2010.01_Oxygen Forensics Suite 2_[Tools].pdf

TOOLS

Oxygen Forensics Suite 2

Oxygen Forensics Suite is a Mobile

Forensics Suite. It provides detailed

analysis of mobile phones, PDA's and

smart phones.

Golubev. This cleared things up in my mind and I

proceeded with my testing.)

Application in use: Nokia E61

Smart Phone

During the extraction, I was asked to install their

application to the phone to aid in the extraction

process. Once this was completed, I extracted

the data, as before and was able to retrieve the

following from the device: Network Operator;

Contact Details; SMS Sent; SMS Received;

Outgoing Calls; Incoming calls; Images cap-tured

on camera; All files on the device (documents,

images, music files etc.); Full chronological order

of events on the phone; Details of web pages

visited; Details of bookmarks in the browser. I

exported the data to a pdf to have paper copy .

While viewing the data, each item you select

is shown at the bottom of the screen. You have

two viewing options where you can select how

you actually see the data. On one side I had it

set to see the HEX of the data and on the other

side it was set to auto-detect. This enables to

actually check the headers of the files, so if

someone has tried to just rename a file to hide

data, you will be able to see exactly the type of

file it really is on the HEX side.

Installation

I downloaded the application from the

website via the links provided, a nice and

easy installation by following the on-screen

instructions and no reboot required. Once the

program is installed, you are provided with a

step-by-step presentation on how best to use

this application in order for you to extract data

from the device that requires investigation.

As a precaution, I also downloaded the

Oxygen Forensic Suite 2 Drivers pack. This

package included Cable, Bluetooth and Infra-

red adapter drivers for all devices supported by

Oxygen Forensic Suite 2.

Upon first use, you are required to change the

master username and password before you can

proceed. Initially I thought you had to just change

the password, but after 5 minutes of head

scratching, I realised I needed to change both.

System: Windows XP

System Details: Service

Pack 2, 1GB Ram, Intel

Pentium M 1.73Ghz.

Phones tested: Sony

Ericsson K510i, Nokia E61

License: full version

Url: http://www.oxygen-

forensic.com/en

Pricing: Standard €499,

Professional €799

Comparison:

http://www.oxygen-

forensic.com/en/compare/

Process to extract data

Follow the instructions through the Oxygen

Connection Wizard. Select your mobile phone

manufacturer and then model number.

Connect the phone to the computer, and then

click connect.

If there is a requirement to install software to

the mobile phone to allow full extraction of data,

then you will be prompted to do so. There may be

some of you who will be concerned that we are

making changes to the system that we are trying

to extract data from and usual forensic practice

is to always work on a read-only system. I did

check this with the manufacturer and received the

following in response. This is a common, but not

confusing question. The current situation in phone

forensics is a matter of choice. Experts can use

standard methods and get a little portion of data

or even don't get a single valuable item. On the

other hand, they can use extended methods that

we and other solutions, even those who constantly

claim about read-only modes offer and get the

whole variety of data. Frankly speaking there

are 2 areas in mobile phones: for data and for

the system, and installing Agent application we

don't influence user data in any way , Nickolay

Overall Impressions

This is a very impressive piece of software,

and the features available seem to cover all

eventualities regarding examining a device for

forensic purposes. There was one feature that I

was not able to test and that was the Geo event

positioning option. This option extracts the

exact phone location during all the events that

took place on the device.

I can imagine a few scenario's where

this software would be of use, one of which

would be for schools where there has been

bullying via phones on pupils. This would

enable the staff to extract all the data from

the victim’s phone and store it for future use. I

was very impressed by this software and did

not realise just how much data is stored on a

device I keep in my pocket. It tracks all of my

movements (if the phone has GPS) and gives

a good insight on my daily life. Very simple and

easy to use, but also very powerful on the data

in extracts and provides to the user/investigator

by Michael Munt .

1/2010

HAKIN9

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: