Difference between pages "BlackBerry OS" and "File Format Identification"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
m (formatting Bibliographies)
 
Line 1: Line 1:
'''BlackBerry OS''' is the proprietary software platform made by Research In Motion for their [[BlackBerry]] line of handhelds. It provides multi-tasking, and makes heavy use of the device's specialized input devices, particularly the thumbwheel. The OS provides support for MIDP 1.0 and WAP 1.2. Previous versions allowed wireless synchronization with Microsoft Exchange Server's e-mail and calendar, as well as with Lotus Domino's e-mail. The current OS 4 provides a subset of MIDP 2.0, and allows complete wireless activation and synchronization with Exchange's e-mail, calendar, tasks, notes and contacts, and adds support for Novell GroupWise and Lotus Notes.
+
File Format Identification is the process of figuring out the format of a sequence of bytes. Operating systems typically do this by file extension or by embedded MIME information. Forensic applications need to identify file types by content.
== Newest OS Versions ==
+
{| class="wikitable"
+
!Key:
+
|style="background-color:#DCDCDC;" align="center"|Old Version
+
|style="background-color:#40CC40;" align="center"|Current Version
+
|style="background-color:#2FC0FF;" align="center"|Developer Beta
+
|}
+
{| class="wikitable"
+
|-
+
! Version
+
! Release date
+
! Features/details
+
|-
+
! style="white-space: nowrap;background-color:#DCDCDC;" | 4.2.1.114
+
| [[March 18]], [[2008]] <br> (?)
+
|
+
*Latest for 8700 series
+
|-
+
! style="white-space: nowrap;background-color:#40CC40;" | 4.2.2.194
+
| [[March 18]], [[2008]] <br> (?)
+
|
+
* '''Latest stable release'''
+
* Ships with new 8300 series and 8800 series phones
+
|-
+
! style="white-space: nowrap;background-color:#2FC0FF;" | 4.5.0.42 Release 58
+
| [[June 8]], [[2008]]
+
|
+
|-
+
! style="white-space: nowrap;background-color:#40CC40;" | 4.5.0.37
+
| [[June 12]], [[2008]]
+
|
+
* Released by Vodafone Germany, contains bugs
+
* Major changes:
+
** Video camera
+
** Youtube support
+
** HTML Emails
+
** Voice recording
+
** Improved UI for media player
+
|-
+
! style="white-space: nowrap;background-color:#2FC0FF;" | 4.5.0.44
+
| [[June 22]], [[2008]]
+
|
+
|-
+
! style="white-space: nowrap;background-color:#2FC0FF;" | 4.5.0.46
+
| [[June 29]], [[2008]]
+
|
+
*slightly faster web browsing
+
*slightly faster boot up time (by a few seconds)
+
*a bit better camera quality
+
|-
+
! style="white-space: nowrap;background-color:#40CC40;" | 4.5.0.72
+
| [[July 22]], [[2008]]
+
|
+
* Released by Orange Romania, posted through www.blackberry.com though its actually beta OS version 4.5.0.52 repackaged.
+
|-
+
! style="white-space: nowrap;background-color:#40CC40;" | 4.5.0.108
+
| [[September 25]], [[2008]]<br \> (?)
+
|
+
* Released by Vodafone Fiji, posted through www.blackberry.com though it is actually just beta OS version 4.5.0.81 repackaged.
+
|}
+
== All OS Versions ==
+
{| class="wikitable"
+
|-
+
!
+
|
+
*9000 - 4.6.0.167
+
*8830 - 4.2.2.196
+
*8820 - 4.5.0.81
+
*8800 - 4.5.0.81
+
*8707 - 4.2.2.205
+
*8703 - 4.2.1.119
+
*8700 - 4.5.0.81
+
*8330 - 4.5.0.77
+
*8320 - 4.5.0.81
+
*8310 - 4.5.0.81
+
*8300 - 4.5.0.81
+
*8220 - 4.6.0.174
+
*8130 - 4.5.0.77
+
*8120 - 4.5.0.81
+
*8110 - 4.5.0.81
+
*8100 - 4.5.0.81
+
*7780 - 4.0.2.56
+
*7750 - 4.0.2.41
+
  
