#to clarify this is on the app. good luck desktop users
Text
Something cool: the snooze tumblr live button now snoozes for 30 days
Something uncool: snoozing tumblr live no longer removes the camera icon from the bottom menu, so now the bottom menu is always crowded >:(
2 notes
·
View notes
Text
What Is the Most Secure Video Conferencing Software?
Now that millions of people are practicing social distancing and working their office jobs from home because of coronavirus, video conferencing is more popular than ever. Whether you're just attending your regular work meetings, grabbing a beer with friends, or catching up with your extended family spread across the globe—all these fun activities now live thanks to video conferencing apps.
The people’s choice, more often than not, is Zoom. But it doesn’t have to be.
While Zoom offers end-to-end encrypted chat—meaning only the participants in the exchange have access to the contents of the messages—its video calls are not encrypted in the same way by default. Hosts, however, can enable end-to-end encryption in video calls too, according to the company.
The app has a troubled record when it comes to security and privacy. Thanks to a creepy feature, hosts can track whether you are paying attention to the meeting, and the company’s privacy policy allows it to collect all sorts of personal data.
Last year, Zoom had a flaw that allowed hackers to turn on someone’s webcam without their consent, and without them noticing. On top of that, when someone had the Zoom app closed and even uninstalled, the software left a web server up and running, allowing for an automated install of the app if someone invited the user to a Zoom call. Finally, Zoom makes it really hard for you to join calls without installing the app, even though that’s possible.
So, what other apps can you use instead of Zoom?
FACETIME
The obvious choice, if you have an Apple device, is FaceTime. Apple’s video (and audio) conferencing app has been end-to-end encrypted for a very long time. On top of that, it’s incredibly easy to use, and allows for up to 32 participants. The downside, of course, is that it’s only for iOS and Mac users. So if you use Windows, the most popular operating system in the world, you’re out of luck.
Pros:
Easy to use
End-to-end encrypted
Works with up to 32 participants
Apple is good at security
Cons:
Only for Mac and iOS
JITSI
A great cross-platform alternative is the little known Jitsi, which is not end-to-end encrypted, and has apps for Android and iOS. Jitsi also just works in a browser, without having to install anything. Jitsi is also open source, meaning anyone can inspect and contribute to the code. I have used it occasionally and it always worked very well. While the video streams in Jitsi are not end-to-end encrypted, Jisti allows users to run their own server so they can encrypt the video streams to this server, which they control.
Pros:
Easy to use
Works with apps or just on web
Open source
Cons:
Open source also means it has fewer resources to get security right
WHATSAPP
WhatsApp is the most popular chat app on the planet, it’s end-to-end encrypted with state-of-the-art protocols, and is incredibly user-friendly. It’s also cross platform, although video calls don’t work on desktop. It doesn't have all the bells and whistles of enterprise software, but if you're just looking to connect with a couple of friends or family, it's more than enough.
Pros:
Uberpopular, so chances are your friends have it
End-to-end encrypted
Cross-platform
Cons:
Only supports 4 people at a time
It’s owned by Facebook
WIRE
Finally, one of our favorite end-to-end encrypted chat apps, Wire, offers group video chat, but only to paying customers.
Pros
End-to-end encrypted with widely respected encryption protocols
Cons:
Not available for the free version of Wire.
GOOGLE MEET
If you want something that’s easy to use, but not end-to-end encrypted, you can always fall back on Google’s alternative: Meet.
Pros:
Easy to use
Works well
Cons:
Not end-to-end encrypted
Requires a Google account
ZOOM
Zoom has become the de-facto video calling app in the last few days, but it's far from perfect. Its privacy policy is vague and seems to indicate the company could sell some of your data. Calls are not end-to-end encrypted by default and it's unclear if they can be at all.
Pros:
Easy to use
Cross platform
Easily lets you see all people’s videos at once with its panel view
Seems to handle poor connections well
Allows for pretty epic and trolly virtual backgrounds.
Cons:
It's unclear what type of encryption it uses
Privacy policy is suspect
Correction, March 30, 2020 at 10:30 a.m. ET: this story has been updated to clarify that Jitsi is NOT end-to-end encrypted.
