Week 4 - Mobile Operating Systems Flashcards
Kernel
A portion of the OS code that is always resident in memory and controls and manages l/O requests and other events with a fundamental role in governing memory and CPU in a device.
The open source nature of the Linux ______ allowed software engineers to participate in the design of different projects resulting in the rapid release of innovations.
Android Apps
Expanding selection of apps.
Emphasis on ease of app development.
Android Studio for app development.
Allows self-signed certificates.
Apps installable from sources other than Google Play.
Users can download APK files in developer mode.
General Principles for Collecting Digital Evidence
Follow local agency protocols.
Preserve evidence when digital devices are involved in a crime.
Preserve cloud-based evidence (e.g., social media, cell phone records, remote storage).
Consider the legal basis for seizing digital devices (plain view, search warrant, consent, etc.).
Leave powered-off devices off.
Take pictures of devices and surroundings if a camera is available.
If the device is on, follow digital forensic best practices to maintain data integrity and evidence admissibility (avoid manually accessing files).
Android Investigative Issues
The design of Android by different manufacturers may present investigative barriers.
Android OS manages power consumption and application data/memory storage automatically.
OS automatically closes inactive processes when RAM is low.
Review the mobile device’s make and model to protect data.
Powering down some devices may activate hidden security features.
Leaving a phone powered on may result in data loss.
Wear leveling and garbage collection are legitimate concerns.
Garbage collection copies valid data to a new memory area and erases invalid data.
The device may initiate the cleaning process without warning when the memory threshold is crossed.
Android Hardware Design
Android devices designed for direct manipulation.
Interaction through touchscreen, supporting gestures (swiping, tapping).
Developers use hardware for haptic feedback.
Android OS supports NFC, Bluetooth, Wi-Fi for communication.
Common components include RAM, processor, display, camera, microphone.
Internal storage varies, balancing cost and performance.
Hardware based on ARM, MIPS, and 64-bit processing.
Components like cameras, GPS, sensors can assist investigators.
Overview of iOS
The SDK allowed controlled app development. Developers must register with Apple to create native apps.
While the SDK is free, developers need to pay and pass a review to upload apps to the App Store.
Apple can remove apps with inappropriate content.
Value to Investigators
Apple focuses on user privacy and updates iOS to protect it.
Users can control which apps access their device’s information.
Apps can request various permissions, including access to the camera and location.
Apple’s privacy practices drew attention in 2011 when users discovered location data logging.
Apple explained it as maintaining data related to Wi-Fi hotspots and cell towers for location determination.
This process is known as Assisted GPS location crowdsourcing.
A significant amount of data is stored on the device, which investigators can access.
IOS Investigative Issues
IOS designed to deny access to unauthorized users.
Security features examine boot chain, starting with Boot ROM.
Cryptographically signed components create a trusted chain of hardware root of trust.
Booting process involves LLB, iBoot, and iOS kernel.
iOS kernel activates another set of security standards.
Memory Management (Life Cycle)
Life Cycle Management tracks memory allocation.
Different programming languages use mechanisms (GC in .NET and Java, ARC in iOS).
ARC is more efficient and proactive.
Investigators should understand the difference to prevent data loss.
iOS Hardware Design
iOS mobile device touchscreens are capacitive, allowing multi-touch gestures.
Touchscreens feature fingerprint-resistant coating.
Apple minimizes mechanical interfaces to prevent hardware malfunctions.
SIM card can be accessed without disassembly.
iOS devices equipped with six sensors for various functions (Proximity, Ambient light, Accelerometer, Magnetometer, Gyroscopic).
