Mobile Device Extraction Methods Report, Academic Year 2019-20
VerifiedAdded on 2022/08/18
|10
|2292
|16
Report
AI Summary
This report provides a detailed examination of mobile device investigation techniques, focusing on the Cellebrite UFED4PC and Physical Analyzer software. It evaluates and compares logical, file system, and physical extraction methods, identifying their characteristics, strengths, and weaknesses. The report covers the range of data returned by each method, including call logs, SMS, MMS, pictures, videos, and application data. It also explores advanced techniques such as Micro Read, Hex Dumping, and JTAG. The report further outlines a step-by-step evidence extraction process, including evidence intake, identification of legal authority, preparation, isolation, processing, verification, documentation, presentation, and archiving phases. The document emphasizes the importance of a consistent and well-documented approach to ensure the extracted evidence is repeatable and defensible. The findings are supported by references to relevant literature and industry standards. This report is a valuable resource for understanding the complexities of mobile device forensics and the critical steps involved in a thorough investigation.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: REPORT ON MOBILE DEVICE INVESTIGATION
By
Academic Year: 2019-20
Module: Mobile Device Investigation
By
Academic Year: 2019-20
Module: Mobile Device Investigation
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1
Introduction
Cell phone is a universal instrument that consolidates pretty much every exercises of an
individual's day by day life. Cell phone is the most widely recognized cell phone possess by
numerous individuals to convey, arrange and organize assignments with others. The ability
and the clients of these gadgets increment every year. In view of insights from 2007 to 2014,
the quantity of cell phones sold overall expanded quickly. With the colossal accessibility of
cell phones, there is likewise skyscraper of it being utilized for wrongdoing purposes. The
guilty parties may utilize cell phones for various exercises in their usual way of doing things,
for example, badgering through instant messages, making bargains on illicit business over
email, transmitting sex entertainment pictures, and sending area of wrongdoing, among
different uses. Advanced legal sciences, a control in Information Security is the way toward
revealing and deciphering electronic information. Information put away on cell phones can be
very valuable to scientific agents through the course of an examination. The highlights in a
cell phone give a gold mine of data that can be helpful and important to an examination. The
wellspring of data living on the cell phones can be instant messages, call logs, contact list,
email messages, program history, visit logs and even GPS track focuses(Amtrup et al., 2016).
Cellebrite UFED4PC and Physical Analyzer
Introduction
Cell phone is a universal instrument that consolidates pretty much every exercises of an
individual's day by day life. Cell phone is the most widely recognized cell phone possess by
numerous individuals to convey, arrange and organize assignments with others. The ability
and the clients of these gadgets increment every year. In view of insights from 2007 to 2014,
the quantity of cell phones sold overall expanded quickly. With the colossal accessibility of
cell phones, there is likewise skyscraper of it being utilized for wrongdoing purposes. The
guilty parties may utilize cell phones for various exercises in their usual way of doing things,
for example, badgering through instant messages, making bargains on illicit business over
email, transmitting sex entertainment pictures, and sending area of wrongdoing, among
different uses. Advanced legal sciences, a control in Information Security is the way toward
revealing and deciphering electronic information. Information put away on cell phones can be
very valuable to scientific agents through the course of an examination. The highlights in a
cell phone give a gold mine of data that can be helpful and important to an examination. The
wellspring of data living on the cell phones can be instant messages, call logs, contact list,
email messages, program history, visit logs and even GPS track focuses(Amtrup et al., 2016).
Cellebrite UFED4PC and Physical Analyzer
2
Evidence Extraction Method
The average information accessible by means of a consistent extraction are call logs, SMS
(Short Messaging Service, usually known as instant messages), MMS (Multimedia
Messaging Service, which are for the most part instant messages with connections or
gathering instant messages), pictures, recordings, sound documents, contacts, schedules and
application information. It is conceivable to indicate explicit classes to gather, for example,
just SMS and MMS, yet you can't determine specific things in that classification to just fare.
For instance you can decide to extricate SMS information, yet all SMS will be gathered not
only discussions between explicit individuals or telephone numbers. All the information sent
out in these classifications will be live information and won't have the chance of containing
any erased information(Alsheikh et al., 2016).
