Difference between pages "Blogs" and "Cell Phone Forensics"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Twitter)
 
(External Links)
 
Line 1: Line 1:
[[Computer forensics]] related '''blogs'''.
+
== Guidelines ==
  
= Blogs =
+
# If on, switch it off. If off, leave off.
  
== English ==
+
#* Note only under exceptional circumstances should the handset be left switched on and in any case every precaution to prevent the handset connecting with the Communication Service Provider should be made. Consider use of one of many [[wireless preservation]] or [[RF isolation]] techniques. Note that the slightest signal leakage will allow an overwriting text message through even if a phone call can't get through.
  
* [http://www.appleexaminer.com/ The Apple Examiner]
+
#* Instead of switching off, it may be better to remove the battery. Phones run a different part of their program when they are turned off. You may wish to avoid having this part of the program run.  
* [http://computer.forensikblog.de/en/ Computer Forensics Blog], by [[Andreas Schuster]]
+
* [http://www.niiconsulting.com/checkmate/ Checkmate - e-zine on Digital Forensics and Incident Response]
+
* [http://www.infosecinstitute.com/blog/ethical_hacking_computer_forensics.html Jack Koziol - Ethical Hacking and Computer Forensics]
+
* [http://windowsir.blogspot.com/ Windows Incident Response Blog], by [[Harlan Carvey]]
+
* [http://geschonneck.com/ Computer Forensics Blog], by [[Alexander Geschonneck]]
+
* [http://forensicblog.org/ Computer Forensics Blog], by [[Michael Murr]]
+
* [http://forenshick.blogspot.com/ Forensic news, Technology, TV, and more], by [[Jordan Farr]]
+
* [http://unixsadm.blogspot.com/ UNIX, OpenVMS and Windows System Administration, Digital Forensics, High Performance Computing, Clustering and Distributed Systems], by [[Criveti Mihai]]
+
* [http://intrusions.blogspot.com/ Various Authors - Intrusions and Malware Analysis]
+
* [http://chicago-ediscovery.com/education/computer-forensics-glossary/ Computer Forensic Glossary Blog, HOWTOs and other resources], by [[Andrew Hoog]]
+
* [http://secureartisan.wordpress.com/ Digital Forensics with a Focus on EnCase], by [[Paul Bobby]]
+
* [http://www.crimemuseum.org/blog/ National Museum of Crime and Punishment-CSI/Forensics Blog]
+
* [http://forensicsfromthesausagefactory.blogspot.com/ Forensics from the sausage factory]
+
* [http://integriography.wordpress.com Computer Forensics Blog], by [[David Kovar]]
+
* [http://jessekornblum.livejournal.com/ A Geek Raised by Wolves], by [[Jesse Kornblum]]
+
* [http://computer-forensics.sans.org/blog SANS Computer Forensics and Incident Response Blog by SANS Institute]
+
* [http://www.digitalforensicsource.com Digital Forensic Source]
+
* [http://dfsforensics.blogspot.com/ Digital Forensics Solutions]
+
* [http://forensicaliente.blogspot.com/ Forensicaliente]
+
* [http://www.ericjhuber.com/ A Fistful of Dongles]
+
* [http://gleeda.blogspot.com/ JL's stuff]
+
* [http://4n6k.blogspot.com/ 4n6k]
+
  
== Dutch ==
+
#* Note that removing the battery or powering off a mobile phone may introduce a handset unlock code upon powering the device on.
  
* [http://stam.blogs.com/8bits/ 8 bits], by [[Mark Stam]] (also contain English articles otherwise use [http://translate.google.com/translate?u=http%3A%2F%2Fstam.blogs.com%2F8bits%2Fforensisch%2Findex.html&langpair=nl%7Cen&hl=en&ie=UTF-8 Google translation])
+
# Collect and preserve other surrounding and related devices. Be especially careful to collect the power charger. The phone's battery will only last a certain amount of time. When it dies, much of the data on the device may go too!
 +
 +
# Plug the phone in, preferably in the evidence room, as soon as possible.
 +
# Retain [[search warrant]] (if necessary - [[LE]]).
 +
# Return device to forensic lab if able.
 +
# Use [[forensically sound]] tools for processing. However, also remember ACPO Principle 2 says: In exceptional circumstances, where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions.
  
