Mobile Forensic Analysis
1.1. Mobile device characteristics
1.2. Introduction to Mobile Forensics
1.3. Why we need Mobile Forensics?
1.4. Challenges in Mobile Forensics
2.1. Evolution of Mobile Communication Network
2.2. First generation mobile communication
2.3. Second generation mobile communication
2.4. Third generation mobile communication
2.5. Fourth generation mobile communication
2.6. Fifth generation of wireless network technology
2.7. Mobile Communication Network Infrastructure• Mobile Station
• Base Transceiver Station
• Base Station Controller
• Base Station Subsystem
• Mobile Switching Center
• Equipment Identity Register
• Home Location Register
• Authentication Center
• Visitor Location Register
• Network and Switching Subsystem
• Location Area Identity (LAI)
• Composition of IMEI and IMEISV
• International Mobile Subscriber Identity (IMSI)
3.1. Internal makeup
3.2. File structure
3.3. Data on SIM
3.4. Where is the evidence?
3.5. Integrated Circuit Card Identifier (ICC-ID)
3.6. International Mobile Subscriber Identity (IMSI)
3.7. Forbidden Public Land Mobile Network (FPLMN)
3.8. Abbreviated Dialing Numbers (ADNs)
3.9. Last Number Dialed (LND)
3.10. Mobile Station Integrated Services Digital Network (MSISDN)
3.11. Short Message Service (SMS)
3.12. Forensic SIM Cloning
4.1. Android
• Android OS& Versions
• Android Architecture
• Dalvik Virtual Machine (DVM)
• Android Runtime (ART)
• Why Android use Virtual Machine?
• Android Boot Process
• Android Application Package (APK)
• Android Security
• Android Hardware Components
• Memory
• Android File System
• Android Rooting4.2. iOS & Devices
• iOS Devices
• iPhone Models
• iPad Models
• iPod Models
• Apple TV
• Apple Watch
• Apple Connectors
• iOS Operating System
• iOS Architecture
• iOS Secure Boot Chain
• iOS Operating Modes Normal
Recovery
DFU• iOS Security
• iOS File System HFS+
Apple File System (APFS)• iOS Jailbreaking
5.1. Mobile Forensic Tools Classification System
• Manual extraction
• Logical extraction
• Hex Dump
• JTAG
• Chip off
• Micro Read5.2. Data Acquisition Methods
• Manual extraction
• Logical extraction
• File System extraction
• Physical extraction
6.1. Preservation
• Things to consider at the crime scene
• Chain of Custody
• Isolation Remote Wipe (Android)
Remote Wipe (iOS)
Forensic SIM Cloning
Faraday Bags
RF Shielded Areas
Jammers
Connect to a Power Source
Airplane Mode• Mobile Device (Android)
Enable USB debugging
Enable stay awake setting
Increase Screen timeout
Check Android Version• Mobile Device (iOS)
Mobile Device (Turned on & Locked)
Mobile Device (Turned on & Unlocked)
Mobile Device (Turned Off)
Identify iPhone Model
Check Firmware Version
On-Site Triage Processing• Packaging
• Transportation
• Storage6.2. Acquisition
• Forensic Imaging with 20 Different Mobile Phones (Hands on)
Operating system backup
Logical imaging
File extraction
Android backup
iTunes backup
Physical imaging
Imaging with “ADB.exe”
Imaging with “Autopsy “
Imaging with “Cellebrite UFED4PC” and “Physical Analyzer”
Imaging with “HancomGMD NEXT”
Imaging with “MobilEdit Forensic Express”• Surgery on Mobile Operating Systems (Hands on)
Rooting of Google Android
Jailbreaking Apple iOS
Downgrade process
Usage of Forensic Recovery Partition• Data Recovery on Mobile Operating Systems
Different versions of Google Android
Data recovery on Google Android
Different versions of Apple iOS
Data recovery on Apple iOS
Data recovery tools• Advanced Data Recovery on Mobile Devices
JTAG methods (Hands on)
ISP methods (Hands on)
Chip off methods (Hands on)• SQLite Analysis
SQlite Forensic Explorer (Hands on)
SQLite Analyzer (Hands on)
Forensic Explorer (Hands on)