Mobile Devices and their Components

Question 1

What is a Physical Acquisition?

Answer 1

• Allows the retrieval of hidden, deleted, and corrupted data
• Data is supplied in “raw” form
• Involves decoding of a Hex Dump
• May involve removal of memory chips from circuit boards, destroying the device

Question 2

What is a Logical Acquisition?

Answer 2

• Logical acquisition and decoding allows the retrieval of a subset of manually accessible data present on the device
• Typically uses the device API

Question 3

What does IMEI mean? Why is it significant?

Answer 3

International Mobile Equipment Identity

• The “serial number” of the handset
• Can reveal Make, Model, Date, Origin
• Intended to be unique, reprogramming is illegal

Question 4

How would you retrieve the IMEI of a device?

Answer 4

• Typing *#06#
• May be physically printed on the device
• May be printed on the original packaging

Question 5

List 5 methods of connecting to a mobile device

Answer 5

• Physical Cable
• Bluetooth
• Infra Red
• JTAG
• ISP

Question 6

What Operating Systems are on the market for mobile devices?

Answer 6

• Apple
• Android
• Windows
• Blackberry
• Low End Propietary

Question 7

What is a SIM/UICC?

Answer 7

• Subscriber Identity Module
• Universal Integrated Circuit Card
• Contains user and network data
• User data can be locked via PIN/PUK
• May contain limited storage capacity
• They allow operators to identify a user, and know which services you avail of.

Question 8

What types of SIM cards are on the market?

Answer 8

• Standard
• Mini SIM
• Micro SIM
• Nano SIM

Question 9

What is a File System Acquisition?

Answer 9

• Uses device and OS specific communication protocols
• Similar to Logical, except copy of the file system is obtained
• Requires a physical cable to connect to the device
• Can be achieved using forensic tools and Flasher tools

Question 10

What is the typical file system format for removable media? (i.e. memory cards)

Answer 10

FAT format

Question 11

What is the most common type of removable media in mobile devices?

Answer 11

Micro SD

Question 12

What data can be acquired from Logical acquisitions?

Answer 12

• Calls
• Contacts
• SMS
• Apps
• Location
• Video / Audio / Photo

Question 13

What data can be acquired through File System acquisition?

Answer 13

• Database artefacts
• Bluetooth pairings
• Security Codes
• Previous inserted SIM details
• Calls
• Contacts
• SMS
• Chat
• Location
• Photos / Video / Audio

Question 14

What data can be acquired from a Physical acquisition?

Answer 14

• IMEI
• IMSI
• ICC-ID
• Contacts
• Call Logs
• SMS / MMS / Emails
• Photo / Video / Audio
• Apps
• Wifi
• Geodata
• Accounts
• Calendars

Question 15

How many digits long is an IMEI?

Answer 15

• 15 including a check digit
• if 16 then it indicates
  the software version

Question 16

What are digits 1- 8 in an IMEI?

Answer 16

Type Allocation Code

• Identifies make, model and country of origin
• First two digits the Reporting Body Identifier
• Third through eight digits the Mobile Equipment Model Identifier

Question 17

What are digits 9 - 14 in an IMEI?

Answer 17

Serial Number (SNR)

• Uniquely assigned to that handset

Question 18

What is the fifteenth and final digit of an IMEI?

Answer 18

Check Digit

– Used to check the validity of the IMEI
– Calculated by “Luhn” formula (open source)
– For early handsets, this was always zero

Question 19

Other than IMEI, what other identification codes are there?

Answer 19

FCC-ID
- Federal Communications Commission Identification
- Found on devices for US market
- The first three or five characters represent the manufacturer known as the grantee code

Question 20

What types of locks can users place on their device?

Answer 20

• Standard digits
• Biometric (Face/Finger)
• Pattern locks

Question 21

How may an investigator access a locked device?

Answer 21

• Ask the owner!
• Manufacturer default
• Physical extraction
• Outsource (i.e. Cellebrite)

Question 22

What is remote wiping and why is it a problem for investigators?

Answer 22

• Wiping on the device from another location
• Available on Windows, Android, Blackberry, iOS
• Can be issued via Wifi or Mobile Network
• Can be prevented with a Faraday bag

Question 23

What network technologies (aside from common GSM phones) exist?

Answer 23

• Global Positioning System (GPS)
• ## Satellite phones (Iridium)

Question 24

How long does a GPS take to orbit?

Answer 24

12 hours

Question 25

How does GPS determine a device’s location?

Answer 25

Trilateration of at least 3 satellites

Question 26

What is Russia’s equivalent of GPS?

Answer 26

GLONASS

Question 27

What is the EU’s equivalent of GPS?

Answer 27

Galileo

Question 28

What is China’s equivalent of GPS?

Answer 28

Beidou Navigation Satellite System BDS

Question 29

What is India’s equivalent of GPS?

Answer 29

(IRNSS) Indian Regional Navigation System

Question 30

What is Japan’s equivalent of GPS?

Answer 30

(QZSS) Quasi Zenith Satellite System

Question 31

What are the common external components of a mobile device?

Answer 31

• On/Off switch
• SIM Port
• Data/Charger
• Battery
• Speaker / Mic
• Camera
• Biometric sensor
• Antennas (Wifi, NFC, Cellular)
• Display / Keypad

Question 32

What are the common internal components of a mobile device?

Answer 32

• CPU
• GPU
• GPS/GLONASS
• Memory
• NFC
• WiFi