What Is the Most Secure Video Conferencing Software? syndicated from https://triviaqaweb.wordpress.com/feed/
0 notes
Text
An Introduction to Forensics Data Acquisition From Android Mobile Devices
The role that a Digital Forensics Investigator (DFI) is rife with continuous learning opportunities, especially as technology expands and proliferates into every corner of communications, entertainment and business. As a DFI, we deal with a daily onslaught of new devices. Many of these devices, like the cell phone or tablet, use common operating systems that we need to be familiar with. Certainly, the Android OS is predominant in the tablet and cell phone industry. Given the predominance of the Android OS in the mobile device market, DFIs will run into Android devices in the course of many investigations. While there are several models that suggest approaches to acquiring data from Android devices, this article introduces four viable methods that the DFI should consider when evidence gathering from Android devices.
A Bit of History of the Android OS
Android’s first commercial release was in September, 2008 with version 1.0. Android is the open source and ‘free to use’ operating system for mobile devices developed by Google. Importantly, early on, Google and other hardware companies formed the “Open Handset Alliance” (OHA) in 2007 to foster and support the growth of the Android in the marketplace. The OHA now consists of 84 hardware companies including giants like Samsung, HTC, and Motorola (to name a few). This alliance was established to compete with companies who had their own market offerings, such as competitive devices offered by Apple, Microsoft (Windows Phone 10 – which is now reportedly dead to the market), and Blackberry (which has ceased making hardware). Regardless if an OS is defunct or not, the DFI must know about the various versions of multiple operating system platforms, especially if their forensics focus is in a particular realm, such as mobile devices.
Linux and Android
The current iteration of the Android OS is based on Linux. Keep in mind that “based on Linux” does not mean the usual Linux apps will always run on an Android and, conversely, the Android apps that you might enjoy (or are familiar with) will not necessarily run on your Linux desktop. But Linux is not Android. To clarify the point, please note that Google selected the Linux kernel, the essential part of the Linux operating system, to manage the hardware chipset processing so that Google’s developers wouldn’t have to be concerned with the specifics of how processing occurs on a given set of hardware. This allows their developers to focus on the broader operating system layer and the user interface features of the Android OS.
A Large Market Share
The Android OS has a substantial market share of the mobile device market, primarily due to its open-source nature. An excess of 328 million Android devices were shipped as of the third quarter in 2016. And, according to netwmarketshare.com, the Android operating system had the bulk of installations in 2017 — nearly 67% — as of this writing.
As a DFI, we can expect to encounter Android-based hardware in the course of a typical investigation. Due to the open source nature of the Android OS in conjunction with the varied hardware platforms from Samsung, Motorola, HTC, etc., the variety of combinations between hardware type and OS implementation presents an additional challenge. Consider that Android is currently at version 7.1.1, yet each phone manufacturer and mobile device supplier will typically modify the OS for the specific hardware and service offerings, giving an additional layer of complexity for the DFI, since the approach to data acquisition may vary.
Before we dig deeper into additional attributes of the Android OS that complicate the approach to data acquisition, let’s look at the concept of a ROM version that will be applied to an Android device. As an overview, a ROM (Read Only Memory) program is low-level programming that is close to the kernel level, and the unique ROM program is often called firmware. If you think in terms of a tablet in contrast to a cell phone, the tablet will have different ROM programming as contrasted to a cell phone, since hardware features between the tablet and cell phone will be different, even if both hardware devices are from the same hardware manufacturer. Complicating the need for more specifics in the ROM program, add in the specific requirements of cell service carriers (Verizon, AT&T, etc.).
While there are commonalities of acquiring data from a cell phone, not all Android devices are equal, especially in light that there are fourteen major Android OS releases on the market (from versions 1.0 to 7.1.1), multiple carriers with model-specific ROMs, and additional countless custom user-complied editions (customer ROMs). The ‘customer compiled editions’ are also model-specific ROMs. In general, the ROM-level updates applied to each wireless device will contain operating and system basic applications that works for a particular hardware device, for a given vendor (for example your Samsung S7 from Verizon), and for a particular implementation.
