Mobile Handset Forensic Evidence: a challenge for Law Enforcement

Mobile phone proliferation in our societies is on the increase. Advances in semiconductor technologies related to mobile phones and the increase of computing power of mobile phones led to an increase of functionality of mobile phones while keeping the size of such devices small enough to fit in a pocket. This led mobile phones to become portable data carriers. This in turn increased the potential for data stored on mobile phone handsets to be used as evidence in civil or criminal cases. This paper examines the nature of some of the newer pieces of information that can become potential evidence on mobile phones. It also discusses some of the emerging technologies and their potential impact on mobile phone based evidence. The paper will also cover some of the inherent differences between mobile phone forensics and computer forensics. It also highlights some of the weaknesses of mobile forensic toolkits and procedures. Finally, the paper shows the need for more in depth examination of mobile phone evidence

Taxonomy of WRT54G(S) Hardware and Custom Firmware

This paper discusses the different versions of hardware and firmware currently available for the Linksys WRT54G and WRT54GS router models. It covers the advantages, disadvantages, and compatibility issues of each one of them. The paper goes further to compare firmware added features and associated filesystems and then discusses firmware installation precautions and ways to recover from a failed install

Taxonomy of iPhone activation and SIM unlocking methods

This paper will discuss the different methods of SIM unlocking and activation for the Apple iPhone. Early iPhone activation and SIM card fabrication methods as well as the latest software only methods will be discussed. The paper will examine the benefits and drawbacks of each method. It will provide a step-by-step guide to creating a specially crafted SIM card for an iPhone by using Super SIM and Turbo SIM methods. The paper will also include a section on recovering (unbricking) the iPhone and other advanced hack

A Proof-of-Concept Project for Utilizing U3 Technology in Incident Response

This paper discusses the importance of live forensics and the use of an automated USB based smart data gathering technology to be used in incident response. The paper introduces the technology and its application in incidence response as well as highlight how it works. It also explains the tools that it uses to gather the live data from target systems. The paper also highlights some of the advantages and disadvantages of the technology as will as its limitations. The paper concludes with mentioning the importance of testing the tool and ways it can be developed and taken further

The Reality of Risks from Consented use of USB Devices

Physical security is considered an integral part of information systems security. The idea that small devices pose a security threat for enterprises is well established. On the other hand, consented and supervised access to USB ports via USB flash drives is sometimes allowed. This paper will highlight the risk associated with this kind of access by devices such as IPods and USB flash drives. It will show a proof of concept USB device that runs automatically once connected to a personal computer and copies files and folders from the victim's computer to its storage and executes potentially harmful code on the computer without the user's knowledge. The paper then provides measures necessary to mitigate this type of physical attacks

Introduction to mobile phone flasher devices and considerations for their use in mobile phone forensics

The paper gives an overview of mobile phone flasher devices and their use for servicing mobile phones, their illegitimate uses and their use in mobile phone forensics. It discusses the different varieties of flasher devices and the differences between them. It also discusses the shortcomings of conventional mobile forensics software and highlights the need for the use of flasher devices in mobile forensics to compensate for the shortcomings. The paper then discusses the issues with the use of flasher devices in mobile forensics and precautions and considerations of their use. The paper goes further to suggest means of testing the flasher devices and suggest some tools that can be used to analyse raw data gathered from mobile phones that have been subjected to flasher devices

Tracing E-mail Headers

This paper will discuss tracing e-mail headers and issues associated with it. It will address both HTTP & SMTP initiated e-mails. It will discuss different ways used by e-mail senders to evade tracing and workarounds used by investigators to combat them. It will also discuss advanced measures and techniques used by investigators to track emails. The paper will not however discuss any particular tools nor endorse any software products in its coverage. Keywords E-mail forensics, tracing e-mail headers, e-mail tracking, network forensics, fake e-mails, web mail tracking, SMTP tracing, e-mail tunnelling, e-mail anonymity, mail relay, e-mail false headers. E-MAIL COMPONENTS E-mails are made of two main parts; they are the message header and message body. The header part contains routing information about the e-mail and other information such as the source and destination of the e-mail, the IP address of the sender and time related information. The message body contains the actual message of the email, i.e. message subject and body. The body might also contain attachments in the form of MIME or SMIME (Lewis, 2004). Message headers are the important part for investigating e-mail messages and will be discusse