File System Extraction
The most significant piece of a filesystem extraction is the full access to the database
records on a cell phone. Various applications, for example, iMessage, SMS, MMS,
Calendar and others, store their data in database documents. At the point when a client
erases information that is a piece of a database, for example, SMS, the passage inside
this database is set apart as erased and is never again unmistakable to the client. This
erased information stays unblemished inside the database and is recoverable until the
database performs routine upkeep and is tidied up. When this procedure happens the
information is never again recoverable.
Manual Extraction
The manual extraction procedure of the information includes seeing information parts
contained in the cell phones. A portion of the substance contained on LCD screen
Evidence Extraction Method
The average information accessible by means of a consistent extraction are call logs, SMS
(Short Messaging Service, usually known as instant messages), MMS (Multimedia
Messaging Service, which are for the most part instant messages with connections or
gathering instant messages), pictures, recordings, sound documents, contacts, schedules and
application information. It is conceivable to indicate explicit classes to gather, for example,
just SMS and MMS, yet you can't determine specific things in that classification to just fare.
For instance you can decide to extricate SMS information, yet all SMS will be gathered not
only discussions between explicit individuals or telephone numbers. All the information sent
out in these classifications will be live information and won't have the chance of containing
any erased information(Alsheikh et al., 2016).
File System Extraction
The most significant piece of a filesystem extraction is the full access to the database
records on a cell phone. Various applications, for example, iMessage, SMS, MMS,
Calendar and others, store their data in database documents. At the point when a client
erases information that is a piece of a database, for example, SMS, the passage inside
this database is set apart as erased and is never again unmistakable to the client. This
erased information stays unblemished inside the database and is recoverable until the
database performs routine upkeep and is tidied up. When this procedure happens the
information is never again recoverable.
Manual Extraction
The manual extraction procedure of the information includes seeing information parts
contained in the cell phones. A portion of the substance contained on LCD screen
3
calls for manual control of the console, touchscreen or fastens in review substance on
the cell phones. The data recovered may be accounted for through outer
cameras(Amtrup et al., 2016).
Logical Extraction
For the most part, the assessor must be completely mindful of a portion of the issues
connected with a determination of specific network methods since different
association shapes just as related conventions would prompts information or data
being altered or various structures or kinds of the data being extricated.
Upon the association, the UFED is said to stack noteworthy API in the cell phones.
The UFED later make the read-just API brings in mentioning the applicable data from
gadgets. Later gadgets give answers to the legitimate or proper demands in separating
assigned substance from working frameworks using the pertinent arrangement of the
orders. This infers the information extraction parts spoke with the cell phone's
working framework mentioning pertinent data from this framework. Such system
upgrades obtaining of applicable or most live information inside the cell phone, in an
intelligible arrangement just as in forensically stable mean.
Micro Read
The Micro Read includes recording of physical perception of doors on NOR or
NAND chip with the use of electron magnifying instrument. Because of extraordinary
details which are included while doing the Micro Read, such degree of the
procurement could simply be gone after for moderately more prominent situations
equivalent to the national security emergency once the various obtaining techniques
are depleted. At this level, the effective obtaining would require the group of experts,
an inside and out cognizance of the exclusive information, time and legitimate
calls for manual control of the console, touchscreen or fastens in review substance on
the cell phones. The data recovered may be accounted for through outer
cameras(Amtrup et al., 2016).
Logical Extraction
For the most part, the assessor must be completely mindful of a portion of the issues
connected with a determination of specific network methods since different
association shapes just as related conventions would prompts information or data
being altered or various structures or kinds of the data being extricated.
Upon the association, the UFED is said to stack noteworthy API in the cell phones.
The UFED later make the read-just API brings in mentioning the applicable data from
gadgets. Later gadgets give answers to the legitimate or proper demands in separating
assigned substance from working frameworks using the pertinent arrangement of the
orders. This infers the information extraction parts spoke with the cell phone's
working framework mentioning pertinent data from this framework. Such system
upgrades obtaining of applicable or most live information inside the cell phone, in an
intelligible arrangement just as in forensically stable mean.
Micro Read
The Micro Read includes recording of physical perception of doors on NOR or
NAND chip with the use of electron magnifying instrument. Because of extraordinary
details which are included while doing the Micro Read, such degree of the
procurement could simply be gone after for moderately more prominent situations
equivalent to the national security emergency once the various obtaining techniques
are depleted. At this level, the effective obtaining would require the group of experts,
an inside and out cognizance of the exclusive information, time and legitimate
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4
hardware. There is not really any open law authorization body in the US leading
procurement at such level. By and by, no Micro Read devices are monetarily
accessible(Beier, 2017).