!
+
=Tools=
|
+
==libmagic==
*7730 - 4.0.2.56
+
* Written in C.  
*7520 - 4.1.0.380
+
* Rules in /usr/share/file/magic and compiled at runtime.
*7510 - 4.0.2.37
+
* Powers the Unix “file” command, but you can also call the library directly from a C program.
*7290 - 4.1.0.377
+
* http://sourceforge.net/projects/libmagic
*7280 - 4.0.2.56
+
*7250 - 4.1.0.385
+
*7230 - 4.0.2.56
+
*7210 - 4.0.2.56
+
*7130 - 4.2.1.110
+
*7105 - 4.1.0.377
+
*7100 - 4.1.0.382
+
*6750 - 4.0.0.250
+
*6720 - 3.7.1.41
+
*6710 - 4.0.0.185
+
*6510 - 4.0.0.160
+
*6280 - 4.0.2.56
+
*6230 - 4.0.2.51
+
*6210 - 4.0.2.56
+
!
+
|*5810 - 3.6.0.87
+
|-
+
|}
+
  
== External links ==
+
==DROID==
* [http://www.rim.com/ Research In Motion], the manufacturer of the BlackBerry OS.
+
* Writen in Java
* [http://www.blackberry.com/ BlackBerry.com], the BlackBerry OS main site.
+
* Developed by National Archives of the United Kingdom.
* [http://www.blackberryfreeware.org/ BlackBerry Freeware Directory], community-driven free software collection
+
* http://droid.sourceforge.net
* [http://www.blackberryfaq.com/ BlackBerry Frequently Asked Questions], Largest collaboration of Answers to Questions for BlackBerry
+
 
 +
==TrID==
 +
* XML config file
 +
* Closed source; free for non-commercial use
 +
* http://mark0.net/soft-trid-e.html
 +
 
 +
==Forensic Innovations File Investigator TOOLS==
 +
* Proprietary, but free trial available.
 +
* Available as consumer applications and OEM API.
 +
* Identifies 3,000+ file types, using multiple methods to maintain high accuracy.
 +
* Extracts metadata for many of the supported file types.
 +
* http://www.forensicinnovations.com/fitools.html
 +
 
 +
==Stellent/Oracle Outside-In==
 +
* Proprietary but free demo.
 +
* http://www.oracle.com/technology/products/content-management/oit/oit_all.html
 +
 
 +
==[[Forensic Assistant]]==
 +
* Proprietary.
 +
* Provides detection of password protected archives, some files of cryptographic programs, Pinch/Zeus binary reports, etc.
 +
 
 +
[[Category:Tools]]
 +
 
 +
=Bibliography=
 +
Current research papers on the file format identification problem. Most of these papers concern themselves with identifying file format of a few file sectors, rather than an entire file.  '''Please note that this bibliography is in chronological order!'''
 +
 
 +
 
 +
;2001
 +
 
 +
* Mason McDaniel, [[Media:Mcdaniel01.pdf|Automatic File Type Detection Algorithm]], Masters Thesis, James Madison University,2001
 +
 
 +
; 2003
 +
 
 +
* [http://www2.computer.org/portal/web/csdl/abs/proceedings/hicss/2003/1874/09/187490332a.pdf Content Based File Type Detection Algorithms], Mason McDaniel and M. Hossain Heydari, 36th Annual Hawaii International Conference on System Sciences (HICSS'03) - Track 9, 2003.
 +
 
 +
; 2005
 +
 
 +
* Fileprints: identifying file types by n-gram analysis, LiWei-Jen, Wang Ke, Stolfo SJ, Herzog B..,  IProceeding of the 2005 IEEE workshop on information assurance, 2005. ([http://www.itoc.usma.edu/workshop/2005/Papers/Follow%20ups/FilePrintPresentation-final.pdf S[slides]] [http://www1.cs.columbia.edu/ids/publications/FilePrintPaper-revised.pdf PDF])
 +
 
