A comparison of forensic evidence recovery techniques for a windows mobile smart phone

<p>Acquisition, decoding and presentation of information from mobile devices is complex and challenging. Device memory is usually integrated into the device, making isolation prior to recovery difficult. In addition, manufacturers have adopted a variety of file systems and formats complicating decoding and presentation.</p> <p>A variety of tools and methods have been developed (both commercially and in the open source community) to assist mobile forensics investigators. However, it is unclear to what extent these tools can present a complete view of the information held on a mobile device, or the extent the results produced by different tools are consistent.</p> <p>This paper investigates what information held on a Windows Mobile smart phone can be recovered using several different approaches to acquisition and decoding. The paper demonstrates that no one technique recovers all information of potential forensic interest from a Windows Mobile device; and that in some cases the information recovered is conflicting.</p&gt

MEMORY FORENSIC DEVELOPMENT AND CHALLENGES IN IDENTIFYING DIGITAL CRIME : A REVIEW

Digital forensic technology is currently advancing along with the demands to uncover various crimes using technology. Memory Forensic is one of the investigative fields in digital forensics. We use the Systematic Literature Review method to identify the developments and challenges of Forensic Memory in identifying digital crimes, analyzed from various reference papers according to the Include and Exclude Criteria and based on the specified Research Question. Authors chose from 30 reference journals from 3 online journal databases namely IEEE Explore, Sciencedirect, and Springer with themes related to forensic memory based on certain criteria for further review to determine the development of digital crime. The results of the SLR that we convey are the result of a study related to the use of Memory Forensic in identifying various digital attacks and challenges faced in the future

Drone forensic analysis using open source tools

Carrying capabilities of drones and their easy accessibility to public have led to an increase in crimes committed using drones in recent years. For this reason, the need for forensic analysis of drones captured from the crime scenes and the devices used for these drones is also paramount. This paper presents the extraction and identification of important artefacts from the recorded flight data as well as the associated mobile devices using open source tools and some basic scripts developed to aid the analysis of two popular drone systems- the DJI Phantom 3 Professional and Parrot AR. Drone 2.0. Although different drones vary in their operations, this paper extends the extraction and analysis of the data from the drones and associated devices using some generic methods which are forensically sound adhering to the guidelines of the Association of Chief Police Officers (ACPO)

Drone Forensic Analysis Using Open Source Tools

Carrying capabilities of drones and their easy accessibility to public have led to an increase in crimes committed using drones in recent years. For this reason, the need for forensic analysis of drones captured from the crime scenes and the devices used for these drones is also paramount. This paper presents the extraction and identification of important artefacts from the recorded flight data as well as the associated mobile devices using open source tools and some basic scripts developed to aid the analysis of two popular drone systems- the DJI Phantom 3 Professional and Parrot AR. Drone 2.0. Although different drones vary in their operations, this paper extends the extraction and analysis of the data from the drones and associated devices using some generic methods which are forensically sound adhering to the guidelines of the Association of Chief Police Officers (ACPO)

Exploring application memory

Increasingly complex malware continues to evade detection, stealing information, taking systems offline, and disrupting functionality of many computer systems. Traditional techniques have not adequately protected systems from attackers, and the most commonly used detection techniques overlook the contents of memory. Modern systems contain a wealth of information in the contents of memory, but making use of that information is anything but trivial. There are a number of challenges related to both the acquisition and analysis of a system's memory. Many forensic situations could involve machines in hostile environments, and many acquisition techniques result in artifacts, which reduce the fidelity of the image and hinder the analysis phase. Although the kernel memory space has come a long way in being mapped, the state of application memory has largely been unexplored. We have created a toolset that extracts the application's context from the structure of pointers in a sample of that application's memory. This context allows us to perform statistical analysis, visualize the structure of memory, and provides a new way to train classifiers

A Digital Forensics Case Study of the DJI Mini 3 Pro and DJI RC

The consumer drone market is rapidly expanding with new drone models featuring unique variations of hardware and software. The rapid development of drone technology and variability in drone systems can make it difficult for digital forensic investigators and tools to keep pace and effectively extract and analyse digital evidence from drones. Furthermore, the growing popularity of drones and their increased use in illegal and harmful activities, such as smuggling, espionage, and even terrorism, has led to an increase in the number of drone forensic cases for authorities to manage. To assist forensic investigators, a static digital forensic case study was conducted on two drone devices recently released by Da-Jiang Innovations (DJI): the Mini 3 Pro drone, and its remote controller, the DJI RC. The study discovered the presence of several digital artefacts on both devices, including recorded media, flight logs, and other information that could help investigators trace the drone's usage and identify its operator. Additionally, this paper explored several methods for extracting and visualising the drone's flight history, and highlights some of the potential methods used to limit, obscure, or remove key types of digital evidence.Comment: 20 Pages, 23 figure

Two Challenges of Stealthy Hypervisors Detection: Time Cheating and Data Fluctuations

Hardware virtualization technologies play a significant role in cyber security. On the one hand these technologies enhance security levels, by designing a trusted operating system. On the other hand these technologies can be taken up into modern malware which is rather hard to detect. None of the existing methods is able to efficiently detect a hypervisor in the face of countermeasures such as time cheating, temporary self uninstalling, memory hiding etc. New hypervisor detection methods which will be described in this paper can detect a hypervisor under these countermeasures and even count several nested ones. These novel approaches rely on the new statistical analysis of time discrepancies by examination of a set of instructions, which are unconditionally intercepted by a hypervisor. Reliability was achieved through the comprehensive analysis of the collected data despite its fluctuation. These offered methods were comprehensively assessed in both Intel and AMD CPUs.Comment: 25 pages, 7 figures, 8 tables. Paper presented at the Proceedings of the 10th Annual Conference on Digital Forensics, Security and Law (CDFSL), 33-57, Daytona Beach, Florida, USA (2015, May 18-21