DF mobile phone forensics
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (48.18 KB, 16 trang )
Mobile Phone Forensics
Michael Jones
Overview
•
•
•
•
•
Mobile phones in crime
The mobile phone system
Components of a mobile phone
The challenge of forensics
So many handsets, so little time…
Michael Jones
Mobile Phone Forensics
2
Mobile Phones in Crime
• Direct: the phone as an instrument of crime
– Terrorism
– Cyber bullying
• Indirect: the phone as an accessory
– Contacts
– Phone calls and messaging
• General
– The phone is a ‘must have 24/7’ device
Michael Jones
Mobile Phone Forensics
3
Data Recovered from a Mobile Phone
• Same questions as for all investigations
• Is the data valid?
– Is it an accurate reflection of events?
– Is it complete?
• Is the data reliable?
– Are the measurements accurate?
– Could they have been tampered with?
Michael Jones
Mobile Phone Forensics
4
The Mobile Phone System
• First mobile telephone system was developed
and inaugurated in the U.S. in 1945 in St. Louis,
Missouri.
– Bell Laboratories were responsible for most
developments
• The system (still, today) uses a number of
hexagonal ‘cells’ that handle connections with
mobile devices
• Cells use different frequencies
• Communication is full duplex
Michael Jones
Mobile Phone Forensics
5
Mobile Phone Generations
• 1G
– Analogue
• 2G (includes 2.5, 2.75)
– Digital, mostly GSM, circuit switched
• 3G
– High speed IP data networks and mobile
broadband), packet switched
• 4G
– All IP networks. Use of Internet, LAN, etc.
Michael Jones
Mobile Phone Forensics
6
Cell Phone Channels
• Carriers are allocated a number of channels
per city/geographical area
– One channel = 1 form of communication
• There is therefore a capacity on each cell
– Each phone call needs 2 channels for full duplex
– And some channels are reserved for control
communications
Michael Jones
Mobile Phone Forensics
7
Making a call
• The caller’s phone sends a request to the
nearest cell
– The cell controlling the callee is then located
– The request is then sent to that phone
• And the phone rings
• When a person moves
– There is a handover to the nearest cell
• Many issues with this
Michael Jones
Mobile Phone Forensics
8
Components of a Mobile Phone
• IMEI number
– International Mobile Equipment Identity
– Unique at the point of manufacture
• SIM card
– Subscriber Identity/Identification Module
– Includes:
•
•
•
•
•
service-subscriber key (IMSI)
security authentication and ciphering information
temporary information related to the local network
a list of the services the user has access to
two passwords (PIN for usual use and PUK for unlocking)
– Uses Public Key Infrastructure (PKI)
Michael Jones
Mobile Phone Forensics
9
Mobile Phone Forensics
• Capture
– Should the phone be turned off?
– What about fingerprints?
• Investigation
– Where is the data?
• SIM card
• Phone memory
– How to access the data?
Michael Jones
Mobile Phone Forensics
10
Accessing the Data
• Types of access
– Physical and logical
• Logical
– Most phones use a proprietary storage format
• This may be becoming less common
• This complicates investigation of physical acquisition
– The meaning of what is stored is often not clear
• Many manufacturers include their own ‘features’
Michael Jones
Mobile Phone Forensics
11
A Forensic Investigation
• Need to use a forensic investigation ‘kit’
• This reads the data in a forensically sound
manner
– Read only, write blocking
• The kit needs to have
– All the relevant connectors and battery
connections
– Up-to-date software to locate and read the data
Michael Jones
Mobile Phone Forensics
12
Communications
• SIM card reader
• WiFi
• Bluetooth
Michael Jones
Mobile Phone Forensics
13
What Data is Included?
• Logs
– Calls, missed calls, SMS messages
• Contacts
– Including ‘speed dial’ numbers
• Locations
– If GPS enabled
Michael Jones
Mobile Phone Forensics
14
Issues
• Multiple phones
– Have you captured all relevant phones?
• Pay-as-you-go
– Unregistered phones
• Multiplicity of phones
– Thousands of models available
– Most with proprietary OS and filing systems
• Time and cost
• Storage
– Faraday bag
Michael Jones
Mobile Phone Forensics
15
Summary
• Mobile phones are a valuable source of data
– Location(s)
– Activities
• Most people own at least one
– And phones are (generally) reliably unique
• Criminals are aware of the capabilities of
mobile forensics
Michael Jones
Mobile Phone Forensics
16