== French ==
+
== Notes ==
  
* [http://forensics-dev.blogspot.com Forensics-dev] ([http://translate.google.com/translate?u=http%3A%2F%2Fforensics-dev.blogspot.com%2F&langpair=fr%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
+
Expand on as to what to collect:
  
== German ==
+
* [[ESN]],
 +
* [[IMEI]],
 +
* [[Carrier]],
 +
* Manufacturer,
 +
* Model Number,
 +
* Color, and
 +
* Other information related to [[Cell Phone]] and [[SIM Card]]...
  
* [http://computer.forensikblog.de/ Computer Forensik Blog Gesamtausgabe], by [[Andreas Schuster]] ([http://computer.forensikblog.de/en/ English version])
+
Process:
* [http://computer-forensik.org computer-forensik.org], by [[Alexander Geschonneck]] ([http://translate.google.com/translate?u=http%3A%2F%2Fwww.computer-forensik.org&langpair=de%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
+
# Photograph the [[Cell Phone]] screen during power up.
* [http://henrikbecker.blogspot.com Digitale Beweisführung], by [[Henrik Becker]] ([http://translate.google.com/translate?u=http%3A%2F%2Fhenrikbecker.blogspot.com&langpair=de%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
+
# Research the [[Cell Phone]] for technical specifications.
 +
# Research the [[Cell Phone]] for forensic information.  
 +
# Based on phone type [[GSM]], [[CDMA]], [[iDEN]], or [[Pay As You Go]] determine acquisition tools
  
== Spanish ==
+
GSM:
 +
# Phone and SIM Card
 +
# SIM Card
  
* [http://www.forensic-es.org/blog forensic-es.org] ([http://translate.google.com/translate?u=http%3A%2F%2Fwww.forensic-es.org%2Fblog&langpair=es%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
+
CDMA:
* [http://www.inforenses.com InForenseS], by [[Javier Pages]] ([http://translate.google.com/translate?u=http%3A%2F%2Fwww.inforenses.com&langpair=es%7Cen&hl=es&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
+
# Phone
* [http://windowstips.wordpress.com El diario de Juanito]
+
* [http://conexioninversa.blogspot.com Conexión inversa]
+
  
== Russian ==
+
iDEN:
 +
# Three major tools exist for iDEN Phones:
 +
* iDEN Companion Pro
 +
* iDEN Media Downloader
 +
* iDEN Phonebook Manager
  
* Group-IB: [http://notheft.ru/blogs/group-ib blog at notheft.ru], [http://www.securitylab.ru/blog/company/group-ib/ blog at securitylab.ru]
+
Pay As You Go:
 +
# Phone
  
= Related blogs =
+
== External Links ==
  
* [http://www.c64allstars.de C64Allstars Blog]
+
Articles and Reference Materials
* [http://www.emergentchaos.com/ Emergent Chaos], by [[Adam Shostack]]
+
*[http://www.e-evidence.info/cellarticles.html E-Evidence.Info Articles, Papers, Presentations, etc.]  
* [http://jeffjonas.typepad.com/ Inventor of NORA discusses privacy and all things digital], by [[Jeff Jonas]]
+
*[http://esm.cis.unisa.edu.au/new_esml/resources/publications/forensic%20analysis%20of%20mobile%20phones.pdf Forensic Analysis of Mobile Phones]
* [http://www.cs.uno.edu/~golden/weblog Digital Forensics, Coffee, Benevolent Hacking], by [[Golden G. Richard III]]
+
*[http://www.ijde.org/docs/03_spring_art1.pdf Forensics and the GSM Mobile Telephone System]
 +
*[http://www.cl.cam.ac.uk/~fms27/persec-2006/goodies/2006-Naccache-forensic.pdf Law Enforcement, Forensics and Mobile Communications]
 +
*[http://www.forensics.nl/mobile-pda-forensics Mobile Phone Forensics & PDA Forensics Links]
 +
*[http://www.holmes.nl/MPF/FlowChartForensicMobilePhoneExamination.htm Netherlands Forensic Institute: Mobile Phone Forensics Examination - Basic Workflow and Preservation]
 +
*[http://csrc.nist.gov/mobilesecurity/publications.html#MF U.S. National Institute of Standards and Technology Documents]
  
= Forum =
+
Conferences
* [http://forensicfocus.com/ Forensic Focus]
+
*[http://www.MobileForensicsWorld.com/ Mobile Forensics World]
  
