Difference between pages "Applied Cellphone Forensics" and "Microsoft PocketPC"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
(Windows Mobile 5.0)
 
Line 1: Line 1:
===Applied Cellphone Forensics===
+
__TOC__
  
• Defining processes of the acquisition, preservation, analysis of evidence
+
=Overview=
 +
A Pocket PC is commonly referred to as a handheld computer that runs a version of Microsoft’s proprietary mobile operating systems.
  
• Presentation of physical and digital cellular phone evidence in the investigation process
+
[[Image:Pocketpc.jpg|thumb|Acer Pocket PC]]
  
• Evidence regulation and its impacts in the investigation process
+
Microsoft Pocket PC, sometimes referred to as P/PC or PPC, is based upon the Windows CE framework.  Variants of this operating system include versions such as Pocket PC 2000, Pocket PC 2002, Windows Mobile 2003/2003 SE, and Windows Mobile 5.0.  Variants also exist for [[SmartPhones]], such as Windows Mobile 2003 Smartphone edition. 
  
• Applications: practical forensic cases related to cellular phones
+
One of the key benefits of Microsoft's Windows Mobile platform is file format compatibility with the desktop versions of the company's productivity software.  Mobile versions of Microsoft software, such as Pocket Word, Pocket Excel, and Pocket PowerPoint, allow individuals to view and edit these files outside of the home and office.
  
====Introduction====
+
Another benefit is integration with Microsoft's cross-platform solution, the .NET Framework.  The .NET Framework and its associated class libraries handle things such as memory management, file I/O, and many other functions. The .NET Framework allows programmers to develop code in one of several .NET languages, such as C# and VB.NET.  Pocket PCs run a simplified version of the framework called the .NET Compact Framework.
Cellular telephones are a ubiquitous consumer device. Over 180 million subscribers are using one of over 500 different cellphones offered in the United States from over 30 different manufacturers, processing voice and data traffic over 4 carrier networks. Invariably, with so much voice and data traffic being sent from one cellphone to another, many of these phones can provide critical evidentiary data to crime scene investigators. Unfortunately, the forensic acquisition and analysis of these phones is a new process in the computer forensics world. Several reasons exist, but the main reasons are the lack of awareness and training of law enforcement agencies. This paper is an effort to change this deficiency.
+
  
====Processes of the acquisition, preservation, analysis of evidence ====
+
In order to maintain synchronization and connectivity with desktop computers, Microsft developed the ActiveSync program. The user merely has to connect the Pocket PC to the desktop computer in order to synchronize items such as appointments, contact lists, and even multimedia files.
Due to their nature, cell phones are acquired and preserved in the same action. This acquisition and preservation is done with various tools and technologies. It can be done through various cabling systems and various software applications. Examples of the cabling systems include Paraben’s Cell Seizure Toolkit, Susteen’s Law Enforcement Cabling Kit, or the various manufacturers data cables.  
+
  
The various software applications include:
+
In 2001, [[PDAs]] running Palm OS variants held a market share of about 72%, while Pocket PC held a meager 15% of the market.  However, by the fourth quarter of 2004, Microsoft Pocket PC and Palm OS were practically tied with regards to market share -- Pocket PC-based devices had a market share of 40.2% while Palm OS claimed 40.7% of the market.  This upward trend clearly illustrates the growing popularity of Pocket PC-based devices, and thus the increased likelihood that one will encounter such a device in the field.
Paraben’s Cell Seizure
+
Susteen’s SecureView
+
BITPim
+
Nokia’s Oxygen PM Forensic Edition
+
GSM .XRY
+
SuperAgent RSS
+
MobilEdit
+
Tulp2G
+
Access Data’s FTK
+
Guidance Software’s EnCase
+
  
SIM Card software applications:
 
SIM Seizure
 
SIMCon
 
Tulp2G
 
  
 +
== History ==
  
The process of phone acquisition.
+
Windows CE, which serves as the framework for the Pocket PC operating systems, began its life in November of 1996. The NEC MobilePro 200 and the Casio A-10 were the first two PDA-type devices available with this early version of the operating system, which was dubbed Handheld PC 1.0.
1. Take phone off network via faraday technology
+
2. Connect power source and ensure at least 50% charge
+
3. Connect the data synchronization cable to the phone
+
4. Launch the software application for acquisition and analysis
+
5. Acquire the phones image
+
  
Overly simplified…
+
Subsequently, Microsoft released iterations of its mobile operating systems with names such as Handheld PC 2.0 (1997), Palm-Size PC 2.0 (1998), Handheld PC Professional Edition (1998).
Is there a method for determining which application to use based on the phone?
+
Can this be built from a database of knowledge
+
  
 +
As development of Windows CE continued, manufacturers began to build more esoteric devices around it, such as internet TV set-top boxes and web-enabled telephones. 
  
 +
Pocket PC officially began its public life when it was previewed at the Consumer Electronics Show in 2000.  Codenamed "Rapier", the first version of the Pocket PC operating system was simply named Pocket PC.
  
