Smartphone forensic
-
date post
21-Oct-2014 -
Category
Technology
-
view
2.180 -
download
1
description
Transcript of Smartphone forensic
![Page 1: Smartphone forensic](https://reader034.fdocuments.net/reader034/viewer/2022042507/54477886afaf9f61178b4a21/html5/thumbnails/1.jpg)
Smartphone ForensicSmartphone Forensic
SungKyong UnETRI
2011.11.24
![Page 2: Smartphone forensic](https://reader034.fdocuments.net/reader034/viewer/2022042507/54477886afaf9f61178b4a21/html5/thumbnails/2.jpg)
What is Smartphone Forensic?
■ To get clues and/or evidences from smartphones
source: Archigraphs@iconarhive source: samsum.com
2
![Page 3: Smartphone forensic](https://reader034.fdocuments.net/reader034/viewer/2022042507/54477886afaf9f61178b4a21/html5/thumbnails/3.jpg)
Why?
source: http://www.asymco.com3
![Page 4: Smartphone forensic](https://reader034.fdocuments.net/reader034/viewer/2022042507/54477886afaf9f61178b4a21/html5/thumbnails/4.jpg)
Difference
4
![Page 5: Smartphone forensic](https://reader034.fdocuments.net/reader034/viewer/2022042507/54477886afaf9f61178b4a21/html5/thumbnails/5.jpg)
Difference - Dummy vs. SmartItem Dummy Smart
Target Models >1,000/Year >10/YearOS Symbian, Qualcomm iOS, Android, Windows
Mobile, BlackberryOSMobile, BlackberryOSInterface Various USB
Acquisition Logical, Physical Logical, Physical,Backup
Data Phone book, Call history, SMS, Photo, Schedule
+ Email, Web History, Map, Location, SNS,
Message, App, ID/PWDB Format Various SqliteDB Format Various Sqlite
3rd Party App - App Market
5
![Page 6: Smartphone forensic](https://reader034.fdocuments.net/reader034/viewer/2022042507/54477886afaf9f61178b4a21/html5/thumbnails/6.jpg)
Which?
source: http://www.asymco.com
6
![Page 7: Smartphone forensic](https://reader034.fdocuments.net/reader034/viewer/2022042507/54477886afaf9f61178b4a21/html5/thumbnails/7.jpg)
Difference - iOS vs. AndroidItem iOS Android
Phone Manufacturer Apple Samsung, HTC, Motorola, ...
App Market iTunes App Store Android, Amazon, SKT, App Market iTunes App Store Android, Amazon, SKT, KT, Samsung, ...
Security Sandbox, App Screening, App Singing, Passcode Lock, Location Finder,Remote Lock, Remote Wipe, File Encryption,
Encrypted Backup
Sandbox, Permission, App Singing, PatternScreen Lock, Remote Wipe, File Encryption
Backup PC, iCloud -Backup PC, iCloud -Expansion Storage No Yes
Multitasking Limited Yes
7
![Page 8: Smartphone forensic](https://reader034.fdocuments.net/reader034/viewer/2022042507/54477886afaf9f61178b4a21/html5/thumbnails/8.jpg)
Difference - iOS vs. Android
8
![Page 9: Smartphone forensic](https://reader034.fdocuments.net/reader034/viewer/2022042507/54477886afaf9f61178b4a21/html5/thumbnails/9.jpg)
Difference - iOS vs. Android
9
![Page 10: Smartphone forensic](https://reader034.fdocuments.net/reader034/viewer/2022042507/54477886afaf9f61178b4a21/html5/thumbnails/10.jpg)
Difference - iOS vs. Android
10
source: http://www.androidcentral.com source:http://http://forums.appleinsider.com/showthread.php?s=&threadid=124611
![Page 11: Smartphone forensic](https://reader034.fdocuments.net/reader034/viewer/2022042507/54477886afaf9f61178b4a21/html5/thumbnails/11.jpg)
Tools
AcquisitionAcquisition
Analysis
11
![Page 12: Smartphone forensic](https://reader034.fdocuments.net/reader034/viewer/2022042507/54477886afaf9f61178b4a21/html5/thumbnails/12.jpg)
Analysis - Timeline
source: ETRI
12
![Page 13: Smartphone forensic](https://reader034.fdocuments.net/reader034/viewer/2022042507/54477886afaf9f61178b4a21/html5/thumbnails/13.jpg)
Analysis - Relationship
source: ETRI
13
![Page 14: Smartphone forensic](https://reader034.fdocuments.net/reader034/viewer/2022042507/54477886afaf9f61178b4a21/html5/thumbnails/14.jpg)
Analysis - Web Browsing
source: ETRI14
![Page 15: Smartphone forensic](https://reader034.fdocuments.net/reader034/viewer/2022042507/54477886afaf9f61178b4a21/html5/thumbnails/15.jpg)
Analysis - Location
source: ETRI15
![Page 16: Smartphone forensic](https://reader034.fdocuments.net/reader034/viewer/2022042507/54477886afaf9f61178b4a21/html5/thumbnails/16.jpg)
Analysis - Location
source: http://radar.oreilly.com/2011/04/apple-location-tracking.html16
![Page 17: Smartphone forensic](https://reader034.fdocuments.net/reader034/viewer/2022042507/54477886afaf9f61178b4a21/html5/thumbnails/17.jpg)
Analysis - AppCategory App
Phone Call Skype, Viber, Google Voice, ...
Message Cacao Talk, iMessage, Twitter DM, Facebook Message, ...
SNS Twitter, Facebook, me2day, ...
Storage Dropbox, uCloud, SugarSync, Box.net, iCloud, ...
Key DataVault, 1Password, Strip, ...
17
![Page 18: Smartphone forensic](https://reader034.fdocuments.net/reader034/viewer/2022042507/54477886afaf9f61178b4a21/html5/thumbnails/18.jpg)
Analysis - Communication Network
source: http://www.i2group.com/documents/video/ANB8_5_US.flv
18
![Page 19: Smartphone forensic](https://reader034.fdocuments.net/reader034/viewer/2022042507/54477886afaf9f61178b4a21/html5/thumbnails/19.jpg)
Analysis - Social Network
source: http://www.youtube.com/watch?v=Q3rhx9MtUro
19
![Page 20: Smartphone forensic](https://reader034.fdocuments.net/reader034/viewer/2022042507/54477886afaf9f61178b4a21/html5/thumbnails/20.jpg)
Challenge
source: http://theunderstatement.com20
![Page 21: Smartphone forensic](https://reader034.fdocuments.net/reader034/viewer/2022042507/54477886afaf9f61178b4a21/html5/thumbnails/21.jpg)
Challenge■ Apple
• 425,000 Apps• 15B Downloads
■ Google■ Google• 200,000 Apps• 0.5B Downloads
July, 2011
source: http://readwriteweb.com 21
![Page 22: Smartphone forensic](https://reader034.fdocuments.net/reader034/viewer/2022042507/54477886afaf9f61178b4a21/html5/thumbnails/22.jpg)
Architecture
Backup Files
Analysis Request
Analysis Result
Presentation
SW orWeb Browser
USB Connection
22