Short Dial Numbers<br>
+
SMS Messages<br>
+
Phone Settings (language, date/time, tone/volume etc)<br>
+
Stored Audio Recordings<br>
+
Stored Computer Files<br>
+
Logged incoming calls and dialed numbers<br>
+
Stored Executable Programs<br>
+
GPRS, WAP and Internet settings<br>
+
Calendar and Contacts<br>
+
Calls Made, Received, and Missed<br>
+
Ring Tones, Games, Pictures, Videos and other Downloaded information<br>
+
  
 +
==Pocket PC 2000==
  
Process of SIM Card Analysis.<br>
+
Pocket PC 2000, based on Micrsoft's Windows CE 3.0 platform, was a first step towards the familiar appearance and functionality that is offered by Windows Mobile 5.0.  Devices running Pocket PC 2000 ranged from the Askey PC010, which had a 16-color grayscale screen with no expansion slots, to the Casio EM-500, which had a 64k color screen and provisions for upgraded pheripherals such as cameras.  Pocket PC 2000 launched with versions of Pocket Word, Pocket Excel, and Microsoft Reader bundled.  ActiveSync 3.1, which provided an easier way to install applications onto the Pocket PC, was required to synchronize with host desktop machines.
What are we looking for:<br>
+
Location Information<br>
+
SMS Messages<br>
+
Abbreviated Dialing Numbers<br>
+
Last Numbers Dialed<br>
+
  
 +
==Pocket PC 2002==
 +
Codenamed "Merlin," Pocket PC 2002 was Microsoft's Windows CE 3.0-based upgrade to Pocket PC 200.  Pocket PC 2002 offered many improvements over the previous operating system, including a Terminal Service Client, a new mail Inbox, Windows Media Player 8.0, improved versions of Pocket Word and MS Reader, and many other features. 
  
====Presentation of Physical and Digital Cellular Phone Evidence in the Investigation Process ====
+
There were three service packs (EUUU1/2/3) released which addressed bugs and other issues in the original release.
Cellular Phone<br>
+
Forensic Evidence Folder Organization<br>
+
Analog – Screenshots of phones<br>
+
Digital – Reports from applications<br>
+
Word Document for binding information together<br>
+
  
 +
==Windows Mobile 2003, Windows Mobile 2003 Second Edition, and Windows Mobile 5.0==
 +
Please see [[Microsoft Windows Mobile]] for more information on these Operating Systems.
  
====Evidence Regulation and its Impacts in the Investigation Process ====
+
=Pocket PC Devices=
Cellphones are not hard drives<br>
+
Live versus dead animals<br>
+
  
Hard Drives are coming tho: http://itvibe.com/news/3934/
+
[[Image:Treo.jpg|thumb|Treo 700w]]
  
SIM cards are getting bigger too: http://www.vnunet.com/2150531
+
In recent years, a number of manufacturers have elected to produce Pocket PC devices.  Some of these makers include companies such as:
====Applications: Practical Forensic Cases Related to Cellular Phones ====
+
 
Examples???
+
*  Acer
 +
*  Asus
 +
*  Audiovox
 +
*  Dell
 +
*  HP
 +
*  Mitac
 +
*  Motorola
 +
*  Samsung
 +
*  Siemens
 +
*  Symbol
 +
*  Treo
 +
 
 +
Because different manufacturers are targeted at different segments of the market, such as business and consumers, the features and functionality of these devices sometimes differ greatly.  For example, some devices have built-in capability for taking images and videos, while other devices have tools such as biometric fingerprint readers and barcode scanners.
 +
 
 +
=References=
 +
 
 +
[http://www.hpcfactor.com/support/windowsce/ The History of Microsoft Windows CE]
 +
 
 +
[http://palmtops.about.com/cs/pdafacts/a/Palm_Pocket_PC.htm Palm vs. Pocket PC-The Great Debate]
 +
 
 +
[http://www.windowsfordevices.com/news/NS8063885791.html Gartner: Windows CE ties Palm]
 +
 
 +
[http://en.wikipedia.org/wiki/Pocket_PC Wikipedia: Pocket PC]
 +
 
 +
[http://www.pocketpcfaq.com PocketPC FAQ]

Revision as of 20:51, 7 March 2006

Overview

A Pocket PC is commonly referred to as a handheld computer that runs a version of Microsoft’s proprietary mobile operating systems.