Even though there is no ‘silver bullet’ solution to investigating any Android device, the forensics investigation of an Android device should follow the same general process for the collection of evidence, requiring a structured process and approach that address the investigation, seizure, isolation, acquisition, examination and analysis, and reporting for any digital evidence. When a request to examine a device is received, the DFI starts with planning and preparation to include the requisite method of acquiring devices, the necessary paperwork to support and document the chain of custody, the development of a purpose statement for the examination, the detailing of the device model (and other specific attributes of the acquired hardware), and a list or description of the information the requestor is seeking to acquire.
Unique Challenges of Acquisition
Mobile devices, including cell phones, tablets, etc., face unique challenges during evidence seizure. Since battery life is limited on mobile devices and it is not typically recommended that a charger be inserted into a device, the isolation stage of evidence gathering can be a critical state in acquiring the device. Confounding proper acquisition, the cellular data, WiFi connectivity, and Bluetooth connectivity should also be included in the investigator’s focus during acquisition. Android has many security features built into the phone. The lock-screen feature can be set as PIN, password, drawing a pattern, facial recognition, location recognition, trusted-device recognition, and biometrics such as finger prints. An estimated 70% of users do use some type of security protection on their phone. Critically, there is available software that the user may have downloaded, which can give them the ability to wipe the phone remotely, complicating acquisition.
It is unlikely during the seizure of the mobile device that the screen will be unlocked. If the device is not locked, the DFI’s examination will be easier because the DFI can change the settings in the phone promptly. If access is allowed to the cell phone, disable the lock-screen and change the screen timeout to its maximum value (which can be up to 30 minutes for some devices). Keep in mind that of key importance is to isolate the phone from any Internet connections to prevent remote wiping of the device. Place the phone in Airplane mode. Attach an external power supply to the phone after it has been placed in a static-free bag designed to block radiofrequency signals. Once secure, you should later be able to enable USB debugging, which will allow the Android Debug Bridge (ADB) that can provide good data capture. While it may be important to examine the artifacts of RAM on a mobile device, this is unlikely to happen.
Acquiring the Android Data
Copying a hard-drive from a desktop or laptop computer in a forensically-sound manner is trivial as compared to the data extraction methods needed for mobile device data acquisition. Generally, DFIs have ready physical access to a hard-drive with no barriers, allowing for a hardware copy or software bit stream image to be created. Mobile devices have their data stored inside of the phone in difficult-to-reach places. Extraction of data through the USB port can be a challenge, but can be accomplished with care and luck on Android devices.
After the Android device has been seized and is secure, it is time to examine the phone. There are several data acquisition methods available for Android and they differ drastically. This article introduces and discusses four of the primary ways to approach data acquisition. These five methods are noted and summarized below:
1. Send the device to the manufacturer: You can send the device to the manufacturer for data extraction, which will cost extra time and money, but may be necessary if you do not have the particular skill set for a given device nor the time to learn. In particular, as noted earlier, Android has a plethora of OS versions based on the manufacturer and ROM version, adding to the complexity of acquisition. Manufacturer’s generally make this service available to government agencies and law enforcement for most domestic devices, so if you’re an independent contractor, you will need to check with the manufacturer or gain support from the organization that you are working with. Also, the manufacturer investigation option may not be available for several international models (like the many no-name Chinese phones that proliferate the market – think of the ‘disposable phone’).
2. Direct physical acquisition of the data. One of rules of a DFI investigation is to never to alter the data. The physical acquisition of data from a cell phone must take into account the same strict processes of verifying and documenting that the physical method used will not alter any data on the device. Further, once the device is connected, the running of hash totals is necessary. Physical acquisition allows the DFI to obtain a full image of the device using a USB cord and forensic software (at this point, you should be thinking of write blocks to prevent any altering of the data). Connecting to a cell phone and grabbing an image just isn’t as clean and clear as pulling data from a hard drive on a desktop computer. The problem is that depending on your selected forensic acquisition tool, the particular make and model of the phone, the carrier, the Android OS version, the user’s settings on the phone, the root status of the device, the lock status, if the PIN code is known, and if the USB debugging option is enabled on the device, you may not be able to acquire the data from the device under investigation. Simply put, physical acquisition ends up in the realm of ‘just trying it’ to see what you get and may appear to the court (or opposing side) as an unstructured way to gather data, which can place the data acquisition at risk.