Hex Dumping as well as the JTAG
The Hex Dumping just as the JTAG extraction systems as a rule bear the cost of
measurable assessors a more straightforward permission to crude data recorded inside
the memory. The central issue with such extraction strategy is the limit of the gave
apparatus in translating and parsing caught information or data. Moreover,
arrangement of intelligent perspectives on the document framework just as giving an
account of the other data leftovers remotely from the record framework to
criminological assessor may be testing. For example, all the data in a gave streak
memory may not really be obtained since various apparatuses like flasher boxes may
very well be fit for extricating specific segments of the memory. The methods used at
such level need availability, for example, WIFI or link between the cell phone and
scientific work environment(Faydi et al., 2019).
Physical Extraction
Physical extraction intently looks like the posthumous procurement procedure of PC
legal sciences. A physical extraction will make a piece for-bit reproduction of the
entirety of the information contained inside the cell phone, including covered up and
erased documents. Cellebrite inside builds up their own custom boot loaders for each
gadget available. Utilizing a boot loader, the UFED can sidestep framework locks and
passwords for some gadgets.
Mobile phone evidence extraction process
hardware. There is not really any open law authorization body in the US leading
procurement at such level. By and by, no Micro Read devices are monetarily
accessible(Beier, 2017).
Hex Dumping as well as the JTAG
The Hex Dumping just as the JTAG extraction systems as a rule bear the cost of
measurable assessors a more straightforward permission to crude data recorded inside
the memory. The central issue with such extraction strategy is the limit of the gave
apparatus in translating and parsing caught information or data. Moreover,
arrangement of intelligent perspectives on the document framework just as giving an
account of the other data leftovers remotely from the record framework to
criminological assessor may be testing. For example, all the data in a gave streak
memory may not really be obtained since various apparatuses like flasher boxes may
very well be fit for extricating specific segments of the memory. The methods used at
such level need availability, for example, WIFI or link between the cell phone and
scientific work environment(Faydi et al., 2019).
Physical Extraction
Physical extraction intently looks like the posthumous procurement procedure of PC
legal sciences. A physical extraction will make a piece for-bit reproduction of the
entirety of the information contained inside the cell phone, including covered up and
erased documents. Cellebrite inside builds up their own custom boot loaders for each
gadget available. Utilizing a boot loader, the UFED can sidestep framework locks and
passwords for some gadgets.
Mobile phone evidence extraction process
5
Proof extraction and legal assessment of every cell phone may contrast. In any case,
following a predictable assessment procedure will help the criminological inspector to
guarantee that the proof extricated from each telephone is very much archived and that the
outcomes are repeatable and defendable. There is no entrenched standard procedure for
versatile legal sciences. Be that as it may, the accompanying figure gives a diagram of
procedure contemplations for extraction of proof from cell phones. All techniques utilized
while removing information from cell phones ought to be tried, approved, and all around
archived.
Step 1: Evidence intake phase
The proof admission stage is the beginning stage and involves demand structures and
administrative work to archive proprietorship data and the kind of occurrence the cell phone
was associated with, and diagrams the sort of information or data the requester is looking for.
Creating explicit goals for every assessment is the basic piece of this stage. It serves to
explain the analyst's objectives.
Step 2: Identification
Legal Authority
It is significant for the legal inspector to decide and record what legitimate position exists for
the procurement and assessment of the gadget just as any restrictions put on the media
preceding the assessment of the gadget.
The goals of examination
The analyst will distinguish how top to bottom the assessment should be founded on the
information mentioned. The objective of the assessment has a huge effect in choosing the
Proof extraction and legal assessment of every cell phone may contrast. In any case,
following a predictable assessment procedure will help the criminological inspector to
guarantee that the proof extricated from each telephone is very much archived and that the
outcomes are repeatable and defendable. There is no entrenched standard procedure for
versatile legal sciences. Be that as it may, the accompanying figure gives a diagram of
procedure contemplations for extraction of proof from cell phones. All techniques utilized
while removing information from cell phones ought to be tried, approved, and all around
archived.
Step 1: Evidence intake phase
The proof admission stage is the beginning stage and involves demand structures and
administrative work to archive proprietorship data and the kind of occurrence the cell phone
was associated with, and diagrams the sort of information or data the requester is looking for.
Creating explicit goals for every assessment is the basic piece of this stage. It serves to
explain the analyst's objectives.