Acer Pocket PC

Microsoft Pocket PC, sometimes referred to as P/PC or PPC, is based upon the Windows CE framework. Variants of this operating system include versions such as Pocket PC 2000, Pocket PC 2002, Windows Mobile 2003/2003 SE, and Windows Mobile 5.0. Variants also exist for SmartPhones, such as Windows Mobile 2003 Smartphone edition.

One of the key benefits of Microsoft's Windows Mobile platform is file format compatibility with the desktop versions of the company's productivity software. Mobile versions of Microsoft software, such as Pocket Word, Pocket Excel, and Pocket PowerPoint, allow individuals to view and edit these files outside of the home and office.

Another benefit is integration with Microsoft's cross-platform solution, the .NET Framework. The .NET Framework and its associated class libraries handle things such as memory management, file I/O, and many other functions. The .NET Framework allows programmers to develop code in one of several .NET languages, such as C# and VB.NET. Pocket PCs run a simplified version of the framework called the .NET Compact Framework.

In order to maintain synchronization and connectivity with desktop computers, Microsft developed the ActiveSync program. The user merely has to connect the Pocket PC to the desktop computer in order to synchronize items such as appointments, contact lists, and even multimedia files.

In 2001, PDAs running Palm OS variants held a market share of about 72%, while Pocket PC held a meager 15% of the market. However, by the fourth quarter of 2004, Microsoft Pocket PC and Palm OS were practically tied with regards to market share -- Pocket PC-based devices had a market share of 40.2% while Palm OS claimed 40.7% of the market. This upward trend clearly illustrates the growing popularity of Pocket PC-based devices, and thus the increased likelihood that one will encounter such a device in the field.


History

Windows CE, which serves as the framework for the Pocket PC operating systems, began its life in November of 1996. The NEC MobilePro 200 and the Casio A-10 were the first two PDA-type devices available with this early version of the operating system, which was dubbed Handheld PC 1.0.

Subsequently, Microsoft released iterations of its mobile operating systems with names such as Handheld PC 2.0 (1997), Palm-Size PC 2.0 (1998), Handheld PC Professional Edition (1998).

As development of Windows CE continued, manufacturers began to build more esoteric devices around it, such as internet TV set-top boxes and web-enabled telephones.

Pocket PC officially began its public life when it was previewed at the Consumer Electronics Show in 2000. Codenamed "Rapier", the first version of the Pocket PC operating system was simply named Pocket PC.

Pocket PC Variants

Pocket PC 2000

Pocket PC 2000, based on Micrsoft's Windows CE 3.0 platform, was a first step towards the familiar appearance and functionality that is offered by Windows Mobile 5.0. Devices running Pocket PC 2000 ranged from the Askey PC010, which had a 16-color grayscale screen with no expansion slots, to the Casio EM-500, which had a 64k color screen and provisions for upgraded pheripherals such as cameras. Pocket PC 2000 launched with versions of Pocket Word, Pocket Excel, and Microsoft Reader bundled. ActiveSync 3.1, which provided an easier way to install applications onto the Pocket PC, was required to synchronize with host desktop machines.

Pocket PC 2002

Codenamed "Merlin," Pocket PC 2002 was Microsoft's Windows CE 3.0-based upgrade to Pocket PC 200. Pocket PC 2002 offered many improvements over the previous operating system, including a Terminal Service Client, a new mail Inbox, Windows Media Player 8.0, improved versions of Pocket Word and MS Reader, and many other features.

There were three service packs (EUUU1/2/3) released which addressed bugs and other issues in the original release.

Windows Mobile 2003, Windows Mobile 2003 Second Edition, and Windows Mobile 5.0

Please see Microsoft Windows Mobile for more information on these Operating Systems.

Pocket PC Devices

File:Treo.jpg
Treo 700w

In recent years, a number of manufacturers have elected to produce Pocket PC devices. Some of these makers include companies such as:

  • Acer
  • Asus
  • Audiovox
  • Dell
  • HP
  • Mitac
  • Motorola
  • Samsung
  • Siemens
  • Symbol
  • Treo

Because different manufacturers are targeted at different segments of the market, such as business and consumers, the features and functionality of these devices sometimes differ greatly. For example, some devices have built-in capability for taking images and videos, while other devices have tools such as biometric fingerprint readers and barcode scanners.

References

The History of Microsoft Windows CE

Palm vs. Pocket PC-The Great Debate

Gartner: Windows CE ties Palm

Wikipedia: Pocket PC

PocketPC FAQ