3. JTAG forensics (a variation of physical acquisition noted above). As a definition, JTAG (Joint Test Action Group) forensics is a more advanced way of data acquisition. It is essentially a physical method that involves cabling and connecting to Test Access Ports (TAPs) on the device and using processing instructions to invoke a transfer of the raw data stored in memory. Raw data is pulled directly from the connected device using a special JTAG cable. This is considered to be low-level data acquisition since there is no conversion or interpretation and is similar to a bit-copy that is done when acquiring evidence from a desktop or laptop computer hard drive. JTAG acquisition can often be done for locked, damaged and inaccessible (locked) devices. Since it is a low-level copy, if the device was encrypted (whether by the user or by the particular manufacturer, such as Samsung and some Nexus devices), the acquired data will still need to be decrypted. But since Google decided to do away with whole-device encryption with the Android OS 5.0 release, the whole-device encryption limitation is a bit narrowed, unless the user has determined to encrypt their device. After JTAG data is acquired from an Android device, the acquired data can be further inspected and analyzed with tools such as 3zx (link: http://z3x-team.com/ ) or Belkasoft (link: https://belkasoft.com/ ). Using JTAG tools will automatically extract key digital forensic artifacts including call logs, contacts, location data, browsing history and a lot more.
4. Chip-off acquisition. This acquisition technique requires the removal of memory chips from the device. Produces raw binary dumps. Again, this is considered an advanced, low-level acquisition and will require de-soldering of memory chips using highly specialized tools to remove the chips and other specialized devices to read the chips. Like the JTAG forensics noted above, the DFI risks that the chip contents are encrypted. But if the information is not encrypted, a bit copy can be extracted as a raw image. The DFI will need to contend with block address remapping, fragmentation and, if present, encryption. Also, several Android device manufacturers, like Samsung, enforce encryption which cannot be bypassed during or after chip-off acquisition has been completed, even if the correct passcode is known. Due to the access issues with encrypted devices, chip off is limited to unencrypted devices.
5. Over-the-air Data Acquisition. We are each aware that Google has mastered data collection. Google is known for maintaining massive amounts from cell phones, tablets, laptops, computers and other devices from various operating system types. If the user has a Google account, the DFI can access, download, and analyze all information for the given user under their Google user account, with proper permission from Google. This involves downloading information from the user’s Google Account. Currently, there are no full cloud backups available to Android users. Data that can be examined include Gmail, contact information, Google Drive data (which can be very revealing), synced Chrome tabs, browser bookmarks, passwords, a list of registered Android devices, (where location history for each device can be reviewed), and much more.
The five methods noted above is not a comprehensive list. An often-repeated note surfaces about data acquisition – when working on a mobile device, proper and accurate documentation is essential. Further, documentation of the processes and procedures used as well as adhering to the chain of custody processes that you’ve established will ensure that evidence collected will be ‘forensically sound.’
Conclusion
As discussed in this article, mobile device forensics, and in particular the Android OS, is different from the traditional digital forensic processes used for laptop and desktop computers. While the personal computer is easily secured, storage can be readily copied, and the device can be stored, safe acquisition of mobile devices and data can be and often is problematic. A structured approach to acquiring the mobile device and a planned approach for data acquisition is necessary. As noted above, the five methods introduced will allow the DFI to gain access to the device. However, there are several additional methods not discussed in this article. Additional research and tool use by the DFI will be necessary.
from WordPress https://ift.tt/2VWlCim
via IFTTT
0 notes
Text
An Introduction to Forensics Data Acquisition From Android Mobile Devices
The role that a Digital Forensics Investigator (DFI) is rife with continuous learning opportunities, especially as technology expands and proliferates into every corner of communications, entertainment and business. As a DFI, we deal with a daily onslaught of new devices. Many of these devices, like the cell phone or tablet, use common operating systems that we need to be familiar with. Certainly, the Android OS is predominant in the tablet and cell phone industry. Given the predominance of the Android OS in the mobile device market, DFIs will run into Android devices in the course of many investigations. While there are several models that suggest approaches to acquiring data from Android devices, this article introduces four viable methods that the DFI should consider when evidence gathering from Android devices.