Step 2: Identification
Legal Authority
It is significant for the legal inspector to decide and record what legitimate position exists for
the procurement and assessment of the gadget just as any restrictions put on the media
preceding the assessment of the gadget.
The goals of examination
The analyst will distinguish how top to bottom the assessment should be founded on the
information mentioned. The objective of the assessment has a huge effect in choosing the
6
devices and methods to look at the telephone and expands the proficiency of the assessment
procedure.
The make, model, and identifying information for the device
As a major aspect of the assessment, distinguishing the make and model of the telephone
helps with figuring out what apparatuses would work with the telephone.
Step 3: The preparation phase
When the cell phone model is recognized, the planning stage includes explore with respect to
the specific cell phone to be analyzed and the proper strategies and devices to be utilized for
procurement and assessment.
Step 4: The isolation phase
Cell phones are by configuration proposed to impart by means of PDA systems, Bluetooth,
Infrared, and remote (Wi-Fi) arrange capacities. At the point when the telephone is associated
with a system, new information is added to the telephone through approaching calls,
messages, and application information, which changes the proof on the telephone. Complete
decimation of information is likewise conceivable through remote access or remote cleaning
orders. Thus, disengagement of the gadget from correspondence sources is significant
preceding the obtaining and assessment of the gadget. Detachment of the telephone can be
practiced using faraday packs, which hinder the radio signs to or from the telephone. Past
research has discovered irregularities in all out correspondence insurance with faraday packs.
Hence, organize disconnection is fitting. This should be possible by putting the telephone in
radio recurrence protecting fabric and afterward setting the telephone into plane or flight
mode.
Step 5: Processing phase
devices and methods to look at the telephone and expands the proficiency of the assessment
procedure.
The make, model, and identifying information for the device
As a major aspect of the assessment, distinguishing the make and model of the telephone
helps with figuring out what apparatuses would work with the telephone.
Step 3: The preparation phase
When the cell phone model is recognized, the planning stage includes explore with respect to
the specific cell phone to be analyzed and the proper strategies and devices to be utilized for
procurement and assessment.
Step 4: The isolation phase
Cell phones are by configuration proposed to impart by means of PDA systems, Bluetooth,
Infrared, and remote (Wi-Fi) arrange capacities. At the point when the telephone is associated
with a system, new information is added to the telephone through approaching calls,
messages, and application information, which changes the proof on the telephone. Complete
decimation of information is likewise conceivable through remote access or remote cleaning
orders. Thus, disengagement of the gadget from correspondence sources is significant
preceding the obtaining and assessment of the gadget. Detachment of the telephone can be
practiced using faraday packs, which hinder the radio signs to or from the telephone. Past
research has discovered irregularities in all out correspondence insurance with faraday packs.
Hence, organize disconnection is fitting. This should be possible by putting the telephone in
radio recurrence protecting fabric and afterward setting the telephone into plane or flight
mode.
Step 5: Processing phase
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
When the telephone has been confined from the correspondence arranges, the genuine
handling of the cell phone starts. The telephone ought to be procured utilizing a tried strategy
that is repeatable and is as forensically solid as could reasonably be expected. Physical
obtaining is the favored strategy as it extricates the crude memory information and the gadget
is ordinarily controlled off during the securing procedure. On most gadgets, minimal measure
of changes happen to the gadget during physical obtaining. In the event that physical
obtaining is preposterous or comes up short, an endeavor ought to be made to get the
document arrangement of the cell phone. A coherent securing ought to consistently be gotten
as it might contain just the parsed information and give pointers to look at the crude memory
picture.
Step 6: Verification Phase
In the wake of preparing the telephone, the inspector needs to confirm the precision of the
information removed from the telephone to guarantee that information isn't changed. The
check of the extricated information can be cultivated in a few different ways.
Step 7: Documenting and reporting phase
The scientific inspector is required to archive all through the assessment procedure as
contemporaneous notes identifying with what was finished during the procurement and
assessment. When the analyst finishes the examination, the outcomes must experience some
type of companion survey to guarantee the information is checked and the examination is
finished.
