Scribd
Upload
59 views

Mobile Device Forensics

Cell phone evidence can be recovered from call records, messages, photos, videos and other data stored on cell phones and in the network. Cell phones connect to networks through cellular towers that route calls and enable location tracking through techniques like triangulation. Cell phone operating systems vary in popularity, with Android and iOS being the most widely used today. Potential evidence on cell phones includes call history, messages, contacts and location information, which can provide important investigative leads when accessed through forensic analysis.

Uploaded by

V Yaswanth Kumar
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
59 views

Mobile Device Forensics

Cell phone evidence can be recovered from call records, messages, photos, videos and other data stored on cell phones and in the network. Cell phones connect to networks through cellular towers that route calls and enable location tracking through techniques like triangulation. Cell phone operating systems vary in popularity, with Android and iOS being the most widely used today. Potential evidence on cell phones includes call history, messages, contacts and location information, which can provide important investigative leads when accessed through forensic analysis.

Uploaded by

V Yaswanth Kumar
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 38

10.

Mobile Device
Forensics
Part 1

Topics
Cellular Networks
Cell Phone Operating Systems
Evidence on Cell Phones

Cellular Networks

Cell Phone Basics


Important evidence
o
o
o
o
o

Emails & SMS messages


Internet history
GPS (Global Positioning System)
Photos
Videos

Challenge: Diversity
o Many makes, models, and operating systems
o No standard hardware interface
o More of them now have mini USB or micro USV

Cell Phone Tower


Also called Base
Transceiver Station or
Cell Site
Image from Wikipedia
(Link 10a)

Cell Network Components


Base Station
o Antennas and related equipment

Base Station Controller (BSC)


o Regulates the signals between base stations
o Critical as phones move from place to place

Mobile Switching Center (MSC)


o Processes calls within the network
o Holds a lot of evidence
o Coordinates calls between different wireless networks
and land lines
o Handles SMS messages
o Call detail records and logs are here

Cell Network Components


Visitor Location Register (VLR)
o Database linked to a MSC
o All mobile devices currently being controlled by that MSC
are recorded in the VLR
o Interworking functions are gateways to outside data
networks such as the Internet

Home Location Register (HLR)


o
o
o
o

Information about individual subscribers


ID, billing, and services
Stores encryption keys
Supports Authentication Center (AuC) which controls
access to the network

Cell Network Components


Short Message Service Center (SMSC)
o Responsible for SMS messages
o Messages may be recovered
o No rule dictating how long providers must keep those
messages

Handof
Each cell phone is regularly communicating with
nearest cell tower
Even if its not in use
It sends identification data to the tower
o Cell phone number and service provider

Handoff is the transfer from tower to tower as


you move

Handof
Handled differently in GSM & CDMA networks
o GSM (Global System for Mobile Communication)
Hard handoff: Phone can only attach to one tower at
a time
o CDMA (Code Division Multiple Access)
Soft handoff
Phone can connect to multiple towers at once

Records showing when a phone was connected to


a tower can determine the approximate location
of that phone

Mobile Switching Center (MSC)


Once your call hits the tower its transferred to
the MSC
If you are calling a phone outside the network,
call is passed to the PSTN (Public Switched
Telephone Network)

Messaging Services
SMS (Short Message Service)
o Text messages
o Maximum of 160 characters

MMS (Multimedia Messaging Service)


o Improved functionality
o No 160 character limit

Types of Cellular Networks


CDMA (Code Division Multiple
Access)
GSM (Global System for Mobile
Communications)
iDEN (Integrated Digitally Enhanced
Network)

CDMA (Code Division Multiple Access)

Originally military technology


Uses spread spectrum
Used by Sprint, Verizon, Alltel, and NEXTEL
Does not use SIM (Subscriber Identity Module)
cards
Handsets identified by Electronic Serial
Number (ESN)
o ESNs have 32 bits and ran out in 2010, and the new
system, MEID, has replaced it
o MEID has 56 bits (Link Ch 10b)

GSM (Global System for Mobile


Communications)

Used internationally
Uses Time Division Multiple Access (TDMA)
Uses SIM (Subscriber Identity Module) cards
Carriers include AT&T, Verizon, T-Mobile and
Cellular One
Handsets identified by International Mobile
Equipment Identity (IMEI) numbers (15 or 16
digits)

IMEI Blacklist
IMEI uniquely identifies phone, and is not
changed by replacing the SIM card
IMEI can be used to blacklist stolen phones
o Links Ch 10c & 10d

iDEN (Integrated Digitally Enhanced


Network)
Two-way radio-like functionality
Supports normal phone users and push-to-talk
dispatch users
Sprint will stop supporting iDEN in June, 2013
o Link Ch 10e

Prepaid Cell Phones

Can be purchased with cash


No trail to the identity of the user
Cell phone will hold any subscriber information
Network provider will have call details
o Location and calls sent and received

Cell Phone Operating Systems

Modern Cell Phone


Operating Systems

Symbian
Apple iOS
Windows CE and Windows Mobile
Googles Android
Blackberry OS

Link Ch 10f

Symbian

Started as EPOC in the 1980s


First used on phones in 2000 by Sony
Passed through many different companies
Nokia recently made it open-source
In 2011, Nokia switched to Windows Phone
Accenture continues to support Symbian

Blackberry
Introduced in 1999 by Research In Motion (RIM)
from Canada
Common at workplaces
Synchronize with Novells GroupWise and
Microsofts Exchange
Different OS versions for each carrier

Link Ch 10h

Android
The most popular OS by far
Open Source
Used on Motorola, Sony Ericsson, and
HTC phones
Also on tablets

Apples iOS
Used on iPhone, iPad, and iPod Touch
Based on OS X
Second most popular phone OS

Windows Mobile
(now Windows Phone)
Windows OS versions for
smartphones and pocket PCs
Windows Phone 8 was
released in Oct. 2012
o Link Ch 10i

Evidence on Cell Phones

Potential Evidence Items

Call history
Text messages (active & deleted)
Email
Photos & video
Browser history
Contacts
GPS location information
Chat sessions
Calendar
Voice memos
Documents

PIN
(Personal Identification Number)
Can be used to secure
the handset
Three failed attempts will
lock the SIM
A Personal Unlock Key
(PUK) is needed to
unlock the SIM
o PUK comes from the
provider of the SIM card

Image from link Ch 10j

Predictive Text
Intended to make it
easier to type on 10digit keypads
Fills in text when the
user types part of a word
o System learns frequently
used words
o Database may contain
words, slang,
abbreviations, E-mail
addresses or URLs

Also creates hilariously


mangled messages
o Link Ch 10k

Call Detail Records (CDR)


Used by the provider to troubleshoot and improve
performance
May show:
o
o
o
o

Date/time call started and ended


Who called who
Whether call was incoming or outgoing
Originating and terminating towers

But you cant tell who was holding the phone


Subscriber information is different from CDR
o Name, address, acct. numbers, email address,
credit card #

Retention Policies

Link Ch 10l

Software included in phones to send tracking data


back to the carrier
Privacy controversy (Link Ch 10m)

Locating Cell Phones


Triangulation
o Measure signal delay to three nearest towers
o Can give approximate location of phone

Directional antenna
o Enables location determination with only two towers
from delay measurements

GPS
o Locates cell phone with satellites

Wi-Fi Positioning System


o Uses data on known Wi-Fi access points
o Included on the iPad
o Link Ch 10n

Triangulation images from link Ch 10o

You might also like