The impace of custom ROM backups on android external storage erasure

The Android operating system is the current market leader on mobile devices such as smartphones and tablet computers. The core operating system is open source and has a number of developers creating variants of this operating system. These variants, often referred to as custom ROMs are available for a wide number of mobile devices. Custom ROMs provide a number of features, such as enhanced control over the operating system, variation in user interfaces and so on. The process of installing custom ROMs is often accomplished through the use of a ROM manager application. Such applications often provide mechanisms to back up the contents of the mobile device prior to upgrade. This mechanism is utilised in the case of a failed update to restore the device to its previous functional state. Backups produced in this manner are often stored in on an external media such as a micro-SD card.In the conducted research we evaluated devices inbuilt data erasure mechanisms within the context of erasure of backups produced by ROM managers. It was found that simply using the devices Format External / SD function is not an effective means of completely erasing these backups. Once recovered, these backups offer a quick source of information that a potential attacker could carve to retrieve user files such as media transferred to the external or from applications. Although the same files could be recovered from an image of the external storage itself, the carving process is more efficient than traditional carving methods

The impace of custom ROM backups on android external storage erasure

The Android operating system is the current market leader on mobile devices such as smartphones and tablet computers. The core operating system is open source and has a number of developers creating variants of this operating system. These variants, often referred to as custom ROMs are available for a wide number of mobile devices. Custom ROMs provide a number of features, such as enhanced control over the operating system, variation in user interfaces and so on. The process of installing custom ROMs is often accomplished through the use of a ROM manager application. Such applications often provide mechanisms to back up the contents of the mobile device prior to upgrade. This mechanism is utilised in the case of a failed update to restore the device to its previous functional state. Backups produced in this manner are often stored in on an external media such as a micro-SD card.In the conducted research we evaluated devices inbuilt data erasure mechanisms within the context of erasure of backups produced by ROM managers. It was found that simply using the devices Format External / SD function is not an effective means of completely erasing these backups. Once recovered, these backups offer a quick source of information that a potential attacker could carve to retrieve user files such as media transferred to the external or from applications. Although the same files could be recovered from an image of the external storage itself, the carving process is more efficient than traditional carving methods

The impact of custom ROM backups on android external storage erasure

The Android operating system is the current market leader on mobile devices such as smartphones and tablet computers. The core operating system is open source and has a number of developers creating variants of this operating system. These variants, often referred to as custom ROMs are available for a wide number of mobile devices. Custom ROMs provide a number of features, such as enhanced control over the operating system, variation in user interfaces and so on. The process of installing custom ROMs is often accomplished through the use of a ROM manager application. Such applications often provide mechanisms to back up the contents of the mobile device prior to upgrade. This mechanism is utilised in the case of a failed update to restore the device to its previous functional state. Backups produced in this manner are often stored in on an external media such as a micro-SD card.In the conducted research we evaluated devices inbuilt data erasure mechanisms within the context of erasure of backups produced by ROM managers. It was found that simply using the devices Format External / SD function is not an effective means of completely erasing these backups. Once recovered, these backups offer a quick source of information that a potential attacker could carve to retrieve user files such as media transferred to the external or from applications. Although the same files could be recovered from an image of the external storage itself, the carving process is more efficient than traditional carving methods

The Potential for cross-drive analysis using automated digital forensic timelines

Cross-Drive Analysis (CDA) is a technique designed to allow an investigator to “simultaneously consider information from across a corpus of many data sources”. Existing approaches include multi-drive correlation using text searching, e.g. email addresses, message IDs, credit card numbers or social security numbers. Such techniques have the potential to identify drives of interest from a large set, provide additional information about events that occurred on a single disk, and potentially determine social network membership. Another analysis technique that has significantly advanced in recent years is the use of timelines. Tools currently exist that can extract dates and times from the file system metadata (i.e. MACE times) and also examine the content of certain file types and extract metadata from within. This approach provides a great deal of data that can assist with an investigation, but also compounds the problem of having too much data to examine. A recent paper adds an additional timeline analysis capability, by automatically producing a high-level summary of the activity on a computer system, by combining sets of low-level events into high-level events, for example reducing a setupapi event and several events from the Windows Registry to a single event of ‘a USB stick was connected’. This paper provides an investigation into the extent to which events in such a high-level timeline have the properties suitable to assist with Cross-Drive Analysis. The paper provides several examples that use timelines generated from multiple disk images, including USB stick connections, Skype calls, and access to files on a memory card