====Presentation of physical and digital cellular phone evidence in the investigation process ====
+
=Pocket PC Variants=
Folder Organization
+
Analog – Screenshots of phones
+
Digital – Reports from applications
+
Word Document for binding information together
+
  
 +
==Pocket PC 2000==
  
====Evidence regulation and its impacts in the investigation process ====
+
Pocket PC 2000, based on Micrsoft's Windows CE 3.0 platform, was a first step towards the familiar appearance and functionality that is offered by Windows Mobile 5.0.  Devices running Pocket PC 2000 ranged from the Askey PC010, which had a 16-color grayscale screen with no expansion slots, to the Casio EM-500, which had a 64k color screen and provisions for upgraded pheripherals such as cameras.  Pocket PC 2000 launched with versions of Pocket Word, Pocket Excel, and Microsoft Reader bundled.  ActiveSync 3.1, which provided an easier way to install applications onto the Pocket PC, was required to synchronize with host desktop machines.
  
====Applications: practical forensic cases related to cellular phones ====
+
==Pocket PC 2002==
 +
Codenamed "Merlin," Pocket PC 2002 was Microsoft's Windows CE 3.0-based upgrade to Pocket PC 200.  Pocket PC 2002 offered many improvements over the previous operating system, including a Terminal Service Client, a new mail Inbox, Windows Media Player 8.0, improved versions of Pocket Word and MS Reader, and many other features. 
 +
 
 +
There were three service packs (EUUU1/2/3) released which addressed bugs and other issues in the original release.
 +
 
 +
==Windows Mobile 2003 & 2003 Second Edition==
 +
Windows Mobile 2003, codenamed "Ozone", was officially released in June of 2003.  The operating system is based on Microsoft's Windows CE 4.2, which claimed to provide a more responsive system when compared with devices running Windows CE 3.0.  This version of the operating system added many useful features, including a picture viewer, built-in Bluetooth and WiFi support, Windows Media Player 9.0, as well as a host of Personal Information Management application improvements.  This version of Windows Mobile required ActiveSync 3.7 to communicate with a host computer.
 +
 
 +
Windows Mobile Second Edition, released in 2004, added support for 640x480 VGA resolution, portrait and landscape display modes, DPI settings, and many other improvements.
 +
 
 +
==Windows Mobile 5.0==
 +
[[Microsoft Windows Mobile]] 5.0, based off of Windows CE 5.0, was released on May 10, 2005.  [[Microsoft Windows Mobile]] 5.0 brought many changes to the Pocket PC landscape.  For one, with this release, the phone and PDA versions of the OS have merged into one encompassing OS, instead of two separate versions of the same one.  Additionally, while past versions of Pocket PC software utilized the RAM of a PDA for program and data storage, [[Microsoft Windows Mobile]] 5.0 uses a PDA's hardware more like a traditional computer.  The operating system and user data is stored in the more persistent ROM of the device, and RAM is used in a way more similar to that of a desktop PC.  This has implications for forensics, as data stored on these devices is now less volatile.
 +
 
 +
=Pocket PC Devices=
 +
 
 +
[[Image:Treo.jpg|thumb|Treo 700w]]
 +
 
 +
In recent years, a number of manufacturers have elected to produce Pocket PC devices.  Some of these makers include companies such as:
 +
 
 +
*  Acer
 +
*  Asus
 +
*  Audiovox
 +
*  Dell
 +
*  HP
 +
*  Mitac
 +
*  Motorola
 +
*  Samsung
 +
*  Siemens
 +
*  Symbol
 +
*  Treo
 +
 
 +
Because different manufacturers are targeted at different segments of the market, such as business and consumers, the features and functionality of these devices sometimes differ greatly.  For example, some devices have built-in capability for taking images and videos, while other devices have tools such as biometric fingerprint readers and barcode scanners.
 +
 
 +
=References=
 +
 
 +
[http://www.hpcfactor.com/support/windowsce/ The History of Microsoft Windows CE]
 +
 
 +
[http://palmtops.about.com/cs/pdafacts/a/Palm_Pocket_PC.htm Palm vs. Pocket PC-The Great Debate]
 +
 
 +
[http://www.windowsfordevices.com/news/NS8063885791.html Gartner: Windows CE ties Palm]
 +
 
 +
[http://en.wikipedia.org/wiki/Pocket_PC Wikipedia: Pocket PC]
 +
 
 +
[http://www.pocketpcfaq.com PocketPC FAQ]

Revision as of 20:06, 7 March 2006

Overview

A Pocket PC is commonly referred to as a handheld computer that runs a version of Microsoft’s proprietary mobile operating systems.

Acer Pocket PC

Microsoft Pocket PC, sometimes referred to as P/PC or PPC, is based upon the Windows CE framework. Variants of this operating system include versions such as Pocket PC 2000, Pocket PC 2002, Windows Mobile 2003/2003 SE, and Windows Mobile 5.0. Variants also exist for SmartPhones, such as Windows Mobile 2003 Smartphone edition.

One of the key benefits of Microsoft's Windows Mobile platform is file format compatibility with the desktop versions of the company's productivity software. Mobile versions of Microsoft software, such as Pocket Word, Pocket Excel, and Pocket PowerPoint, allow individuals to view and edit these files outside of the home and office.