A Bit of History of the Android OS
Android’s first commercial release was in September, 2008 with version 1.0. Android is the open source and ‘free to use’ operating system for mobile devices developed by Google. Importantly, early on, Google and other hardware companies formed the “Open Handset Alliance” (OHA) in 2007 to foster and support the growth of the Android in the marketplace. The OHA now consists of 84 hardware companies including giants like Samsung, HTC, and Motorola (to name a few). This alliance was established to compete with companies who had their own market offerings, such as competitive devices offered by Apple, Microsoft (Windows Phone 10 – which is now reportedly dead to the market), and Blackberry (which has ceased making hardware). Regardless if an OS is defunct or not, the DFI must know about the various versions of multiple operating system platforms, especially if their forensics focus is in a particular realm, such as mobile devices.
Linux and Android
The current iteration of the Android OS is based on Linux. Keep in mind that “based on Linux” does not mean the usual Linux apps will always run on an Android and, conversely, the Android apps that you might enjoy (or are familiar with) will not necessarily run on your Linux desktop. But Linux is not Android. To clarify the point, please note that Google selected the Linux kernel, the essential part of the Linux operating system, to manage the hardware chipset processing so that Google’s developers wouldn’t have to be concerned with the specifics of how processing occurs on a given set of hardware. This allows their developers to focus on the broader operating system layer and the user interface features of the Android OS.
A Large Market Share
The Android OS has a substantial market share of the mobile device market, primarily due to its open-source nature. An excess of 328 million Android devices were shipped as of the third quarter in 2016. And, according to netwmarketshare.com, the Android operating system had the bulk of installations in 2017 — nearly 67% — as of this writing.
As a DFI, we can expect to encounter Android-based hardware in the course of a typical investigation. Due to the open source nature of the Android OS in conjunction with the varied hardware platforms from Samsung, Motorola, HTC, etc., the variety of combinations between hardware type and OS implementation presents an additional challenge. Consider that Android is currently at version 7.1.1, yet each phone manufacturer and mobile device supplier will typically modify the OS for the specific hardware and service offerings, giving an additional layer of complexity for the DFI, since the approach to data acquisition may vary.
Before we dig deeper into additional attributes of the Android OS that complicate the approach to data acquisition, let’s look at the concept of a ROM version that will be applied to an Android device. As an overview, a ROM (Read Only Memory) program is low-level programming that is close to the kernel level, and the unique ROM program is often called firmware. If you think in terms of a tablet in contrast to a cell phone, the tablet will have different ROM programming as contrasted to a cell phone, since hardware features between the tablet and cell phone will be different, even if both hardware devices are from the same hardware manufacturer. Complicating the need for more specifics in the ROM program, add in the specific requirements of cell service carriers (Verizon, AT&T, etc.).
While there are commonalities of acquiring data from a cell phone, not all Android devices are equal, especially in light that there are fourteen major Android OS releases on the market (from versions 1.0 to 7.1.1), multiple carriers with model-specific ROMs, and additional countless custom user-complied editions (customer ROMs). The ‘customer compiled editions’ are also model-specific ROMs. In general, the ROM-level updates applied to each wireless device will contain operating and system basic applications that works for a particular hardware device, for a given vendor (for example your Samsung S7 from Verizon), and for a particular implementation.