[[Category:Further information]]
+
Investigative Support
 +
*[http://www.search.org/files/pdf/CellphoneInvestToolkit-0806.pdf Creating a Cell Phone Investigation Toolkit: Basic Hardware and Software Specifications]
 +
*[http://www.e-evidence.info/cellular.html E-Evidence.Info Mobile Forensic Tools]
 +
*[http://www.forensicfocus.com ForensicFocus.com(Practitioners Forum)]
 +
*[http://www.hex-dump.com Hex-Dump.com(Advanced Forum for Hex Dump and Memory Analysis)]
 +
*[http://www.Mobile-Examiner.com Mobile-Examiner.com (Forum for Practitioners)]
 +
*[http://www.Mobile-Forensics.com Mobile-Forensics.com (Research Forum for Mobile Device Forensics)]
 +
*[http://www.mfi-training.com Mobile Forensics Training Forum (Mobile Device Investigative Support and Training)]
 +
*[http://www.SmartPhoneForensics.com SmartPhoneForensics.com (Mobile Device Forensics Training and Investigative Support)]
 +
*[http://www.Phone-Forensics.com Phone-Forensics.com (Advanced Forum for Practitioners)]
 +
*[http://trewmte.blogspot.com TREW Mobile Telephone Evidence (Mobile Telephone Evidence Practitioner Site)]
  
= Twitter =
+
Phone Research
* [http://twitter.com/#!/search/%23DFIR?q=%23DFIR #DFIR]
+
*[http://www.GSMArena.com GSMArena.com (Technical information regarding GSM Cell Phones)]
* [http://twitter.com/#!/search/%23forensics #forensics]
+
*[http://www.MobileForensicsCentral.com MobileForensicsCentral.com (Information regarding Cell Phone Forensic Applications)]
 +
*[http://www.PhoneScoop.com PhoneScoop.com (Technical information regarding all Cell Phones)]
 +
*[http://www.ssddforensics.com/ Small Scale Digital Device Forensics Information]
 +
 
 +
Training
 +
*[http://www.Mobile-Forensics.com Mobile-Forensics.com (Research Forum for Mobile Device Forensics)]
 +
*[http://www.MobileForensicsWorld.com/Training.aspx Mobile Forensics World Training]
 +
*[http://www.mobileforensicstraining.com Mobile Forensics Training (Mobile Forensics Inc. Training Class site)]
 +
*[http://www.paraben-training.com/training.html Paraben-Forensics.com (Paraben's Handheld Forensic Training Classes)]
 +
*[http://www.SmartPhoneForensics.com SmartPhoneForensics.com (Mobile Device Forensics Training and Investigative Support)]
 +
*[http://www.msab.com/training/schedule Micro Systemation Training (Mobile Forensics Training)]

Latest revision as of 09:27, 11 May 2011

Guidelines

  1. If on, switch it off. If off, leave off.
    • Note only under exceptional circumstances should the handset be left switched on and in any case every precaution to prevent the handset connecting with the Communication Service Provider should be made. Consider use of one of many wireless preservation or RF isolation techniques. Note that the slightest signal leakage will allow an overwriting text message through even if a phone call can't get through.
    • Instead of switching off, it may be better to remove the battery. Phones run a different part of their program when they are turned off. You may wish to avoid having this part of the program run.
    • Note that removing the battery or powering off a mobile phone may introduce a handset unlock code upon powering the device on.
  1. Collect and preserve other surrounding and related devices. Be especially careful to collect the power charger. The phone's battery will only last a certain amount of time. When it dies, much of the data on the device may go too!
  1. Plug the phone in, preferably in the evidence room, as soon as possible.
  2. Retain search warrant (if necessary - LE).
  3. Return device to forensic lab if able.
  4. Use forensically sound tools for processing. However, also remember ACPO Principle 2 says: In exceptional circumstances, where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions.

Notes

Expand on as to what to collect:

Process:

  1. Photograph the Cell Phone screen during power up.
  2. Research the Cell Phone for technical specifications.
  3. Research the Cell Phone for forensic information.
  4. Based on phone type GSM, CDMA, iDEN, or Pay As You Go determine acquisition tools

GSM:

  1. Phone and SIM Card
  2. SIM Card

CDMA:

  1. Phone

iDEN:

  1. Three major tools exist for iDEN Phones:
  • iDEN Companion Pro
  • iDEN Media Downloader
  • iDEN Phonebook Manager

Pay As You Go:

  1. Phone

External Links

Articles and Reference Materials

Conferences

Investigative Support

Phone Research

Training