Since OLAF spring session finished last week there are some interesting things to do with equipment. Mobile phone forensics training was done with new phones and new phone images created locally. Two training were done "Mobile Phone Forensics basic" and "Mobile Forensics Intermediate"
For this event phone preparation was done in a hurry, but all went well. It is a brand new phone image done locally by some very helpful students who were fill phones with results of real actions and activities.
What is interesting is to compare what is on the phones after training are finished and how much and why this phone content diverse since it was all done from same master image (for each model of phone we had master image to clone it).
Plan is to do imaging with two tools UFED and XRAY for each phone and than analyze it.
It will take some time, there is about 30 phones what take few days to acquire data. If we will have enough time EnCase and MPE will be also used.
I'll be updating this post as we are going trough whole process.
As first batch nine Samsung s5280 are processed. Phones are bought in same box, configured together before training and now after training there are some differences, one has not enabled debug mode, batteries are in different levels.
We manage to process 9 Samsungs in two working days, what was interesting is processing time varies a lot, from 30 minutes to few hours
For the rest of phones it takes longer time than expected with some peculiarities, it will be all discussed here
In general there is about 70 dump images from phones, physical, logcal, filesystem dump.
For this event phone preparation was done in a hurry, but all went well. It is a brand new phone image done locally by some very helpful students who were fill phones with results of real actions and activities.
What is interesting is to compare what is on the phones after training are finished and how much and why this phone content diverse since it was all done from same master image (for each model of phone we had master image to clone it).
Plan is to do imaging with two tools UFED and XRAY for each phone and than analyze it.
It will take some time, there is about 30 phones what take few days to acquire data. If we will have enough time EnCase and MPE will be also used.
I'll be updating this post as we are going trough whole process.
As first batch nine Samsung s5280 are processed. Phones are bought in same box, configured together before training and now after training there are some differences, one has not enabled debug mode, batteries are in different levels.
We manage to process 9 Samsungs in two working days, what was interesting is processing time varies a lot, from 30 minutes to few hours
For the rest of phones it takes longer time than expected with some peculiarities, it will be all discussed here
In general there is about 70 dump images from phones, physical, logcal, filesystem dump.
No comments:
Post a Comment