Trends in Mobile Device Data and Artifacts
Download as PPTX, PDF2 likes3,166 views
Mobile devices now generate and store vast amounts of diverse data in multiple locations and formats. Trends include the dominance of mobile apps for communications and activities, which generate location data, media files, and other information stored both on devices and in the cloud. Device data includes detailed location histories from GPS, WiFi networks, and cell towers; installed apps and usage; contacts; messages; and metadata for calls, images, and other media. This data persists even after deletion and can provide insights into a user's online and real-world activities.
More Related Content
What's hot (20)
Viewers also liked (10)
Similar to Trends in Mobile Device Data and Artifacts (20)
Trends in Mobile Device Data and Artifacts
- 1. Trends in Mobile Devices Data and Artifacts Inbar Ries, Senior Director, Forensics Products June, 2014
- 2. Trends Much More Data • Variety • Amount • Initiator - user and device New Data Management • Multiple locations • Multiple types
- 3. Mobile Apps Dominate Contacts – friends, favorites, groups Call logs Chats – messages, attachments Emails Location Images Malware Over 2 Million Apps in App Store & Google Play 102 Billion downloads in 2013
- 4. Device Internal Data Locations Media files metadata User ID (e.g. Apple ID) Tethering information Cloud backup indication Device power log (off/on) Installed applications & usage Application permissions
- 6. Locations â– Cell towers â– WiFi networks â– Applications location â– Media files â– Journeys taken from GPS applications/devices
- 7. The Device Knows Where his Owner has been â– The location data is derived by the cell towers and Wi-Fi hotspots the devices encountered â– The location service is enabled by default â– The data is stored in SQLite database for future use â– Deleted data can be recovered
- 8. Locations in Android Devices Location reporting is available on devices running Android 2.3 or higher
- 9. Locations in iOS Devices â– iOS 4 and above â– Location accuracy Location service uses a combination of cellular, Wi-Fi, Bluetooth, and GPS to determine your location. â– System location service â– iPhone will periodically send locations of where you have purchased or used Apps in an anonymous and encrypted form to Apple â– iPhone will keep track of places you have recently been, as well as how often and when you visited them. This data is kept solely on your device
- 11. Location in Applications ■User location per activity ■Friend’s locations ■Other people nearby
- 12. Locations from TomTom devices The potential Detailed location info including Lat/Lon and timestamps Data stored on the device Encrypted triplog files
- 13. Image carving â– File carving is a powerful tool for recovering files and fragments of files â– Recovery of images that have a full or partial or corrupted header â– Quick scan â– Less false positive â– Recovery of blocks of JPEG data without header information â– Longer duration â– Much more results â– More false positive Internal & Confidential 13
- 14. Media files ■Video and image files ■Where – Latitude and longitude ■When - capture time ■Which camera - device make and model ■Device owner ■Other camera ■How the area looks like
- 15. Malware â– Mobile malware increasing by 1000% in the last year â– Mainly on Android and BlackBerry platforms â– 2013 - 143K malicious programs targeting mobile devices were detected â– Devices are affected by: â– A fake version of a real site â– Infected legit app â– Unofficial websites where users can freely download apps
- 16. The Real Danger of Malware â– Stealing of â– Private information â– Bank account information and password â– Credit card numbers â– Company intellectual property â– Deleting data â– Forcing the use of premium content â– Bricking the device
- 18. Trends Much More Data • Variety • Amount • Initiator - User and device New Data Management • Multiple locations • Multiple types
- 19. SQLite Databases – Standard ■SQLite database is already installed in many devices including Android, Apple and Blackberry ■Multiple data types ■Text, date and time, numbers ■Files (image, audio, documents) ■Deleted data can be recovered
- 20. SQLite Databases – Content ■Applications data ■The data is per application and cannot be accessed by other applications ■Data: User profile, messages, locations, contacts, images and more ■Device native applications including SMS, MMS, contact ■Device internal usage ■The amount of data that is saved but not exposed to the user is massive ■Data: configuration, cached information, locations and more
- 21. Logs â– Logs can include errors but also valuable system information â– Transactions status â– Device information
- 22. Configuration files ■What can be found: ■Date, time and time zone configuration ■Applications permissions ■Tethering data - Hotspot name, password and last activation time ■Location service status - on/off ■Configuration files: ■Apple – Plist, bplist ■Android – XML preference files
Editor's Notes
- #11: This is an example of location database