Mobile Forensic Tool Overview P2 (JTAG/Chip-Off)

Mobile Forensic Tool Overview P2 (JTAG/Chip-Off)

JTAG JETAG: Joint European Test Action Group: 1985 in EU as standard for boundary-scan testing Boundary scanning context of mobile devices efficiently tests connections on printed circuit board in effort to program/debug device w/out needing phys access to flash 1986:  Members from NA joined: JTAG: Joint Test Action Group 1986-1988: Group proposed/published series of proposals to IEEE Testability Bus Standards Committee Final version of JTAG 2.0 accepted Published 1990/updated several times w/current specs ID’d as IEEE Std. 1149.2013 At core:…

Read More Read More

Mobile Forensic Tool Overview P1

Mobile Forensic Tool Overview P1

Logical Collection: 2007: NIST SP 800-101: Logical acquisition implies bit-by-bit copy of logical storage objects that reside on logical store 2013: SWGDE: Scientific Working Group on Digital Evidence: Removed bit-by-bit classification proposed by NIST Stated logical acquisition implies copy of logical storage of objects that reside on a logical store 2013 publication: Process that provides access to usr-accessible files Logical analysis process will “not generally provide access to deleted data” 2014: NIST: SP 800-101R: Logical acquisition is capturing a copy…

Read More Read More

Intro to Digital Forensics: Ch 1

Intro to Digital Forensics: Ch 1

Digital Forensics: “The application of CS and investigative procedures for a legal purpose involving the analysis of digital evidence (info of probative value that is stored/transmitted in bin form) after proper search authority, chain of custody, validation w/mathematics [hash], use of validated tools, repeatability, reporting/possible expert presentation” “Commentary: Defining Digital Forensics,” Forensic, Magazine 2007 October 2012: ISO s27037: Standard for digital forensics ratified: Defines personnel methods for acquiring/preserving evidence FRE: Federal Rules of Evidence: 1973: Signed into law: Ensure consistency…

Read More Read More

Cellular Networks

Cellular Networks

Cellular network:  Device to cell tower —> Cell tower to MSC: Mobile Switching Center If call is out of network: MSC sends sig to PSTN: Public Switched Telephone Network ——-> Out to caller Cellular-to-cellular convo: Don’t move from MSC to PSTN Stay inside MSC: Routed back into network: No extra fees Cell Towers: 3 Panels per side Transmitter: Middle panel (usually) 2 outside receiver panels: Listen for inbound sigs Comparing differences: Tower learns about loc Helps handoffs bet handoffs when…

Read More Read More

Mobile Forensics: CH 4 Notes

Mobile Forensics: CH 4 Notes

  Before Seizure: Understanding Mobile Comm Active device: Attached to 7 networks: Can allow outside comm to int w/phys collection/extraction Cellular Comm: 7 factors RF used affect way team/examiner rem possibility it will initiate/receive comm during/after seizure Switch device off/Airplane mode Wrap device in material that blocks cellular sig Place device in radio isolation box Large radio isolation room completely devoid of win/lined w/special copper wallpaper Radio isolation techniques: Michael Faraday: 1836: Faraday cage Faraday: 1791-1867: Scientist who discovered electrically…

Read More Read More

Mobile Device Forensics CH 3

Mobile Device Forensics CH 3

Lawful Device Seizure:  4th amendment: Protects from unreasonable search/seizure by gov’t agent/priv citizen acting on behalf of gov’t agent If person not acting on behalf of gov’t: Using wiretap/electronic surveillance/search devices w/out consent LEGAL Search/seizure by private citizens not covered by 4th Citizens not immune from being sued for invasion of privacy by subject of search Agents of gov’t must comply with Fed/state/local law of personal property: Must be lawfully authorized If seizure occurs w/out lawful auth: Any data collected…

Read More Read More

Mobile Device Forensics CH2

Mobile Device Forensics CH2

Phys img of HDD/storage device: Practitioners refer to obtaining every bit/byte from 1st/last sector: Exact copy of media is truest Frye v US 293 F.1013 Testimony must be based on scientific methods sufficiently established/accepted   Daubert v. Merrill Dow Pharmaceuticals 509 US 579 Scientific knowledge: Established if it demonstrates conclusion Product of sound ‘scientific methodology’ from scientific method Decision by Federal Rule of Evidence 702: Rests on shoulders of trial judge Greatest impedance: Overcoming/recognizing write-protected devices ineffective to protect integrity…

Read More Read More

Mobile Device Forensics: CH1 Notes

Mobile Device Forensics: CH1 Notes

Myth: Mobile devices don’t contain much relevant and transactional data than a personal computer History Initiated by Bell Labs in 1946 in St. Louis Missouri 1973: Martin Cooper/Motorola Built a device to enable people to walk/talk in street w/out attached wires April 3: Demonstrated mobile phone w/call to Joel Engle @Bell Labs (Motorola’s main competitor) Call routed via base station Motorola installed atop Burlingham House into ATT landline system DynaTAC 8000x (DYNamic Adaptive Total Area Coverage) Portable phone: Allowed usrs…

Read More Read More

Pairing Problems… P2

Pairing Problems… P2

In part one of this series, I briefly discussed the fundamental protocols that work in conjunction with Bluetooth, like: LMP, L2CAP, SDP and RFCOMM.  I also touched up on  BD_ADDR, and NAP/UAP/LAP.  I went over other states BT devices within a piconet swap to, and hinted at the amount of enumeration we can glean from just OUI‘s and packets.  In this post, I will go a step further and cover the pairing process involved between devices and note some of…

Read More Read More

A Brief History Not of Time but Bluetooth 1

A Brief History Not of Time but Bluetooth 1

With the re-emergence of popularity in both vendor and client Bluetooth usage, along with the release of BlueBorne, I thought I would write a post that provides readers with a little bit of a better understanding of the fundamental workings and flaws used with the technology.  This post was personally picked as a subject of interest by Pirate Moo blog readers and friends, and will later be used to provide an analysis of subjects of interest chosen by users.  I…

Read More Read More