Mobile Devices and their Components Flashcards
What is a Physical Acquisition?
- Allows the retrieval of hidden, deleted, and corrupted data
- Data is supplied in “raw” form
- Involves decoding of a Hex Dump
- May involve removal of memory chips from circuit boards, destroying the device
What is a Logical Acquisition?
- Logical acquisition and decoding allows the retrieval of a subset of manually accessible data present on the device
- Typically uses the device API
What does IMEI mean? Why is it significant?
International Mobile Equipment Identity
- The “serial number” of the handset
- Can reveal Make, Model, Date, Origin
- Intended to be unique, reprogramming is illegal
How would you retrieve the IMEI of a device?
- Typing *#06#
- May be physically printed on the device
- May be printed on the original packaging
List 5 methods of connecting to a mobile device
- Physical Cable
- Bluetooth
- Infra Red
- JTAG
- ISP
What Operating Systems are on the market for mobile devices?
- Apple
- Android
- Windows
- Blackberry
- Low End Propietary
What is a SIM/UICC?
- Subscriber Identity Module
- Universal Integrated Circuit Card
- Contains user and network data
- User data can be locked via PIN/PUK
- May contain limited storage capacity
- They allow operators to identify a user, and know which services you avail of.
What types of SIM cards are on the market?
- Standard
- Mini SIM
- Micro SIM
- Nano SIM
What is a File System Acquisition?
- Uses device and OS specific communication protocols
- Similar to Logical, except copy of the file system is obtained
- Requires a physical cable to connect to the device
- Can be achieved using forensic tools and Flasher tools
What is the typical file system format for removable media? (i.e. memory cards)
FAT format
What is the most common type of removable media in mobile devices?
Micro SD
What data can be acquired from Logical acquisitions?
- Calls
- Contacts
- SMS
- Apps
- Location
- Video / Audio / Photo
What data can be acquired through File System acquisition?
- Database artefacts
- Bluetooth pairings
- Security Codes
- Previous inserted SIM details
- Calls
- Contacts
- SMS
- Chat
- Location
- Photos / Video / Audio
What data can be acquired from a Physical acquisition?
- IMEI
- IMSI
- ICC-ID
- Contacts
- Call Logs
- SMS / MMS / Emails
- Photo / Video / Audio
- Apps
- Wifi
- Geodata
- Accounts
- Calendars
How many digits long is an IMEI?
- 15 including a check digit
- if 16 then it indicates
the software version
What are digits 1- 8 in an IMEI?
Type Allocation Code
- Identifies make, model and country of origin
- First two digits the Reporting Body Identifier
- Third through eight digits the Mobile Equipment Model Identifier
What are digits 9 - 14 in an IMEI?
Serial Number (SNR)
- Uniquely assigned to that handset
What is the fifteenth and final digit of an IMEI?
Check Digit
– Used to check the validity of the IMEI
– Calculated by “Luhn” formula (open source)
– For early handsets, this was always zero
Other than IMEI, what other identification codes are there?
FCC-ID
- Federal Communications Commission Identification
- Found on devices for US market
- The first three or five characters represent the manufacturer known as the grantee code
What types of locks can users place on their device?
- Standard digits
- Biometric (Face/Finger)
- Pattern locks
How may an investigator access a locked device?
- Ask the owner!
- Manufacturer default
- Physical extraction
- Outsource (i.e. Cellebrite)
What is remote wiping and why is it a problem for investigators?
- Wiping on the device from another location
- Available on Windows, Android, Blackberry, iOS
- Can be issued via Wifi or Mobile Network
- Can be prevented with a Faraday bag
What network technologies (aside from common GSM phones) exist?
- Global Positioning System (GPS)
- ## Satellite phones (Iridium)
How long does a GPS take to orbit?
12 hours
