What is Mobile Device Forensics?
Mobile device forensics is directly connected to digital forensics and can be defined as being the recovery of digital information or data which is often used for criminal evidence. Mobile Device Forensics by definition applies only to mobile devices, e.g. tablets, cell phones etc, but it the term also includes any portable digital device that has both internal memory and communication abilities such as PDA devices and also GPS devices.
Mobile device forensics is directly connected to digital forensics and can be defined as being the recovery of digital information or data which is often used for criminal evidence. Mobile Device Forensics by definition applies only to mobile devices, e.g. tablets, cell phones etc, but it the term also includes any portable digital device that has both internal memory and communication abilities such as PDA devices and also GPS devices.
Mobile Forensics Tools
Our list is a mix of open source and commercial digital forensics tools used in forensics tools are typically platform-specific and are configured to address smartphone analysis. Here are a few examples:
Our list is a mix of open source and commercial digital forensics tools used in forensics tools are typically platform-specific and are configured to address smartphone analysis. Here are a few examples:
(If you can think of a tool that we might be missing please let us know in the comments below, thanks!)
» iPhone Analyzer
The iPhone Analyzer allows you to forensically investigate and recover data from within an iOS device. The iPhone Analyzer is a forensic tool that works with iTunes and supports all the latest iOS devices. This security tool, which is Java based, works on every major Operating System. The developers website contains a lot more information but in summary this forensics tool can, for example, recover “deleted” sqlite records (as long as they have not been purged by the device). This tool also allows users to browse the device file structure and can analyze jail broken devices directly over SSH.
The iPhone Analyzer allows you to forensically investigate and recover data from within an iOS device. The iPhone Analyzer is a forensic tool that works with iTunes and supports all the latest iOS devices. This security tool, which is Java based, works on every major Operating System. The developers website contains a lot more information but in summary this forensics tool can, for example, recover “deleted” sqlite records (as long as they have not been purged by the device). This tool also allows users to browse the device file structure and can analyze jail broken devices directly over SSH.
» BitPim
BitPim is certainly worth checking out if you are interested in mobile forensics. BitPim, which is free to download and use, allows the user to view and manipulate data on most CDMA phones. The tool is very well supported and their website contains a lot more information including screen shots.
BitPim is certainly worth checking out if you are interested in mobile forensics. BitPim, which is free to download and use, allows the user to view and manipulate data on most CDMA phones. The tool is very well supported and their website contains a lot more information including screen shots.
» viaForensics’ Forensics
These guys have many excellent mobile forensics tools which they have developed – many of which are free to use! Out of all the resources in this post we’d recommend these guys the most. One of their key products is viaExtract, a program which allows the user to extract data from Android devices, crack passphrases and PINS and to examine images from external (SD) and internal (EMMC) storage cards. This program, which is one of their commerical products, works on many of the most popular Android smart phones and mobile devices.
These guys have many excellent mobile forensics tools which they have developed – many of which are free to use! Out of all the resources in this post we’d recommend these guys the most. One of their key products is viaExtract, a program which allows the user to extract data from Android devices, crack passphrases and PINS and to examine images from external (SD) and internal (EMMC) storage cards. This program, which is one of their commerical products, works on many of the most popular Android smart phones and mobile devices.
» Mobile Internal Acquisition Tool (MIAT)
Follow this link for a really great resource into this tool which discusses a crucial aspect of Mobile Device Forensics, i.e. the recovery of deleted SMS Text Messages. We are not 100% sure if this tool is publically available and if anyone reading this can help us locate where to find it we’d been very grateful!
Follow this link for a really great resource into this tool which discusses a crucial aspect of Mobile Device Forensics, i.e. the recovery of deleted SMS Text Messages. We are not 100% sure if this tool is publically available and if anyone reading this can help us locate where to find it we’d been very grateful!
» TULP2G
Although their website has not been updated for several years the actual framework seems to have been updated just this April 2013 so if you are interested in mobile forensics then certainly take a look at TULP2G. By their own definition, “TULP2G is a forensic software framework developed to make it easy to extract and decode data from digital devices.”
Although their website has not been updated for several years the actual framework seems to have been updated just this April 2013 so if you are interested in mobile forensics then certainly take a look at TULP2G. By their own definition, “TULP2G is a forensic software framework developed to make it easy to extract and decode data from digital devices.”
» Katana Forensics’ Lantern Lite Imager
This product, which we believe is at version 3, is a well known mobile forensics tool which seems to be particularly well suited for iOS devices such as iPhones, the iPod Touch, and iPads. The Latern (as the folks behind the tool prefer to call it) allows the user to parse and triage a Mac running OSX or a Mac OSX image and also allows for data extraction, analaysis, and auditing.
This product, which we believe is at version 3, is a well known mobile forensics tool which seems to be particularly well suited for iOS devices such as iPhones, the iPod Touch, and iPads. The Latern (as the folks behind the tool prefer to call it) allows the user to parse and triage a Mac running OSX or a Mac OSX image and also allows for data extraction, analaysis, and auditing.
Summary
With the continued growth of mobile and portable devices and the decline of the desktop market, digital mobile forensics will continue to become a popular subject and skills within this space will be very much in demand, especially if you are interested in following a career in digital forensics. Let us know your thoughts below, and please add a tool if you think we might have missed one (which I am sure we have since there are dozens of them out there).
With the continued growth of mobile and portable devices and the decline of the desktop market, digital mobile forensics will continue to become a popular subject and skills within this space will be very much in demand, especially if you are interested in following a career in digital forensics. Let us know your thoughts below, and please add a tool if you think we might have missed one (which I am sure we have since there are dozens of them out there).
0 comments:
Post a Comment