Another benefit is integration with Microsoft's cross-platform solution, the .NET Framework. The .NET Framework and its associated class libraries handle things such as memory management, file I/O, and many other functions. The .NET Framework allows programmers to develop code in one of several .NET languages, such as C# and VB.NET. Pocket PCs run a simplified version of the framework called the .NET Compact Framework.

In order to maintain synchronization and connectivity with desktop computers, Microsft developed the ActiveSync program. The user merely has to connect the Pocket PC to the desktop computer in order to synchronize items such as appointments, contact lists, and even multimedia files.

In 2001, PDAs running Palm OS variants held a market share of about 72%, while Pocket PC held a meager 15% of the market. However, by the fourth quarter of 2004, Microsoft Pocket PC and Palm OS were practically tied with regards to market share -- Pocket PC-based devices had a market share of 40.2% while Palm OS claimed 40.7% of the market. This upward trend clearly illustrates the growing popularity of Pocket PC-based devices, and thus the increased likelihood that one will encounter such a device in the field.


History

Windows CE, which serves as the framework for the Pocket PC operating systems, began its life in November of 1996. The NEC MobilePro 200 and the Casio A-10 were the first two PDA-type devices available with this early version of the operating system, which was dubbed Handheld PC 1.0.

Subsequently, Microsoft released iterations of its mobile operating systems with names such as Handheld PC 2.0 (1997), Palm-Size PC 2.0 (1998), Handheld PC Professional Edition (1998).

As development of Windows CE continued, manufacturers began to build more esoteric devices around it, such as internet TV set-top boxes and web-enabled telephones.

Pocket PC officially began its public life when it was previewed at the Consumer Electronics Show in 2000. Codenamed "Rapier", the first version of the Pocket PC operating system was simply named Pocket PC.

Pocket PC Variants

Pocket PC 2000

Pocket PC 2000, based on Micrsoft's Windows CE 3.0 platform, was a first step towards the familiar appearance and functionality that is offered by Windows Mobile 5.0. Devices running Pocket PC 2000 ranged from the Askey PC010, which had a 16-color grayscale screen with no expansion slots, to the Casio EM-500, which had a 64k color screen and provisions for upgraded pheripherals such as cameras. Pocket PC 2000 launched with versions of Pocket Word, Pocket Excel, and Microsoft Reader bundled. ActiveSync 3.1, which provided an easier way to install applications onto the Pocket PC, was required to synchronize with host desktop machines.

Pocket PC 2002

Codenamed "Merlin," Pocket PC 2002 was Microsoft's Windows CE 3.0-based upgrade to Pocket PC 200. Pocket PC 2002 offered many improvements over the previous operating system, including a Terminal Service Client, a new mail Inbox, Windows Media Player 8.0, improved versions of Pocket Word and MS Reader, and many other features.

There were three service packs (EUUU1/2/3) released which addressed bugs and other issues in the original release.

Windows Mobile 2003 & 2003 Second Edition

Windows Mobile 2003, codenamed "Ozone", was officially released in June of 2003. The operating system is based on Microsoft's Windows CE 4.2, which claimed to provide a more responsive system when compared with devices running Windows CE 3.0. This version of the operating system added many useful features, including a picture viewer, built-in Bluetooth and WiFi support, Windows Media Player 9.0, as well as a host of Personal Information Management application improvements. This version of Windows Mobile required ActiveSync 3.7 to communicate with a host computer.

Windows Mobile Second Edition, released in 2004, added support for 640x480 VGA resolution, portrait and landscape display modes, DPI settings, and many other improvements.

Windows Mobile 5.0

Microsoft Windows Mobile 5.0, based off of Windows CE 5.0, was released on May 10, 2005. Microsoft Windows Mobile 5.0 brought many changes to the Pocket PC landscape. For one, with this release, the phone and PDA versions of the OS have merged into one encompassing OS, instead of two separate versions of the same one. Additionally, while past versions of Pocket PC software utilized the RAM of a PDA for program and data storage, Microsoft Windows Mobile 5.0 uses a PDA's hardware more like a traditional computer. The operating system and user data is stored in the more persistent ROM of the device, and RAM is used in a way more similar to that of a desktop PC. This has implications for forensics, as data stored on these devices is now less volatile.

Pocket PC Devices

File:Treo.jpg
Treo 700w

In recent years, a number of manufacturers have elected to produce Pocket PC devices. Some of these makers include companies such as:

  • Acer
  • Asus
  • Audiovox
  • Dell
  • HP
  • Mitac
  • Motorola
  • Samsung
  • Siemens
  • Symbol
  • Treo

Because different manufacturers are targeted at different segments of the market, such as business and consumers, the features and functionality of these devices sometimes differ greatly. For example, some devices have built-in capability for taking images and videos, while other devices have tools such as biometric fingerprint readers and barcode scanners.

References

The History of Microsoft Windows CE

Palm vs. Pocket PC-The Great Debate

Gartner: Windows CE ties Palm

Wikipedia: Pocket PC

PocketPC FAQ