Even though there is no ‘silver bullet’ solution to investigating any Android device, the forensics investigation of an Android device should follow the same general process for the collection of evidence, requiring a structured process and approach that address the investigation, seizure, isolation, acquisition, examination and analysis, and reporting for any digital evidence. When a request to examine a device is received, the DFI starts with planning and preparation to include the requisite method of acquiring devices, the necessary paperwork to support and document the chain of custody, the development of a purpose statement for the examination, the detailing of the device model (and other specific attributes of the acquired hardware), and a list or description of the information the requestor is seeking to acquire.
Unique Challenges of Acquisition
Mobile devices, including cell phones, tablets, etc., face unique challenges during evidence seizure. Since battery life is limited on mobile devices and it is not typically recommended that a charger be inserted into a device, the isolation stage of evidence gathering can be a critical state in acquiring the device. Confounding proper acquisition, the cellular data, WiFi connectivity, and Bluetooth connectivity should also be included in the investigator’s focus during acquisition. Android has many security features built into the phone. The lock-screen feature can be set as PIN, password, drawing a pattern, facial recognition, location recognition, trusted-device recognition, and biometrics such as finger prints. An estimated 70% of users do use some type of security protection on their phone. Critically, there is available software that the user may have downloaded, which can give them the ability to wipe the phone remotely, complicating acquisition.
It is unlikely during the seizure of the mobile device that the screen will be unlocked. If the device is not locked, the DFI’s examination will be easier because the DFI can change the settings in the phone promptly. If access is allowed to the cell phone, disable the lock-screen and change the screen timeout to its maximum value (which can be up to 30 minutes for some devices). Keep in mind that of key importance is to isolate the phone from any Internet connections to prevent remote wiping of the device. Place the phone in Airplane mode. Attach an external power supply to the phone after it has been placed in a static-free bag designed to block radiofrequency signals. Once secure, you should later be able to enable USB debugging, which will allow the Android Debug Bridge (ADB) that can provide good data capture. While it may be important to examine the artifacts of RAM on a mobile device, this is unlikely to happen.
Acquiring the Android Data
Copying a hard-drive from a desktop or laptop computer in a forensically-sound manner is trivial as compared to the data extraction methods needed for mobile device data acquisition. Generally, DFIs have ready physical access to a hard-drive with no barriers, allowing for a hardware copy or software bit stream image to be created. Mobile devices have their data stored inside of the phone in difficult-to-reach places. Extraction of data through the USB port can be a challenge, but can be accomplished with care and luck on Android devices.
After the Android device has been seized and is secure, it is time to examine the phone. There are several data acquisition methods available for Android and they differ drastically. This article introduces and discusses four of the primary ways to approach data acquisition. These five methods are noted and summarized below:
1. Send the device to the manufacturer: You can send the device to the manufacturer for data extraction, which will cost extra time and money, but may be necessary if you do not have the particular skill set for a given device nor the time to learn. In particular, as noted earlier, Android has a plethora of OS versions based on the manufacturer and ROM version, adding to the complexity of acquisition. Manufacturer’s generally make this service available to government agencies and law enforcement for most domestic devices, so if you’re an independent contractor, you will need to check with the manufacturer or gain support from the organization that you are working with. Also, the manufacturer investigation option may not be available for several international models (like the many no-name Chinese phones that proliferate the market – think of the ‘disposable phone’).
2. Direct physical acquisition of the data. One of rules of a DFI investigation is to never to alter the data. The physical acquisition of data from a cell phone must take into account the same strict processes of verifying and documenting that the physical method used will not alter any data on the device. Further, once the device is connected, the running of hash totals is necessary. Physical acquisition allows the DFI to obtain a full image of the device using a USB cord and forensic software (at this point, you should be thinking of write blocks to prevent any altering of the data). Connecting to a cell phone and grabbing an image just isn’t as clean and clear as pulling data from a hard drive on a desktop computer. The problem is that depending on your selected forensic acquisition tool, the particular make and model of the phone, the carrier, the Android OS version, the user’s settings on the phone, the root status of the device, the lock status, if the PIN code is known, and if the USB debugging option is enabled on the device, you may not be able to acquire the data from the device under investigation. Simply put, physical acquisition ends up in the realm of ‘just trying it’ to see what you get and may appear to the court (or opposing side) as an unstructured way to gather data, which can place the data acquisition at risk.