 +
* Douglas J. Hickok, Daine Richard Lesniak, Michael C. Rowe, File Type Detection Technology,  2005 Midwest Instruction and Computing Symposium.([http://www.micsymposium.org/mics_2005/papers/paper7.pdf PDF])
 +
 
 +
; 2006
 +
 
 +
* Karresand Martin, Shahmehri Nahid [http://ieeexplore.ieee.org/iel5/10992/34632/01652088.pdf  File type identification of data fragments by their binary structure. ], Proceedings of the IEEE workshop on information assurance, pp.140–147, 2006.([http://www.itoc.usma.edu/workshop/2006/Program/Presentations/IAW2006-07-3.pdf [slides]])
 +
 
 +
* Gregory A. Hall, Sliding Window Measurement for File Type Identification, Computer Forensics and Intrusion Analysis Group, ManTech Security and Mission Assurance, 2006. ([http://www.mantechcfia.com/SlidingWindowMeasurementforFileTypeIdentification.pdf PDF])
 +
 
 +
* FORSIGS; Forensic Signature Analysis of the Hard Drive for Multimedia File Fingerprints, John Haggerty and Mark Taylor, IFIP TC11 International Information Security Conference, 2006, Sandton, South Africa.
 +
 
 +
* Martin Karresand , Nahid Shahmehri, "Oscar -- Using Byte Pairs to Find File Type and Camera Make of Data Fragments," Annual Workshop on Digital Forensics and Incident Analysis, Pontypridd, Wales, UK, pp.85-94, Springer-Verlag, 2006.
 +
 
 +
; 2007
 +
 
 +
* Karresand M., Shahmehri N., [http://dx.doi.org/10.1007/0-387-33406-8_35 Oscar: File Type Identification of Binary Data in Disk Clusters and RAM Pages], Proceedings of IFIP International Information Security Conference: Security and Privacy in Dynamic Environments (SEC2006), Springer, ISBN 0-387-33405-x, pp.413-424, Karlstad, Sweden, May 2006.
 +
 
 +
* Robert F. Erbacher and John Mulholland, "Identification and Localization of Data Types within Large-Scale File Systems," Proceedings of the 2nd International Workshop on Systematic Approaches to Digital Forensic Engineering, Seattle, WA, April 2007.
 +
 
 +
* Ryan M. Harris, "Using Artificial Neural Networks for Forensic File Type Identification," Master's Thesis, Purdue University, May 2007. ([https://www.cerias.purdue.edu/tools_and_resources/bibtex_archive/archive/2007-19.pdf PDF])
 +
 
 +
* Predicting the Types of File Fragments, William Calhoun, Drue Coles, DFRWS 2008. ([http://www.dfrws.org/2008/proceedings/p14-calhoun_pres.pdf [slides]] [http://www.dfrws.org/2008/proceedings/p14-calhoun.pdf PDF])
 +
 
 +
* Sarah J. Moody and Robert F. Erbacher, [http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=04545366 SÁDI – Statistical Analysis for Data type Identification], 3rd International Workshop on Systematic Approaches to Digital Forensic Engineering, 2008.
 +
 
 +
; 2008
 +
 
 +
* Mehdi Chehel Amirani, Mohsen Toorani, and Ali Asghar Beheshti Shirazi, [http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4625611 A New Approach to Content-based File Type Detection], Proceedings of the 13th IEEE Symposium on Computers and Communications (ISCC'08), pp.1103-1108, IEEE ComSoc, Marrakech, Morocco, July 2008.([http://webpages.iust.ac.ir/mtoorani/FTD.pdf [slides]] [http://webpages.iust.ac.ir/mtoorani/C2.pdf PDF])
 +
 
 +
; 2009
 +
* Roussev, Vassil, and Garfinkel, Simson, "File Classification Fragment-The Case for Specialized Approaches," Systematic Approaches to Digital Forensics Engineering (IEEE/SADFE 2009), Oakland, California. ([http://simson.net/clips/academic/2009.SADFE.Fragments.pdf PDF])
 +
 
