I put together a python script that parses out several plist files related to Safari Internet History. Since the iPhone also uses Safari, I decided to expand the script to parse some iPhone Safari artifacts.
Forensic scientist and author Jonathan Zdziarski has posted the slides from his talk at the...
The recent NIST Mobile Forensics Webcast and SANS FOR585 poster got monkey thinking about using...
With the global smartphone market expected to total 1.75 billion users this year, it is rare for...
The National Institute of Standards and Technology has issued for public review and comment a draft report summarizing 65 challenges that cloud computing poses to forensics investigators who uncover, gather, examine and interpret digital evidence to help solve crimes.
Paraben's P2 Commander v3.6 adds the ability to perform forensic analysis of mobile device acquisitions from Device Seizure. This first step in integrating Paraben’s advanced computer forensics technology with its mobile forensics capabilities offers examiners more power in their mobile forensic acquisitions.
I've seen a trend in recovered stolen devices over the past few years: the bad guys are rapidly restoring devices to factory settings to prevent them from being tracked by the owner or law enforcement. That leaves me with a problem, though: how do I determine the owner of a device that has been restored?
A new study from security software vendor Avast calls into question the effectiveness of Android's factory reset option, which many people have relied upon to delete personal data from their old smartphones before reselling or making a charitable donation with the old device.
Device Seizure v6.66 has been released adding support for 100 percent of iOS devices and over 96 percent of Android devices. The release also adds physical support for Android 4.1.x, deleted message recovery of Symbian OS 7.x-9.x, smartphone app parsing and much more.
The Supreme Court released a landmark unanimous ruling last Wednesday limiting the ability of police officers to search a suspect's cellphone. But don't expect the Supreme Court's limitations to impact all law enforcement, because, as Aaron Sankin detailed on the Daily Dot, the United States Customs and Border Protection (CBP) still don't need to consult with a judge before browsing through your smartphone.
In Android world, sometimes you can’t stop malware from “serving” you, especially when the “service” is actually a malicious Android class running in the background and controlled by a remote access tool (RAT). Recently, FireEye mobile security researchers have discovered such a malware that pretends to be a “Google Service Framework” and kills an anti-virus application as well as takes other malicious actions.
In considering the question of cell phone searches by police without a warrant, the Supreme Court ruling in Riley v California had to mesh established policy on search warrants together with an understanding of cell phone technology. To help with that challenge, the justices turned to a variety of sources, among them the NIST Guidelines on Mobile Device Forensics.
Cloud computing helps to make data more accessible, but the same technologies that make it readily available — on-demand provisioning, reprovisioning and virtual environments — also can obscure it. This is creating new challenges for digital forensics, complicating incident response and criminal and civil investigations into incidents and data in the cloud.
There is one certain thing in the DFIR field, and that is that there are far more facts, details and artifacts to remember than can easily be retained in any forensic examiner's brain. SANS has produced an incredibly helpful array of Posters and Cheat Sheets for DFIR in order to assist examiners with those tidbits of information than can help to jumpstart their forensics exams and or intrusion and incident response investigations.
In an emphatic defense of privacy in the digital age, a unanimous Supreme Court ruled Wednesday that police generally may not search the cellphones of people they arrest without first getting search warrants.
Today’s world is becoming more and more mobile every day. In fact, 91% of all people own a mobile device and 56% own some type of smart device. It is no surprise that today there are more mobile devices on the earth than there are people! Equally impressive is that the amount of data we consume is becoming increasingly focused on mobile devices.
In the beginning there was a bit. The bit turned into a byte. That byte rapidly turned into a kilo. The kilo turned into a mega, the mega into a giga, and the giga into what we know today as a tera. Sounds like an interesting name game, but truthfully each name means extra time to the forensic examiner, extra data, and most of the time, extra headaches.
AccessData and Gigaom Research have released a report on the growing complexities of mobile security and the limitations of “preventive, policy-driven” solutions that are not designed to detect and respond to mobile security incidents that bypass defenses.
No matter what they do to decompress, the investigators, lawyers and forensic analysts who handle child-pornography cases say they can't outrun the first image they saw on the job, let alone the thousands of other horrors their eyes and ears have witnessed.
Moscow-based Elcomsoft has developed a tool to collect iCloud backup files without knowing a person's Apple ID, a development intended to help law enforcement analyze seized computers.
Researchers have discovered a crucial security problem in Google Play, the official Android app store. Secret keys in their apps software, similar to usernames/passwords info, can be used by anyone to maliciously steal user data or resources from service providers.
Companies that offer technologies for mobile forensics — the art of extracting digital evidence from smartphones — face a raft of challenges developing tools in today’s breakneck mobile device market.
Ever since I learned about the threat of “juice-jacking” — the possibility that plugging your mobile device into a random power charging station using a USB cord could jeopardize the data on that device — I’ve been more mindful about bringing a proper power-outlet charging adapter on my travels.
In this blog post we'll be looking at a new type of malware for Android phones that encrypts important files and demands the user pay a ransom to regain access to their phone.
When it comes to today's big data world, we know there are not enough examiners, security analysts and IT professionals that can manage the onslaught of data from mobile devices. Every company now deals with BYOD (Bring your Own Device), company issued devices or in some instances even both.
In Android Anti-forensics: Modifying CyanogenMod, Karl-Johan Karlsson and William Bradley Glisson present a version of the Cyanogenmod alternate operating system for Android devices, modified so that it generates plausible false data to foil forensic analysis by law enforcement.
The explosive growth in both the use and capacity of smartphones has led to a sea change in digital forensics, creating technology challenges for the justice and law enforcement communities and raising legal questions that in some cases have gone to the Supreme Court.
Smartphones contain a wealth of information that can translate into evidence in civil and criminal court cases, and law enforcement agencies increasingly are mining this data in their investigations. Which raises the question, how much access should police have to the personal data contained on smartphones?
Currently, there is not much freely available documentation on how Windows Phone 8.0 stores data so it is hoped that the information provided in this post can be used as a stepping stone for further research / possible scripting. Hopefully, analysts will also be able to use this post to help validate any future tool results.
- Page 1