A survey of performance enhancement of transmission control protocol (TCP) in wireless ad hoc networks

This Article is provided by the Brunel Open Access Publishing Fund - Copyright @ 2011 Springer OpenTransmission control protocol (TCP), which provides reliable end-to-end data delivery, performs well in traditional wired network environments, while in wireless ad hoc networks, it does not perform well. Compared to wired networks, wireless ad hoc networks have some specific characteristics such as node mobility and a shared medium. Owing to these specific characteristics of wireless ad hoc networks, TCP faces particular problems with, for example, route failure, channel contention and high bit error rates. These factors are responsible for the performance degradation of TCP in wireless ad hoc networks. The research community has produced a wide range of proposals to improve the performance of TCP in wireless ad hoc networks. This article presents a survey of these proposals (approaches). A classification of TCP improvement proposals for wireless ad hoc networks is presented, which makes it easy to compare the proposals falling under the same category. Tables which summarize the approaches for quick overview are provided. Possible directions for further improvements in this area are suggested in the conclusions. The aim of the article is to enable the reader to quickly acquire an overview of the state of TCP in wireless ad hoc networks.This study is partly funded by Kohat University of Science & Technology (KUST), Pakistan, and the Higher Education Commission, Pakistan

Investigation of JTAG and ISP Techniques for Forensic Procedures

Antud töö teemaks on andmete füüsiline kopeerimine kasutades JTAG ja ISP meetodit. Need meetodid olid algselt loodud tootja poolt mikrokontrollerite (PCB) parandamiseks ja testimiseks, samas on võimalik neid meetodeid kasutada IT kriminalistikas mobiilseadmetelt andmete kättesaamiseks. Käesoleva töö eesmärk on kirjeldada üldiselt neid meetodeid ning testide kaudu näidata, et tulemused on samaväärsed võrreldes igapäevaste mobiilseadmete kriminalistikas kasutatavatega. Esimese testi eesmärgiks on tuua välja erinevusi erinevate kopeerimismeetodite vahel. Tulemuste võrdlemiseks on kasutatud Cellebrite UFED Touchi ja Physical analyzeri tarkvara. Teise testi eesmärk on näidata, et kõik füüsilise kopeerimise meetodid on samaväärsed. Selleks tuleb võrrelda kahe erineva meetodiga saadud andmeid ühelt ja samalt seadmelt. Viimase testi eesmärk on näidata, kas on võimalik leida soovitud andmeid seadmelt, mis on krüpteeritud.This thesis is focusing on JTAG and ISP physical acquisitions techniques. These techniques were created from manufactures to test PCBs and repair devices but they are being used as a forensic technique to acquire the data from a device. The aim is to give an overview of these techniques from a forensic point of view and in addition to some other tests will try to prove that are forensically equivalent to any other method. The first test will focus on showing the differences on the different types of acquisition by comparing the results of a forensic analysis of the same device using Cellebrite UFED Touch and Physical Analyzer. The second test will try to prove that all physical acquisitions are equivalent by comparing the acquired data from the same device with two different methods. Finally, the last test will focus on the examination of the content of an encrypted device to show if it is possible to find evidences

