Wednesday, April 23, 2014

Mobile Device / Smartphone Forensic Analysis Investigation Tools

Mobile device forensics :
                            is directly connected to digital forensics and can be defined as being the recovery of digital information or data which is often used for criminal evidence. Mobile Device Forensics by definition applies only to mobile devices, e.g. tablets, cell phones etc, but it the term also includes any portable digital device that has both internal memory and communication abilities such as PDA devices and also GPS devices.






iPhone Analyzer:
                        allows you to forensically examine or recover date from in iOS device. It principally works by importing backups produced by iTunes or third party software, and providing you with a rich interface to explore, analyses and recover data in human readable formats. Because it works from the backup files everything is forensically safe, and no changes are made to the original data.

Features

  • Supports iOS 2, iOS 3, iOS 4 and iOS 5 devices
  • Multi-platform (Java based) product, supported on Linux, Windows and Mac
  • Fast, powerful search across device including regular expressions
  • Integrated mapping supports visualisation of geo-tagged information, including google maps searches, photos, and cell-sites and wifi locations observed by the device (the infamous "locationd" data)
  • Integrated support for text messages, voicemail, address book entries, photos (including metadata), call records and many many others
  • Recovery of "deleted" sqlite records (records that have been tagged as deleted, but have not yet been purged by the device can often be recovered),/li>
  • Integrated visualisation of plist and sqlite files
  • Includes support for off-line mapping, supporting mapping on computers not connected to the Internet
  • Support for KML export and direct export to Google Earth
  • Browse the device file structure, navigate directly to key files or explore the device using concepts such as "who", "when", "what" and "where".
  • Analyse jail broken device directly over SSH without need for backup (experimental)
Download Link : http://sourceforge.net/projects/iphoneanalyzer/


BitPim:
           is a program that allows you to view and manipulate data on many CDMA phones from LG, Samsung, Sanyo and other manufacturers. This includes the PhoneBook, Calendar, WallPapers, RingTones (functionality varies by phone) and the Filesystem for most Qualcomm CDMA chipset based phones.


Download Link : http://sourceforge.net/projects/bitpim/files/

Mobile Internal Acquisition Tool (MIAT)

                                                                this tool which discusses a crucial aspect of Mobile Device Forensics, i.e. the recovery of deleted SMS Text Messages. We are not 100% sure if this tool is publically available and if anyone reading this can help us locate where to find it we’d been very grateful!.

In examining the MIAT dump of the phone's filesystem, I found the following interesting items of evidence (note that these are not intended to be comprehensive):
  • \Windows\Profiles\guest\ - Contained the Pocket IE cache, including Cookies, index.dat (which was not extracted due to the previously specified issue), and Temporary Internet Files
  • \Windows\Messaging - Contained various .mbp files which proved to hold the text of downloaded email messages. There is also an Attachments folder under this path that may hold downloaded attachments.
  • \Windows\ActiveSync - Contained various configuration and log files from Activesync
  • \Windows\Favorites - Contained Favorite links used by Pocket IE
  • \Application Data\GoogleMaps - Contained configuration and cache files used by the installed Google Maps application. These files are all binary, but one of them, prefsext.dat, contains a variety of strings which match searches that have been performed and results (street addresses) which have been returned. Somebody could probably reverse engineer the format and write a parser for this that would be really useful.
  • \*.vol these files contain Embedded databases, which include all of the phone-related information such as call logs, phone book, appointment list, etc. I haven't yet found a free application to parse them, but there's got to be something out there.
  • I also found a number of other empty Attachments folders, as well as additional empty Profiles and Temporary Internet Folders folders. This probably means that these various locations are implementation dependant.
 Download Link : http://www.dfrws.org/2008/proceedings/p121-distefano_pres.pdf


TULP2G:
           is a .NET based forensic software framework for extracting and decoding data stored in electronic devices.

“TULP2G is a forensic software framework developed to make it easy to extract and decode data from digital devices.”

Download Link : http://sourceforge.net/projects/tulp2g/

Santoku Community Edition:
                                runs in the lightweight Lubuntu Linux distro. It can be run in VirtualBox (recommended) or VMWare Player, both available free and run on Linux, Mac or Windows. The Lubuntu download is large because it is a full .iso. We recommend you download on a fast connection. 


Tools to acquire and analyze data
  • Firmware flashing tools for multiple manufacturers
  • Imaging tools for NAND, media cards, and RAM
  • Free versions of some commercial forensics tools
  • Useful scripts and utilities specifically designed for mobile forensics
Download Link : https://santoku-linux.com/download


UFED Physical Analyzer is the most advanced analysis, decoding and reporting application in the mobile forensic industry. It includes malware detection, enhanced decoding and reporting functions, project analytics, timeline graph, exporting data capabilities and much more. - See more at: http://www.toolwar.com/2014/04/ufed-physical-analyzer-mobile-forensics.html#sthash.ipUOiqQB.dpuf
 UFED Physical Analyzer :
                                         is the most advanced analysis, decoding and reporting application in the mobile forensic industry. It includes malware detection, enhanced decoding and reporting functions, project analytics, timeline graph, exporting data capabilities and much more.
UFED Physical Analyzer is the most advanced analysis, decoding and reporting application in the mobile forensic industry. It includes malware detection, enhanced decoding and reporting functions, project analytics, timeline graph, exporting data capabilities and much more. - See more at: http://www.toolwar.com/2014/04/ufed-physical-analyzer-mobile-forensics.html#sthash.ipUOiqQB.dpuf

UFED Physical Analyzer is the most advanced analysis, decoding and reporting application in the mobile forensic industry. It includes malware detection, enhanced decoding and reporting functions, project analytics, timeline graph, exporting data capabilities and much more. - See more at: http://www.toolwar.com/2014/04/ufed-physical-analyzer-mobile-forensics.html#sthash.ipUOiqQB.dpuf
 
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool


Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Advanced capabilities for:

iOS ::

    Bypassing simple and complex passcode while performing physical and file system extraction on selected devices running iOS 3.0 or higher including iOS 6.
    Real-time decryption and decoding of data, applications, and keychain real-time decryption while revealing user passwords.
    Advanced decoding of applications.