 +
* Irfan Ahmed, Kyung-suk Lhee, Hyunjung Shin and ManPyo Hong, [http://www.springerlink.com/content/g2655k2044615q75/ On Improving the Accuracy and Performance of Content-based File Type Identification], Proceedings of the 14th Australasian Conference on Information Security and Privacy (ACISP 2009), pp.44-59, LNCS (Springer), Brisbane, Australia, July 2009.
 +
 
 +
; 2010
 +
*Irfan Ahmed, Kyung-suk Lhee, Hyunjung Shin and ManPyo Hong, [http://www.alphaminers.net/sub05/sub05_03.php?swf_pn=5&swf_sn=3&swf_pn2=3 Fast File-type Identification], Proceedings of the 25th ACM Symposium on Applied Computing (ACM SAC 2010), ACM, Sierre, Switzerland, March 2010.
 +
[[Category:Bibliographies]]

Revision as of 02:58, 19 December 2009

File Format Identification is the process of figuring out the format of a sequence of bytes. Operating systems typically do this by file extension or by embedded MIME information. Forensic applications need to identify file types by content.

Tools

libmagic

  • Written in C.
  • Rules in /usr/share/file/magic and compiled at runtime.
  • Powers the Unix “file” command, but you can also call the library directly from a C program.
  • http://sourceforge.net/projects/libmagic

DROID

TrID

Forensic Innovations File Investigator TOOLS

  • Proprietary, but free trial available.
  • Available as consumer applications and OEM API.
  • Identifies 3,000+ file types, using multiple methods to maintain high accuracy.
  • Extracts metadata for many of the supported file types.
  • http://www.forensicinnovations.com/fitools.html

Stellent/Oracle Outside-In

Forensic Assistant

  • Proprietary.
  • Provides detection of password protected archives, some files of cryptographic programs, Pinch/Zeus binary reports, etc.

Bibliography

Current research papers on the file format identification problem. Most of these papers concern themselves with identifying file format of a few file sectors, rather than an entire file. Please note that this bibliography is in chronological order!


2001
2003
2005
  • Fileprints: identifying file types by n-gram analysis, LiWei-Jen, Wang Ke, Stolfo SJ, Herzog B.., IProceeding of the 2005 IEEE workshop on information assurance, 2005. (S[slides] PDF)
  • Douglas J. Hickok, Daine Richard Lesniak, Michael C. Rowe, File Type Detection Technology, 2005 Midwest Instruction and Computing Symposium.(PDF)
2006
  • Gregory A. Hall, Sliding Window Measurement for File Type Identification, Computer Forensics and Intrusion Analysis Group, ManTech Security and Mission Assurance, 2006. (PDF)
  • FORSIGS; Forensic Signature Analysis of the Hard Drive for Multimedia File Fingerprints, John Haggerty and Mark Taylor, IFIP TC11 International Information Security Conference, 2006, Sandton, South Africa.
  • Martin Karresand , Nahid Shahmehri, "Oscar -- Using Byte Pairs to Find File Type and Camera Make of Data Fragments," Annual Workshop on Digital Forensics and Incident Analysis, Pontypridd, Wales, UK, pp.85-94, Springer-Verlag, 2006.
2007
  • Robert F. Erbacher and John Mulholland, "Identification and Localization of Data Types within Large-Scale File Systems," Proceedings of the 2nd International Workshop on Systematic Approaches to Digital Forensic Engineering, Seattle, WA, April 2007.
  • Ryan M. Harris, "Using Artificial Neural Networks for Forensic File Type Identification," Master's Thesis, Purdue University, May 2007. (PDF)
  • Predicting the Types of File Fragments, William Calhoun, Drue Coles, DFRWS 2008. ([slides] PDF)
2008
2009
  • Roussev, Vassil, and Garfinkel, Simson, "File Classification Fragment-The Case for Specialized Approaches," Systematic Approaches to Digital Forensics Engineering (IEEE/SADFE 2009), Oakland, California. (PDF)
2010
  • Irfan Ahmed, Kyung-suk Lhee, Hyunjung Shin and ManPyo Hong, Fast File-type Identification, Proceedings of the 25th ACM Symposium on Applied Computing (ACM SAC 2010), ACM, Sierre, Switzerland, March 2010.