3. JTAG forensics (a variation of physical acquisition noted above). As a definition, JTAG (Joint Test Action Group) forensics is a more advanced way of data acquisition. It is essentially a physical method that involves cabling and connecting to Test Access Ports (TAPs) on the device and using processing instructions to invoke a transfer of the raw data stored in memory. Raw data is pulled directly from the connected device using a special JTAG cable. This is considered to be low-level data acquisition since there is no conversion or interpretation and is similar to a bit-copy that is done when acquiring evidence from a desktop or laptop computer hard drive. JTAG acquisition can often be done for locked, damaged and inaccessible (locked) devices. Since it is a low-level copy, if the device was encrypted (whether by the user or by the particular manufacturer, such as Samsung and some Nexus devices), the acquired data will still need to be decrypted. But since Google decided to do away with whole-device encryption with the Android OS 5.0 release, the whole-device encryption limitation is a bit narrowed, unless the user has determined to encrypt their device. After JTAG data is acquired from an Android device, the acquired data can be further inspected and analyzed with tools such as 3zx (link: http://z3x-team.com/ ) or Belkasoft (link: https://belkasoft.com/ ). Using JTAG tools will automatically extract key digital forensic artifacts including call logs, contacts, location data, browsing history and a lot more.
4. Chip-off acquisition. This acquisition technique requires the removal of memory chips from the device. Produces raw binary dumps. Again, this is considered an advanced, low-level acquisition and will require de-soldering of memory chips using highly specialized tools to remove the chips and other specialized devices to read the chips. Like the JTAG forensics noted above, the DFI risks that the chip contents are encrypted. But if the information is not encrypted, a bit copy can be extracted as a raw image. The DFI will need to contend with block address remapping, fragmentation and, if present, encryption. Also, several Android device manufacturers, like Samsung, enforce encryption which cannot be bypassed during or after chip-off acquisition has been completed, even if the correct passcode is known. Due to the access issues with encrypted devices, chip off is limited to unencrypted devices.
5. Over-the-air Data Acquisition. We are each aware that Google has mastered data collection. Google is known for maintaining massive amounts from cell phones, tablets, laptops, computers and other devices from various operating system types. If the user has a Google account, the DFI can access, download, and analyze all information for the given user under their Google user account, with proper permission from Google. This involves downloading information from the user’s Google Account. Currently, there are no full cloud backups available to Android users. Data that can be examined include Gmail, contact information, Google Drive data (which can be very revealing), synced Chrome tabs, browser bookmarks, passwords, a list of registered Android devices, (where location history for each device can be reviewed), and much more.
The five methods noted above is not a comprehensive list. An often-repeated note surfaces about data acquisition – when working on a mobile device, proper and accurate documentation is essential. Further, documentation of the processes and procedures used as well as adhering to the chain of custody processes that you’ve established will ensure that evidence collected will be ‘forensically sound.’
Conclusion
As discussed in this article, mobile device forensics, and in particular the Android OS, is different from the traditional digital forensic processes used for laptop and desktop computers. While the personal computer is easily secured, storage can be readily copied, and the device can be stored, safe acquisition of mobile devices and data can be and often is problematic. A structured approach to acquiring the mobile device and a planned approach for data acquisition is necessary. As noted above, the five methods introduced will allow the DFI to gain access to the device. However, there are several additional methods not discussed in this article. Additional research and tool use by the DFI will be necessary.
Source by Ron McFarland
The post An Introduction to Forensics Data Acquisition From Android Mobile Devices appeared first on Igot Apps.
from Igot Apps https://igotapps.com/fast-app-development/an-introduction-to-forensics-data-acquisition-from-android-mobile-devices/
0 notes
Last Seen Blogs
beautybybetsey
Beauty by Betsey
fwuffypwincess
Tiny Pwincess
greatlovefest
Dial Miele Appliance Repair
zephagame
Zepha: Voxel Game Engine
brad-67
Untitled