Blackberry Forensics: Blackberry Curve 8520 ( Talal Al Ismail, Ali Al Kaf, Rashed Al Meherbi)

March 17, 2018 | Author: Miozzoni Concepts | Category: Black Berry Limited, Blackberry, Computer Forensics, Backup, Mobile Device


Comments



Description

ForensicsRASHID AL MEHRBI M80001180 TALAL AL ISMAIL M80001181 ALI AL KAF M80001182 Outline Outline ŏ Problem Statement ŏ Introduction ŏ Why BlackBerry? ŏ Related Work ŏ Methodology ŏ Results & Discussion ŏ Future Work ŏ Conclusion The purpose of this presentation, to examine is A Curve 8520 Blackberry Introduction Outline  The Blackberry as a device in its various guises is seen as the modern executive’s talisman of technology designed by Canadian company Research In Motion (RIM) since 1999. BlackBerry phones function as a personal digital assistant and portable media player. They are primarily known for their ability to send and receive (push) Internet e-mail wherever mobile network service coverage is present, or through Wi-Fi connectivity. They support a large array of instant messaging features, including BlackBerry messenger (Valli & Jones, 2008).    The Blackberry device family has changed from being a simple digital diary into a fully portable electronic office suite. BlackBerry commands a 11.7% share of worldwide Smartphone sales, making it the fourth most popular device manufacturer after Google, Nokia, and Apple (Valli & Jones, 2008). There is evidence to suggest that a Blackberry is a very secure device however, Blackberry has the same basic fundamental flaw it has a human operator.  Why BlackBerry ? Outline   BlackBerry has gained a reputation in the mobile space during the past decade or so as the "most secure" handheld device and mobile platform available. The BB is used as a telephony device, email, contacts management and calendaring device by persons or institutions that want a “secure” means of interacting with stakeholders. Blackberry’s are typically used by corporate and government enterprises due to their security features and excellent corporate software. Of the 12 million subscribers to RIM services worldwide, over 8 million are corporate users (Valli & Jones, 2008). This profile makes the Blackberry a target device for industrial spying, espionage or good old fashioned blackmail. The Blackberry has a couple of transport encryption options, which are the Triple Data Encryption Standard (DES) and the Advanced Encryption Standard (AES). The Blackberry has another feature that is referred to as the Password Keeper, which offers the capability of securely storing password entries on the devices, which could consist of banking passwords, PINs, and so on. This important information is protected by AES    Why BlackBerry ? (Cont.) Outline  Worldwide, the loss of phones either by theft or simple loss runs into the millions per annum, of which a percentage of these must be Blackberry. A Blackberry can be used in the following ways: Outline    An address book , calendar, and to-do-list To compose, send, and receive messages As a phone        To access the Internet As a tethered modem, allowing notebook computers to access the internet anywhere As an organizer For sending SMS messages For instant messaging For corporate data access As a paging service (Ec-Council, 2010) Related Work Outline    The field of Small Scale Digital Devices is still an emerging field with a good portion of ongoing researches that’s being done per annum. Not more than few researches have been published related to Blackberry forensics. Some of the researches outlined different topics such as: • Methodologies and tools available to perform a forensic examination of a RIM (BlackBerry) device (Burnette, 2002) • Data Hiding (Burnette, 2002) • Forensic Recoverability of Data from 2nd Hand Blackberry Devices (Valli & Jones, 2008) Methodology Outline  In this research a RIM Blackberry Curve 8520 device was forensically examined after a logical backup has been acquired from the device using a RIM tool that is Blackberry Desktop Manager.  The fundamental rule in any forensic acquisition is that no contamination or alteration should occur to the original evidence/data during the forensic analysis.  For that, the examination of the device was conducted under forensically sound conditions without jailbreaking the file system.  This research adheres to the Computer Forensics Tools Testing program guidelines established by the National Institute of Standards and Technology (NIST). Methodology Outline Logical Acquisition  This research applied the logical acquisition method where a bit-by-bit copy of all the data (e.g., directories and files) stored within the Blackberry device file system was acquired using the Blackberry Desktop Manager  The logical backups would prove a previous synchronization between the Blackberry device and the computer that has been previously synched with.  