Small scale devices
1 mar. 2013Terje Raknerud from the Norwegian police academy had this lecture:
Small scale digital devices in criminal investigations
What are they?
It's every small thing like phones, PDA, MP3-players, GPS-devices or anything with an uncommon interface (so flash/SSD cards are excluded)
They are becoming "super dense", more and more space, they are "always" with the owner (phones).
Potential evidence?
- Alibi
- Localization
- Usage data (photos, notes, ..)
- System data (logs..)
Challenges
How to secure a digital crime scene?
- They get lost (small), or not collected (lack of knowledge). They could be hidden, stepped on..
- Lack of knowledge in analyzing them
- Turn off device and face password protection or leave on and face both alternations and remote wiping
- Lack of standards in connectivity, operating system, protection etc, and they change all the time. New models with small changes.
Data accusation
- Isolate from network: Remove SIM, Faraday cage, "plane mode" (does not always work)
- Clone SIM card (call log might be erased if new SIM is inserted)
- Connect to computer (logical - cheap) or chip off (physical - expensive)
- Brute force PIN or passwords
Mobile phones
- SIM card can contain interesting information: Country and provider. Do not trust phone number as it can be altered by user.
- SIM (USIM) can sometimes contain phone book and last calls. Depends on phone manufacturer.
- Device ID usually hidden behind battery...
Snarveier
Flere fra skole