Mobile App Forensics Archives

December 4, 2018 by LCDI

Mobile App Forensics Intern Blog 2

Introduction

Over the past month, our team has analyzed the applications Expedia and Google Trips. These apps help users plan trips to locations abroad with features to order reservations and plan day trips. Our goal for analyzing these applications was to find out how much information they hold for forensic investigators. This will in turn give investigators an easier time catching suspects.

Findings

The application Expedia has very little, if any, information on the system itself. It appears to only store information if the user purchases a ticket. The only other thing we found was sometimes there may be a flight plan stored on the system, but that’s it.

Google Trips, on the other hand, stores most if not all of the information on the system itself. Specifically, it contains all reservations, day trips, and other user input on the system. The application also stores all locations and events of the city that the user is visiting. If a person uses this application rigorously it would provide investigators with a lot of information. The application relies on MIDs, or a set of identifiers provided by Google. When correlated with the locations using certain items in the database, one can easily find the location of the corresponding MID.

Conclusion

The team’s next project will involve game app forensics. What information do apps downloaded from the playstore keep? What is stored internally? The team’s goal is to find as much information as we can about internally stored device data from two game apps. The apps are unknown as of now. Stay tuned for updates by checking out @champforensicslcdi on Instagram and @ChampForensics on Twitter!

The post Mobile App Forensics Intern Blog 2 appeared first on The Leahy Center for Digital Investigation.

October 15, 2018 by LCDI

Mobile Forensics Update 1

Introduction

Frequent readers of this blog will not be surprised to see a new iteration of the Mobile Forensics project. This semester, we are focused specifically on social media apps on Android devices. For the purposes of this project, we have defined social media as any app that allows people to communicate, chat, interact, or exchange information. Most applications that will fit this definition are categorized on the Google Play store as “social”.

This year our devices are two LG G6’s and, as in past projects, the team will be taking advantage of Cellebrite’s UFED 4PC and Android Debug Bridge (ADB) to extract information from the app files. Additionally, we will be investigating if there is any difference between the data collected and stored on Android version 7 and Android version 8.

Current Progress

So far we have created processes and templates for organized data generation. After narrowing down which applications we want to look at, we decided the first application we will be pulling data from is Snapchat. We have been practicing rooting devices and pulling the data to figure out what we will look for on the devices. We need to root the devices to be able to get the information off the apps and look under the hood of them. Our LG G6 devices have just arrived, and we are preparing them for data generation.

Conclusion

After prepping our devices, we will download Snapchat and start creating data by sending snaps to the LCDI Snapchat. We will then use the app for a day before we pull information off of it. The more we use the app, the more information we could potentially acquire. When we do a pull, we will analyze all the data we have and once that is complete, we will move on to the next application, Telegram.

Stay tuned for more updates to come and follow us on Twitter @ChampForensics, Instagram @ChampForensics, and Facebook @ChamplainLCDI.

The post Mobile Forensics Update 1 appeared first on The Leahy Center for Digital Investigation.

September 28, 2018 by LCDI

Smartphones: The Nexus of Evidentiary Data from Social Media to IoT

Introduction

As a first year cybersecurity student, my application to the OpenText Enfuse conference felt like a long shot. Additionally, seeing how I am a cybersecurity major and the conference is mainly focused on digital forensics, I wasn’t sure how much of the content I would be able to understand. Despite this, I was selected and feel that I learned a significant amount of new information. The session that was most informative to me was “Smartphones: The Nexus of Evidentiary Data from Social Media to IoT” given by Amber Schroader.

Amber Schroader

Smartphones and Social Media

Amber Schroader is the President, CEO and Founder of the Parabon Corporation, a leading company in the field of forensics for mobile devices, smartphones, computers, email, gaming systems ,and the cloud. Despite her vast experience in a variety of forensic technology, her Enfuse talk focused solely on smartphones. She began the session by laying out three topics she intended to cover. The first: the hurdles of smartphone forensics. The second: the location of valuable data. The third: how smartphones interact with IoT Her presentation was engaging, at times humorous, and heavily aided by actual data she took from her children’s phones. This included logs of Tinder conversations and other text messaging apps. All in all, for a talk on a somewhat complex process, I felt I was able to understand most of the information despite my lack of experience.

Conclusion

Enfuse was a great experience for me. I was able to meet and network with many industry professionals and I believe I learned a significant amount and gained a better understanding of what digital forensics really is.

To learn more about the LCDI take a look at our Facebook or Twitter pages or send an email to lcdi@champlain.edu.

The post Smartphones: The Nexus of Evidentiary Data from Social Media to IoT appeared first on The Leahy Center for Digital Investigation.