|1619649132wpdm_PREVIEW eForensics Magazine 2021 03 Spying Cookies and Android Forensics.pdf|
We know how important data and mobile devices are in today's digital world. For a specialist or a forensics enthusiast, both of these areas constitute a great treasury of evidence, but how to discover it? Our amazing authors come to your aid and in their articles they present specific tools and how to use them in forensic work.
In the magazine you will find, among others:
- which data you can extract from Android mobile phone using such programs as Autopsy, OS Forensics, X-Ways Forensics, SQLiteBrowser, Decode software, GoogleMaps,
- what was provided by the Wink app on a smart Tablet (Apple iPad), what activities were performed, and what operations were performed on an IOT device,
- how to investigate Android devices using Android Debug Bridge,
- what is Android dumpsys and how to get access to this tool using the ADB shell,
- how to use REMnux to check how ChromeSetup.exe collects cookie files,
- what are Microsoft Shellbags and how to analyze them using ShellBag Explorer to get useful evidence,
- how to use steganography to detect hidden data in images.
These and many more topics can be found in the latest eForensics Magazine. Do not hesitate and reach for this treasure of knowledge about hidden data sources and mobile forensics now!
Have a nice read!
and the eForensics Magazine Editorial Team
TABLE OF CONTENTS
Mobile forensics (Android)
by Phalgun N. Kulkarni
Mobile forensics can reveal all the information present in a cell phone. Eighty-five percent of mobile users in the world are Android users. Mobile forensics will lead to the information related to the user activity, which can be very useful in cases involving cell phones. As smartphone technology is evolving day by day, keeping up with it in a forensically sound manner is challenging. Other challenges about preserving the acquired data or evidence include:
- keeping the device charged,
- keeping the device from the reach of various signals, such as Bluetooth and WIFI as the data can be wiped or altered remotely (using faraday bag),
- keeping up with the latest updates in the operating systems of mobile phones for accurate data retrieval.
Wink Relay Smart Home Controller
by Emre Çelikkol
In this article, I will examine what was provided by the app on a smart Tablet (Apple iPad) using the Wink app, what activities were performed, and what operations were performed on an IOT device. As can be seen on the website, thanks to this application and hardware that will facilitate the work of the end user in smart home systems, many home activities are prepared from the beginning and simplify the work of the host.
Mobile Forensics: How to Investigate Android Devices
by Daniele Giomo
To be able to access certain features of the Android platform that are not visible to the user, you need to know some command line Android Debug Bridge (ADB) commands, a tool that Google offers developers to debug various parts of their applications or system.
Using the command line isn't something everyone is comfortable with, so in an effort to teach everyone how to make these changes (no matter what skill level you have), I've included some basic steps on how to install ADB on the PC.
How Android Dumpsys Proved its Convenience, Again!
by Divya Lakshmanan
What is Android Dumpsys?
When an Android device is in use, a number of services are active on that device. Each service generates information as it is being used on the device. Dumpsys is a tool present on Android devices that can provide aggregated information from all these services. That tool can be accessed using the ADB shell.
Chrome Browser Forensics (Part I)
by Paulo Pereira, PhD
Nowadays, it is incredible that you can't do anything without getting your private information shared by software that collected your data. A shop, a call, a post, a photo, everything is tracked. And if it isn't a data collector, a hacking action can access your data depending how it’s protected by the servers where data are stored. This article is a part of my research about data traffic and privacy in my university. The main focus of this research is not about stealing data, but how your behavior on the internet is under surveillance to determine your profile (your customer profile, your internet searches, your shop research, and so on). I’ll focus on the cookies.
by Stella Magana
Ever notice when a user in a Windows operating system modifies a folder size by, for example, resizing the window itself. Then going back to that folder at a later date, the customization remains? That is ShellBags in action!
There are many sources of digital evidence, divided into three major forensic categories of devices where evidence can be found: Internet-based, stand-alone computers or devices, and mobile devices. In this article, we will focus on stand-alone computers. Digital artifacts in digital forensics are pieces of data that can be used as good information when digital crimes occur so that they can be used as evidence for re-analysis by the forensic team.
Image Steganography. Hiding Data in Image
by Gerard Johansen
There are a variety of steganography tools with a wide variety of methods to hide messages. One of the most common of these methods is to conceal a secret message within the noise of an image file. This is where an image file, such as a JPEG, is used to hide the message. The steganography application then embeds a text document into the image producing a new image. This type of steganography often uses a technique that leverages the Least Significant Bit (LSB) found within the bytes of the image file. For example, an image file is used as the carrier file. If the image has three bytes assigned for each pixel, that corresponds to the colors green, red and blue. The LSB technique replaces the least significant bit of the original to one bit of the data file. This use of the last bit to hide the data changes the image but in a way that is not visible to the naked eye, even upon close examination.
Hidden data sources
by Longinus Timochenco
It is important to highlight that Information Security is everyone's responsibility. Security is part of our virtual education, respecting the limits and preserving the integrity and availability of information! If we follow these basic security principles, not only for our companies but for our lives, you can be sure that we would all save a lot of money and time. It is the same thing as having freedom with security, that would be great, to reflect and reeducate their teams and their family. Security must exist to protect us and not limit and intimidate us, but for that we must collaborate with the rules and education, to avoid losses, damages, and unnecessary exposure.
Issues in Mobile Forensics
by Rahul Deshmukh
In today’s digital world, every one of us is using digital assets for almost everything we need. Tickets, food, travel, entertainment - there is no end to this list. As the list grows, so does the number of users. This leads us to protect the personal identity and protect information we share, and made us build security on data and mobile devices. These security measures inadvertently also enabled utmost secrecy making it very difficult to detect mis-use of these devices and information exchange for illegal and terrorist activities. While every citizen has his own rights to secrecy and privacy, so do the law enforcement agencies to investigate and identify unlawful activities to protect the same citizen. However, it has not been easy. In the legacy systems, we had boundaries, we had perimeters but now the end user defines the perimeter, in other words, the perimeter is constantly on the move. The security of data and the moving perimeter make a forensics investigation even more difficult as the subject keeps shifting from one network to the other making it more difficult to trace and contain.
Run your security marathon: A tale of attack surface and OS footprint reduction
by Roland Gharfine
In this article, we will discuss how producing desirable solutions, whether software or infrastructure ones, under the umbrella of solid security design and implementation, is akin to a marathon, with all of the phases involved, from training to finish line. We will especially focus on two big terms, and how I personally believe even most technical consultants don’t understand them. Security is, once more, highly abstract and nebulous, and if you want to achieve results on the ground, you really need to resort to disambiguation, and communicate the subject matter clearly. I’ve touched upon this countless times, and it really isn’t technical wizardry or anything, it’s just a matter of having the right communication methods, and investing enough effort to maintain them.
by Longinus Timochenco
In this article, I address the theme “mobile forensics”, a subject that deals with issues related to some professional activities of management and analysis of the most diverse types of digital techniques, used directly or indirectly for the benefit of information security, evaluating related investigative methods. The objective is to know and investigate the aspects following good market practices, which are evaluated by cybersecurity professionals, with a high degree of complexity, who collecting critical information about new types of attacks, virtual threats and vulnerabilities gather resources for before or after in the criminal action process, fighting them. The activities of this branch are aimed at preserving, making available and maintaining information.