To make sure that the forensic acquisition is legally sound, the use of XRY hardware-based write blocker was taken into consideration so that the forensic workstation's address book, calendar, image files, email accounts and other data are not copied to the Blackberry flash memory Methodology Outline Examination Process  The general NIST's approach for forensic tool testing was applied to the examination methodology. Examination procedures will include: Examination Requirements:  The acquisition approach will concentrate on extracting data from the Blackberry curve 8520 internal flash memory. The examination will attempt to locate data within the logical copy and types of data stored on the Blackberry. Examination Plan and Test Cases:  The test case scenario includes a predefined data set that includes all data types stored on the Blackberry device. Acquisition and Examination Tools:  To create a logical backup for the Blackberry Curve internal flash memory, Blackberry Desktop Manager will be needed for that purpose. Moreover, for data analysis and recovery six different tools such as Elcomsoft Backup Explorer (Amber) 9.05, XRY 5.2, MagicBerry 3.1.0, phoneMiner 1.0.1.1, IPDdump 0.3, and BlackBerry Backup Methodology Outline Examination Process Examination Environment Setup and Test Procedures  Only one forensic workstation was used during the forensic examination. That workstation was configured with Windows 7 operating system platform. The logical acquisition and examination was conducted on the same workstation. Before starting the acquisition process, all the aforementioned acquisition and analysis tools were installed and configured properly prior to use. Results  The aim of the forensic examination is to show what type of evidentiary data can be retrieved from the logical backup and where that data is located. Results and Discussion Outline Scenarios A personal BlackBerry curve 8520 device was prepared for the examination: • • The device was wiped and prepared for the examination purpose Subscription to blackberry service from Etisalat was made ( BlackBerry Basic) • Two contacts were added to the device ( Hulk Hogan, Jimi Hendrix) Three data files were sent to the targeted Blackberry using Bluetooth from another BB • • • • • • • Music file titled Video file titled Image files titled “GUN.mp3” “amazing cars.mp4” “fast and furious.jpeg” & “top key.jpeg” Use of Blackberry IM to communicate with another BB device contact Browsing two specific websites (Facebook, Gmail) Send Email , MMS , SMS using the targeted device A Call was made using the targeted device Note: There was no Micro SD card. After the scenario was accomplished the SIM card was removed from the Results andOutline Discussion -Tools SOFTWARE VERSION DISCREPTION Helps you quickly and effortlessly sync your BlackBerry Smartphone with your Mac computer, so you can do more of what you love on your BlackBerry Smartphone. Desktop Manager 2.1.3 (build 10) BlackBerry Backup Extractor 0.72 The software can extract data stored in the IPD file easily and automatically, only one click is needed to extract data through its simple and easy to use interface MagicBerry 3.1.0 IPD reader that can read and extract: SMS Messages, Phone Call Logs, Address Book, Service Book, Tasks, memos, Calendar and export them. Elcomsoft Backup Explorer 9.05 Extracting, analyzing, printing or exporting the content of a BlackBerry backup. XRY 5.2 Performing a secure forensic extraction of data from a wide variety of mobile devices Phoneminer 1.0.1.1 Accessing your data from your BlackBerry backup files, allowing you to retrieve previously inaccessible data. IPDdump 0.3 RC4 Utility that enables the user to navigate thought and extract records from a Blackberry backup CPUID 1.961 (PC WIZARD) Powerful utility designed especially for detection of hardware . It's able to identify a large scale of system components and supports the latest technologies and standards. Results and Discussion - Evidence Outline XRY Device Unique ID IMEI Elcomsoft Blackberry Backup Explorer BlackBerry PIN Code Contacts Results and Discussion - Evidence Outline Elcomsoft Blackberry Backup Explorer Call Logs MMS Browser History SMS Results and Discussion - Evidence Outline Evidence/ Data location Results and Discussion- Comparison Outline Future Work Outline    To validate the outcoming results, the same scenarios could be applied to other models of BlackBerry where the analysis should take place using the same tools. Blackberry SDcard and SIM card could be included in further analysis. Anti-forensics assumption could be taken into consideration   Phone is locked with password Encrypted Blackberry backup files Conclusion Outline    After using six different tools, it turned out that some tools provide better result than others, but still, its not possible to say that the ultimate software is there. . Good understanding of proper seizure and preservation techniques could help minimizing any possible effect that might alter/contaminate the original evidence. Mobile forensics is a young field that is only now starting to surface. Also, lots of tools need to be developed and tested for different models of Blackberry phones beside the working experience with this type of phones and understanding the way it function could help forensic investigators to be proficient in this filed. References Outline Burnette, M. (2002) Forensic Examination of a RIM (BlackBerry) Wireless Device. Retrieved on October 16, 2011 from www.mandarino70.it/Documents/Blackberry%20Forensics.pdf Reyes, A., Wiles, J. (2007) The Best Damn Cybercrime and Digital Forensics Book Period, Retrieved on October 18, 2011 from http://books.google.com/books?hl=en&lr=&id=hI3dqOyboegC&oi=fnd&pg=PR2&dq=The +best+damn+cybercrime+and+digital+forensics+book+period&ots=GIlCe2VQxH&sig=V QJ18c-Ti3-SiSPFUuma3gTVuBg Valli, C., Jones A. (2008) A Study into the Forensic Recoverability of Data from 2nd Hand Blackberry Devices: World-Class Security, Foiled by Humans. Retrieved on October 17, 2011 from http://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1848&context=ecuworks Outline THANK YOU 4or Your Attention !
Copyright © 2024 DOKUMEN.SITE Inc.