Step 8: Presentation Phase
All through the examination, it is critical to ensure that the data separated and recorded from
a cell phone can be plainly introduced to some other inspector or to a court. Making a
criminological report of information separated from the cell phone during obtaining and
When the telephone has been confined from the correspondence arranges, the genuine
handling of the cell phone starts. The telephone ought to be procured utilizing a tried strategy
that is repeatable and is as forensically solid as could reasonably be expected. Physical
obtaining is the favored strategy as it extricates the crude memory information and the gadget
is ordinarily controlled off during the securing procedure. On most gadgets, minimal measure
of changes happen to the gadget during physical obtaining. In the event that physical
obtaining is preposterous or comes up short, an endeavor ought to be made to get the
document arrangement of the cell phone. A coherent securing ought to consistently be gotten
as it might contain just the parsed information and give pointers to look at the crude memory
picture.
Step 6: Verification Phase
In the wake of preparing the telephone, the inspector needs to confirm the precision of the
information removed from the telephone to guarantee that information isn't changed. The
check of the extricated information can be cultivated in a few different ways.
Step 7: Documenting and reporting phase
The scientific inspector is required to archive all through the assessment procedure as
contemporaneous notes identifying with what was finished during the procurement and
assessment. When the analyst finishes the examination, the outcomes must experience some
type of companion survey to guarantee the information is checked and the examination is
finished.
Step 8: Presentation Phase
All through the examination, it is critical to ensure that the data separated and recorded from
a cell phone can be plainly introduced to some other inspector or to a court. Making a
criminological report of information separated from the cell phone during obtaining and
8
investigation is significant. This may remember information for both paper and electronic
configurations.
Step 9: Archiving phase
Protecting the information removed from the cell phone is a significant piece of the general
procedure. It is likewise significant that the information is held in a useable organization for
the continuous court process, for future reference, should the ebb and flow proof document
become degenerate, and for record keeping prerequisites. Legal disputes may proceed for a
long time before the last judgment is shown up at, and most purviews necessitate that
information be held for extensive stretches of time for the motivations behind interests.
investigation is significant. This may remember information for both paper and electronic
configurations.
Step 9: Archiving phase
Protecting the information removed from the cell phone is a significant piece of the general
procedure. It is likewise significant that the information is held in a useable organization for
the continuous court process, for future reference, should the ebb and flow proof document
become degenerate, and for record keeping prerequisites. Legal disputes may proceed for a
long time before the last judgment is shown up at, and most purviews necessitate that
information be held for extensive stretches of time for the motivations behind interests.
9
References
Amtrup, J.W., Ma, J. and Macciola, A., Kofax Inc, 2016. Systems and methods for detecting
and classifying objects in video captured using mobile devices. U.S. Patent 9,253,349.
Alsheikh, M.A., Niyato, D., Lin, S., Tan, H.P. and Han, Z., 2016. Mobile big data analytics
using deep learning and apache spark. IEEE network, 30(3), pp.22-29.
Amtrup, J.W., Macciola, A., Thompson, S.M. and Ma, J., Kofax Inc, 2016. Systems and
methods for classifying objects in digital images captured using mobile devices. U.S. Patent
9,311,531.
Beier, S., Bhagwan, V., Funk, J., Kaufmann, A.F., Khatchatrian, S., Liu, T.T., Ormont, J. and
Underwood, H.M., International Business Machines Corp, 2017. Supply chain management
using mobile devices. U.S. Patent 9,715,666.
Faydi, C., Pond, D.J., Goldman, O.I., Clark, D. and Horns, R.F., Adobe Inc, 2019. Document
layer extraction for mobile devices. U.S. Patent 10,444,947.
References
Amtrup, J.W., Ma, J. and Macciola, A., Kofax Inc, 2016. Systems and methods for detecting
and classifying objects in video captured using mobile devices. U.S. Patent 9,253,349.
Alsheikh, M.A., Niyato, D., Lin, S., Tan, H.P. and Han, Z., 2016. Mobile big data analytics
using deep learning and apache spark. IEEE network, 30(3), pp.22-29.
Amtrup, J.W., Macciola, A., Thompson, S.M. and Ma, J., Kofax Inc, 2016. Systems and
methods for classifying objects in digital images captured using mobile devices. U.S. Patent
9,311,531.
Beier, S., Bhagwan, V., Funk, J., Kaufmann, A.F., Khatchatrian, S., Liu, T.T., Ormont, J. and
Underwood, H.M., International Business Machines Corp, 2017. Supply chain management
using mobile devices. U.S. Patent 9,715,666.
Faydi, C., Pond, D.J., Goldman, O.I., Clark, D. and Horns, R.F., Adobe Inc, 2019. Document
layer extraction for mobile devices. U.S. Patent 10,444,947.
1 out of 10
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.