Cyber Forensics Flashcards

0.0(0)
studied byStudied by 0 people
linked notesView linked note
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/46

flashcard set

Earn XP

Description and Tags

Flashcards on Cyber Forensics, Incident Response, Mobile Device Forensics, and IoT Forensics

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

47 Terms

1
New cards

Mobile Device Forensics Overview

The operation of the cellular network and service provider meta-data.

2
New cards

Three generations of mobile phones by the end of 2008

Analog, Digital personal communications service (PCS), Third-generation (3G).

3
New cards

Technologies 4G networks can use:

Orthogonal Frequency Division Multiplexing (OFDM), Mobile WiMAX, Ultra Mobile Broadband (UMB), Multiple Input Multiple Output (MIMO), Long Term Evolution (LTE).

4
New cards

Main Components Used for Communication:

Base transceiver station (BTS), Base station controller (BSC), Mobile switching center (MSC), Home Location Register (HLR), Interworking Functions (IWF), Visitor Location Register (VLR), Equipment Identity Register (EIR), Operation and Maintenance Center (OMC), Short Message Service Center (SMSC)

5
New cards

Cell network needs to keep:

Detailed information to enable cell handoff and for billing and usage purposes.

6
New cards

Data Set Contains:

Who he called and texted, how long each phone call lasted, the time of the communication, and the location of the cell tower contacted when outgoing calls were initiated.

7
New cards

Metadata Retention Laws in Australia:

Origin, destination, and time of phone calls, text messages, and emails are stored for at least two years.

8
New cards

Items stored on cell phones:

Incoming, outgoing, and missed calls; MMS and SMS messages; E-mail accounts; Instant-messaging logs; Web pages; Pictures, video, and music files.

9
New cards

Hardware Components of Mobile Devices:

Microprocessor, ROM, RAM, a digital signal processor, a radio module, a microphone and speaker, hardware interfaces, and an LCD display.

10
New cards

Electronically Erasable Programmable Read-Only Memory (EEPROM):

Enables service providers to reprogram phones without having to physically access memory chips.

11
New cards

Peripheral Memory Cards Used with PDAs:

Compact Flash (CF), MultiMediaCard (MMC), Secure Digital (SD).

12
New cards

Main concerns with mobile devices are:

loss of power, synchronization with cloud services, and remote wiping

13
New cards

Isolate the device from incoming signals with one of the following options:

Place the device in airplane mode, place the device in a paint can, use a Faraday cage/bag, turn the device off

14
New cards

Check these areas in the forensics lab:

Internal memory, SIM card, removable or external memory cards, network provider

15
New cards

Data Acquisition from Mobile: SIM contents includes:

International Mobile Subscriber Identity (IMSI), Integrated Circuit Card Identifier (ICC-ID).

16
New cards

The file system for a SIM card is a hierarchical structure:

Master File (MF), Dedicated File (DF), Elementary File (EF).

17
New cards

SIM card readers:

Combination hardware/software device used to access the SIM card.

18
New cards

Mobile Forensic Tool Classification:

Manual extraction, Logical extraction, Physical extraction (Hex Dumping), Physical extraction (Chip-off), Physical extraction (Micro Read)

19
New cards

Manual extraction tools:

Eclipse, Project-A-Phone.

20
New cards

Logical extraction tools:

Paraben’s Device Seizure, Susteen’s Data Pilot.

21
New cards

Physical extraction (Hex Dumping) tools:

CeleBrite’s UFED Touch Ultimate, RIFF Box.

22
New cards

Physical extraction (Chip-off) tools:

SD Flash Doctor, UP-828.

23
New cards

Physical extraction (Micro Read) tools:

High-power microscope.

24
New cards

The stored evidence can be found in:

Call history, SMS, Address book, Documents, Calendar, Videos, Photos, Web browser history, Email, Deleted data, Maps, Social networking data.

25
New cards

Paraben Software offers several tools:

E3:DS, DataPilot, BitPam.

26
New cards

The main IOS operating modes are:

Normal mode (secure bootchain), Recovery mode, DCFU mode (Boot ROM).

27
New cards

Backup files in iTunes contain copy of:

SMS, photos, calendar, music, call logs, configuration files, documents, keychains, network settings, cookies,…

28
New cards

Data base file systems for forensic investigations of Call history is located:

/private/var/mobile/Library/CallHistoryDB/CallHistory.storedata.

29
New cards

Data base file systems for forensic investigations of SMS Messages is located:

/private/var/mobile/Library/SMS/sms.db.

30
New cards

Data base file systems for forensic investigations of Address Book Contacts is located:

/private/var/mobile/Library/AddressBook/AddressBook.sqlitedb.

31
New cards

Consolidated GPScache location:

/private/var/root/Caches/locationd/consolidated.db

32
New cards

Photo metadata location:

/private/var/mobile/Media/PhotoData/Photos.sqlite

33
New cards

Notes location:

/private/var/mobile/Library/Notes/notes.sqlite

34
New cards

Voicemail location:

/private/var/mobile/Library/Voicemail/voicemail.db

35
New cards

Android Platform Architecture:

Linux Kernel, Native C/C++ Libraries, Android Runtime, Java API Framework, System Apps.

36
New cards

Android Security features:

Secure Kernel, Application Sandbox, The permission model, Application signing, Security Enhanced Linux, Full Disk Encryption, Trusted Execution Environment.

37
New cards

Main partitions on Android are:

/boot, /system, /data, /cache, /recovery, /misc, /sdcard.

38
New cards

Google Chrome location:

/data/data/com.android.chrome/appchrome/Default/Bookmarks, /data/data/com.android.chrome/appchrome/Default/History, /data/data/com.android.chrome/app_chrome/Default/Log in Data

39
New cards

Gmail location:

/data/data/com.google.android.gm/cache/@gmail.com, /data/data/com.google.android.gm/databases/suggestions.db

40
New cards

Whatsapp location:

/data/data/com.whatsapp/me

41
New cards

IoT Architecture includes various layers:

Application Layer, Middleware Layer, Internet Layer, Access Gateway Layer, Edge Technology Layer

42
New cards

Potential IoT vulnerabilities include:

No automatic security updates, improper communications and encryption, lack of secure storage and authentication

43
New cards

The IoT critical areas that the attackers could breach may include:

Device firmware & mobile application, Device memory, Device physical interface & network services, Local data storage & Cloud web interface, Device web interface & network traffic, Ecosystem access control & communication, Vendor & TTP backend APIs

44
New cards

Attackers can exploit IoT devices to steal data, cause physical damage to the network or launch other disruptive attacks:

DoS, Jamming, Ransomware, Sybil, Man-in-the-Middle, Replay, Side channel, Rolling code, Remote access attacks.

45
New cards

Standard forensic examination process can include:

Evidence identification and collection, Preservation, Analysis, Presentation and reporting.

46
New cards

To acquire data from smartwatches need to check:

Data API; Message API; and Node API.

47
New cards

Forensic Examination of Android Wearable Image:

Any tools can be used to forensically analyse the extracted artifcats, such as Autopsy, Magnet Axiom, IoT Inspector, NetOdin3, MD-NEXT.