Impact of New Madrid Seismic Zone Earthquakes on the Central USA, Vol. 1 and 2

The information presented in this report has been developed to support the Catastrophic Earthquake Planning Scenario workshops held by the Federal Emergency Management Agency. Four FEMA Regions (Regions IV, V, VI and VII) were involved in the New Madrid Seismic Zone (NMSZ) scenario workshops. The four FEMA Regions include eight states, namely Illinois, Indiana, Kentucky, Tennessee, Alabama, Mississippi, Arkansas and Missouri. The earthquake impact assessment presented hereafter employs an analysis methodology comprising three major components: hazard, inventory and fragility (or vulnerability). The hazard characterizes not only the shaking of the ground but also the consequential transient and permanent deformation of the ground due to strong ground shaking as well as fire and flooding. The inventory comprises all assets in a specific region, including the built environment and population data. Fragility or vulnerability functions relate the severity of shaking to the likelihood of reaching or exceeding damage states (light, moderate, extensive and near-collapse, for example). Social impact models are also included and employ physical infrastructure damage results to estimate the effects on exposed communities. Whereas the modeling software packages used (HAZUS MR3; FEMA, 2008; and MAEviz, Mid-America Earthquake Center, 2008) provide default values for all of the above, most of these default values were replaced by components of traceable provenance and higher reliability than the default data, as described below. The hazard employed in this investigation includes ground shaking for a single scenario event representing the rupture of all three New Madrid fault segments. The NMSZ consists of three fault segments: the northeast segment, the reelfoot thrust or central segment, and the southwest segment. Each segment is assumed to generate a deterministic magnitude 7.7 (Mw7.7) earthquake caused by a rupture over the entire length of the segment. US Geological Survey (USGS) approved the employed magnitude and hazard approach. The combined rupture of all three segments simultaneously is designed to approximate the sequential rupture of all three segments over time. The magnitude of Mw7.7 is retained for the combined rupture. Full liquefaction susceptibility maps for the entire region have been developed and are used in this study. Inventory is enhanced through the use of the Homeland Security Infrastructure Program (HSIP) 2007 and 2008 Gold Datasets (NGA Office of America, 2007). These datasets contain various types of critical infrastructure that are key inventory components for earthquake impact assessment. Transportation and utility facility inventories are improved while regional natural gas and oil pipelines are added to the inventory, alongside high potential loss facility inventories. The National Bridge Inventory (NBI, 2008) and other state and independent data sources are utilized to improve the inventory. New fragility functions derived by the MAE Center are employed in this study for both buildings and bridges providing more regionally-applicable estimations of damage for these infrastructure components. Default fragility values are used to determine damage likelihoods for all other infrastructure components. The study reports new analysis using MAE Center-developed transportation network flow models that estimate changes in traffic flow and travel time due to earthquake damage. Utility network modeling was also undertaken to provide damage estimates for facilities and pipelines. An approximate flood risk model was assembled to identify areas that are likely to be flooded as a result of dam or levee failure. Social vulnerability identifies portions of the eight-state study region that are especially vulnerable due to various factors such as age, income, disability, and language proficiency. Social impact models include estimates of displaced and shelter-seeking populations as well as commodities and medical requirements. Lastly, search and rescue requirements quantify the number of teams and personnel required to clear debris and search for trapped victims. The results indicate that Tennessee, Arkansas, and Missouri are most severely impacted. Illinois and Kentucky are also impacted, though not as severely as the previous three states. Nearly 715,000 buildings are damaged in the eight-state study region. About 42,000 search and rescue personnel working in 1,500 teams are required to respond to the earthquakes. Damage to critical infrastructure (essential facilities, transportation and utility lifelines) is substantial in the 140 impacted counties near the rupture zone, including 3,500 damaged bridges and nearly 425,000 breaks and leaks to both local and interstate pipelines. Approximately 2.6 million households are without power after the earthquake. Nearly 86,000 injuries and fatalities result from damage to infrastructure. Nearly 130 hospitals are damaged and most are located in the impacted counties near the rupture zone. There is extensive damage and substantial travel delays in both Memphis, Tennessee, and St. Louis, Missouri, thus hampering search and rescue as well as evacuation. Moreover roughly 15 major bridges are unusable. Three days after the earthquake, 7.2 million people are still displaced and 2 million people seek temporary shelter. Direct economic losses for the eight states total nearly $300 billion, while indirect losses may be at least twice this amount. The contents of this report provide the various assumptions used to arrive at the impact estimates, detailed background on the above quantitative consequences, and a breakdown of the figures per sector at the FEMA region and state levels. The information is presented in a manner suitable for personnel and agencies responsible for establishing response plans based on likely impacts of plausible earthquakes in the central USA.Armu W0132T-06-02unpublishednot peer reviewe

Ransomware- Its Prevention and Exclusion using Assorted Tools

Ransomware is similar to cyclone that creates data instability. The securely holded user data will be abducted. This has emerged as a malware through which user data is locked or encrypted till the ransom is paid. It is one of the fast evolving malware. Gaining income is the main motive of this ransomware. This paper focuses on various preventive measures to counter malice and can aid in eradicating ransomware. The paper also emphasize on various techniques and tools that can stamp out ransomware