Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Forensic Downloads
· Forensics Feedback
· Forums
· Members List
· Statistics
· Surveys
· Top 10
· Topics
· Training Reviews
· Web Links
· Your Account

Our Membership

Latest: JEJ
New Today: 0
New Yesterday: 0
Overall: 29358

Computer Forensics
This is a free and open peer to peer medium for digital and computer forensics professionals and students. Please help us maintain it by contributing and perhaps linking to us from your own website.

Recent Posts

 Senior Cyber Forensic Incident Response Consultant -Cambs UK
 A question for students and newbies
 E-DISCOVERY & DATA RECOVERY? WHICH ONE IS BETTER?
 Computer Forensic in e-commerce
 Computer Forensic as component in Information Security

Computer Forensics World Forums


Pages Served
We received
51260007
page views since August 2004

Security Sources

FTC
OnGuard Online
ISO 17799 ISO 27001
ISO 27000 Toolkit
ISO 27001 & 27000
Cryptography
Security Policies

Computer Forensics World: Forums

Computer Forensics World :: View topic - Anyone with experience in mobile device forensics?
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Anyone with experience in mobile device forensics?

 
Post new topic   Reply to topic    Computer Forensics World Forum Index -> General Computer Forensic Issues
View previous topic :: View next topic  
Author Message
Nexus21
Newbie
Newbie


Joined: Aug 28, 2016
Posts: 2

PostPosted: Mon Aug 29, 2016 9:27 am    Post subject: Anyone with experience in mobile device forensics? Reply with quote

Hi,

I have been attempting to perform a forensic examination on a smartphone that has suspected to be bugged by a former employer.

I have so far been unsuccessful in obtaining results.

My first attempt involved a smaller mom and pop data lab operation. Initially I was told it would cost $600. When I got there I was told to only pay $300 and only IF something was found I would pay the remaining $300. He said things like I hate to see people throwing away money etc.

I initially requested same day service (it was a Thursday). Once I got there I was told next day afternoon. I was hesitant but agreed.

Once I got home, I received an email stating that they would need more time with the phone and to call them next Monday.

Without warning I returned the next morning to retrieve my device. The guy was obviously distraught, saying "I caught him off guard" and telling him I owed him $300 more. He refused to provide me with any data or tell me what was done, if anything was found etc. I do have that final conversation recorded.

Once I had the device back in my possession, I attempted to drain the battery again by turning it on and running apps when I could. On the final boot close to when the battery was drained, it started "optimizing apps". The phone is a Nexus 4 so not so easy to simply remove the battery.

I didn't complete the optimizing apps until I went to another examiner, a larger security firm. We let the phone continue optimizing apps before attempting a physical extraction. Upon completion, the phone's time and date was reset, as well, the examiner was unable to perform a physical extraction due to Cellebrite unable to read the hard drive (error 13).

While I was at the office of the larger security firm, my examiner called the previous examiner while I was there (I also recorded the call) and he confirmed that a full physical image was obtained.

Due to the nature of what's at stake, my suspicion is the initial examiner may have been paid off to tamper with evidence. My questions are

#1 If anything such as spy apps or any info as removed, or secure delete was attempted, would this be recoverable?

#2 Would the "optimizing apps" on boot have affected anything crucial?

Any information or advice would be greatly appreciated.
Back to top
View user's profile
PreferredUser
Newbie
Newbie


Joined: Jan 01, 2007
Posts: 1130
Location: USA

PostPosted: Mon Aug 29, 2016 10:47 am    Post subject: Re: Anyone with experience in mobile device forensics? Reply with quote

Nexus21 wrote:
Due to the nature of what's at stake, my suspicion is the initial examiner may have been paid off to tamper with evidence.
You believe the initial examiner was paid so much they could compromise their integrity and their reputation which means they would never be able to work in this field ever again? They were paid so much they could close their business and retire to a country with no extradition? Hmmmm

Nexus21 wrote:
My questions are

#1 If anything such as spy apps or any info as removed, or secure delete was attempted, would this be recoverable?
Potentially.

Nexus21 wrote:
#2 Would the "optimizing apps" on boot have affected anything crucial?
You powered the device on and off several times, of course things changed.
Back to top
View user's profile
Nexus21
Newbie
Newbie


Joined: Aug 28, 2016
Posts: 2

PostPosted: Mon Aug 29, 2016 11:08 am    Post subject: Re: Anyone with experience in mobile device forensics? Reply with quote

PreferredUser wrote:
Nexus21 wrote:
Due to the nature of what's at stake, my suspicion is the initial examiner may have been paid off to tamper with evidence.
You believe the initial examiner was paid so much they could compromise their integrity and their reputation which means they would never be able to work in this field ever again? They were paid so much they could close their business and retire to a country with no extradition? Hmmmm

Nexus21 wrote:
My questions are

#1 If anything such as spy apps or any info as removed, or secure delete was attempted, would this be recoverable?
Potentially.

Nexus21 wrote:
#2 Would the "optimizing apps" on boot have affected anything crucial?
You powered the device on and off several times, of course things changed.


Sounds bizarre, I know, but I believe if they managed to remove the evidence, yes, they would have been paid enough to never have to worry about losing their license.

I'm hanging on to the device for now in a faraday bag. I've burned through my budget to continue this investigation for now, I'm just hoping that nothing has been tampered with.
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic    Computer Forensics World Forum Index -> General Computer Forensic Issues All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.10 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003 http://www.nukecops.com

Forums ©

 

TMs property of their respective owner. Comments property of posters. 2007 Computer Forensics Science World.
Digital forensic computing news syndication: Computer Forensics Training News or UM Text
Software is copyrighted phpnuke.org (c)2003, and is free under licence agreement. All Rights Are Reserved.