BlackBerry ::

    Advanced decoding of BlackBerry Messenger (BBM), emails, locations, applications and more.
    Real-time decryption of protected content from selected BlackBerry devices running OS 4+ using a given password.

Android ::

    Advanced decoding of all physical extractions performed on devices running any Android versions.
    Advanced decoding of applications and application files.

GPS ::

    Portable GPS devices extraction and decoding.
    Exclusive – Physical extraction of Tom Tom trip-log files.

 Download Link : http://go.cellebrite.com/30DayPhysicalAnalyzerTrial

Oxygen Forensic® Suite:

                           Oxygen Forensics Suite (Standard Edition) is a tool that will help you achieve this. Features include the ability to gather Device Information (Manufacturer, OS Platform, IMEI, Serial Number, etc.), Contacts, Messages (Emails, SMS, MMS, etc.) and recovery of deleted messages, Call Logs, and Calendar and Task information. It also comes with a file browser which allows you to access and analyse user photos, videos, documents and device databases.


Download Link : http://www.oxygen-forensic.com/en/download/freeware


Advanced capabilities for:

iOS :: 
  • Bypassing simple and complex passcode while performing physical and file system extraction on selected devices running iOS 3.0 or higher including iOS 6.
  • Real-time decryption and decoding of data, applications, and keychain real-time decryption while revealing user passwords.
  • Advanced decoding of applications.
BlackBerry :: 
  • Advanced decoding of BlackBerry Messenger (BBM), emails, locations, applications and more.
  • Real-time decryption of protected content from selected BlackBerry devices running OS 4+ using a given password.
Android ::
  • Advanced decoding of all physical extractions performed on devices running any Android versions.
  • Advanced decoding of applications and application files.
GPS :: 
  • Portable GPS devices extraction and decoding.
  • Exclusive – Physical extraction of Tom Tom trip-log files.
- See more at: http://www.toolwar.com/2014/04/ufed-physical-analyzer-mobile-forensics.html#sthash.ipUOiqQB.dpuf
 

2 comments:

Open source Tools for Live Meeting(Web Conferencing)

posts. Guys the most of you find these posts a valuable resource for the e-Learning community. As a result, the following post is Free and Open Source Web Conferencing (Online Meetings, Webinars) Tools for e-Learning.




The following list contains free and open source Web Conferencing tools that are n't in particular order.



Also, you should be sure that the e-Learning community will highly appreciate:

  1. if you post a comment with your experience with these tools and/or,

  2. if you post a comment with a link to any other free and open source Web Conferencing tool.

We support Free eLearning! Do you?



I support Free eLearning




BigBluebutton* is built for Higher Education. It enables universities and colleges to deliver a high-quality learning experience to remote students. BigBlueButton is an active open source project that focuses on usability, modularity, and clean design -- both for the user and the developer. The project is hosted at Google Code. BigBlueButton is built by combining over fourteen open source components.



*note: Epignosis has created a module that provides integration of BigBlueButton conferencing in eFront Open Source Learning Management System. BigBlueButton is a free web-conferencing tool with text chat, audio and video capabilites, a virtual whiteboard and many more presentation and conferencing features.




OpenMeetings is a free browser-based software that allows you to set up instantly a conference in the Web. You can use your microphone or webcam, share documents on a white board, share your screen or record meetings. It is available as hosted service or you download and install a package on your server with no limitations in usage or users.



OpenMeetings Key Features Mini Demo





Mikogo is a free desktop sharing tool full of features to assist you in conducting the perfect online meeting or web conference. Take advantage of the opportunity to share any screen content or application over the Internet in true color quality with up to 10 participants simultaneously, while still sitting at your desk.












Yugma free web conferencing allows anyone, anywhere to instantly share their desktop and ideas online with others. To start hosting your own meetings you have to sign up for FREE. Your Yugma Free web conferencing account allows you to invite up to 20 attendees







Using WebHuddle, you have options and flexibility. Meetings can be conducted either in conjunction with an enterprise’s existing teleconferencing service, or utilizing WebHuddle’s optional voice over IP. WebHuddle also offers recording capabilities -- presentations can easily be recorded for playback over any web browser for those who missed the live meeting.










With Vyew you can give a presentation to a hundred people online or post a document you've been working on for review by your colleagues at the convenience. Vyew is extremely flexible alloying you to bring online collaboration and conferencing into your workflow on your terms.









Dimdim delivers synchronized live presentations, whiteboards and web pages while sharing your voice and video over the Internet - with no download. With the Free edition you can get 10 person meetings, 1 way video, standard support, Dimdim branded rooms, and public meetings.



*note: Epignosis has created a module that provides integration of Dimdim conferencing in eFront  Open Source Learning Management System.




Adobe® ConnectNow is a great way to share ideas, discuss details, and complete work with others all online. Reduce travel costs, save time, and increase productivity with a web conferencing solution that's easy to access and simple to use. ConnectNow operates inside a web browser. There's no installation required, so getting started is easy and Free