[SOLVED] Lab – by Paraben Device Seizure – Computer Science

by | Aug 28, 2022 | Computer Science

The attached assignment is due on Sunday, February 7th by 11:59 pm. Please complete your assignment in a Word document and then upload it for grading. Remember, I am looking for detailed and supported answers. Be sure to answer ALL of the questions in this assignment AND include a 1-page written report on your findings.For this weeks lab, you will need to access the software through VM. Once you are in VM, go to the Start Menu, find Paraben and the click Device Seizure. Please note that some of the information in the videos deals with actually working with physical devices. Since this is an online class, you will be working only with images of devices. With that being said, you will need to download the image of the Palm PDA from Blackboard to your desktop. The image must ALWAYS be copied to the desktop in order to open it in the software. Once the image is on the desktop you can Click the image and it will open in Device Seizure or you can import the file by opening the software then clicking open case. Once the image is in the software you will need to click SORT from the top task bar. If you do not Sort the data you will not be able to analyze the image. For this weeks case you are only responsible for finding the answers to the questions being asked. You will need to explore the software to find the answers. Mobile forensics is very different than computer forensics. There is not a one size fits all for all phones. Throughout the next few weeks you will see the file structures change from phone to phone. You will learn how to analyze the device images by trial and error. Unlike computer forensics, each devices file structure is different. You must work with the image and learn where evidence is located. As the image gets more advanced so will the options. You will use the first couple of labs to become familiar with the tool. In addition to answering the questions in detail, you need to write a 1-page report. Note: The required Paraben Device Seizure case file is attached to this assignment. The case file name is “Palm PDA Case File.ds”Any assignments submitted after that time will receive a 10% penalty per day and after three days the assignment will not be accepted.Assignment Rubric ( 100 Points)Forensics analysis and written report80Writing Standards – APA format20—- https://youtu.be/l9sMnuoyC0Y- https://youtu.be/GVipqYjhkWM- https://youtu.be/xKebl3d-cTc- Remember, I am looking for detailed and supported answers. Be sure to answer ALL of the questions in this assignment AND include a 1-page written report on your findings.Name: ____________________
Palm PDA
Scenario: This Palm was found on a dead body in Las Vegas.
The victim was dressed as a pirate. The only form of ID on his person was the name Steve
on an employee nametag to Average Joe’s Gym. Las Vegas PD has determined that the
victim died as a result of scurvy. Examine the victim’s Palm PDA and answer the following
questions:
1. Who is this owner of this device?
2. What is the username associated with this device?
3. Whose email address is wrenchdodger@hotmail.com?
4. Are there any graphics or multimedia present on the device?
5. What is on September 19th?
6. Is there anything scheduled under ‘ToDo” besides register the Palm PDA?
7. If you needed more information about the victim, who would you call?
8. Is there any record of money in this Palm PDA? If so, list all purchases?
9. Write a 1-page report of how your above findings are relevant to this case.
Mobile Forensics
Mobile Forensic Rules
1.
2.
3.
4.
5.
Maintain power
Block signals (take it off the network)
Gather cables and accessories
Do acquisition in a lab
Use forensic-grade software for analysis
Step 1: Maintain Power
• Maintain Power on the Device
– Keep the device charged
– Need 50% charge for most acquisitions
– Can protect from encryption or other security
features (older devices)
Handle with Care
• Handle with Gloves
– Smudges = Passwords
– Fingerprints
– Possibly biologically contaminated
Step 1: Maintain Power
• PIN – Personal Identification Number
– 4 digit code
– 3 “mistypes” allowed (depending on phone)
– Assigned by carrier; changeable by user
• PUK – PIN Unlocking Key
– 8 digit code
– 10 mistypes allowed
– Assigned by carrier; cannot be changed
Step 2: Block Signals
• Keep Device in Original State
– Do not allow additional data after seizure
– Can use airplane mode
– Faraday technology is best
• This:
– Avoids legal issues
– Protects from remote wipe (KILL) commands
– Preserves evidence
Faraday Technology
• Faraday Technology is the
foundation of signal blocking
• Michael Faraday (1791-1867)
– British scientist
– Invented the Faraday cage
in 1836
– A Faraday cage is an enclosure
used to block electric fields,
formed by a conductive material
or mesh of such materials
Faraday Bag
• Faraday bags can be used to block
signals to mobile devices, maintaining
and preserving evidence
• Devices that are affected:





Cell phones
Hybrid handhelds
GPS
Wireless signals (802.11)
RFID
• Credit cards
• Passports
• Toll tags (EZ Pass, etc.)
• Paraben’s patented Stronghold bag pictured at right
Faraday Technology
Step 3: Gather Cables and Accessories
Step 3: Gather Cables and Accessories








SIM Cards
Media cards
Bluetooth Devices
Belt Clips
Chargers
Cradles
Computers
And more . . .
Step 4: Acquire in a Lab
• Lab allows for acquisition in Faraday
environment
• Best Case Scenario: Device stays in Faraday
environment from beginning to end
• Do not perform acquisition inside of a
Stronghold bag, unless bag has filtered USB
port (e.g., Black Hole Faraday bag).
Step 5: Use Forensic-Grade Software
• Not all tools are designed for forensic use
• Forensic-Grade Sofware




Paraben’s Device Seizure
Cellebrite
Access Data’s Mobile Phone Examiner
EnCase Forensic
• Always test software
• Cross validate with other tools
• Always check for updates
Mobile Forensics Data Sources
Logical
Analysis
Physical
Analysis
JTAG
Chip-off
Provider
Records
Logical vs. Physical Acquisitions
• Logical Acquisition:
– Goes after all the “active” information
– Only information that can be seen on the device interface
– Acquires common user data such as Contacts, SMS and
MMS History, Call Logs, and multimedia files
• Physical Acquisition:
– Goes after all the “inactive” information
– All information that can and cannot be seen via the device
interface
– Acquires the complete memory image of the device
memory if possible
INTRODUCTION TO PARABEN’S
DEVICE SEIZURE
Paraben’s Device Seizure Software
• Device Seizure (DS) was
designed for forensics
• Provides physical and logical
device acquisition support in a
single tool
• Allows sorting and searching
(Boolean)
• Provides a variety of report options
• Allows for export of common data (graphics and
media)
Supports Over 22,000 Device Profiles
Feature Phones











Alcatel
Kyocera
LG
Motorola (including IDEN)
Nokia
Siemens
Samsung
Sony-Ericsson
Sanyo
ZTE
All types of CDMA phones
GPS Devices


Garmin
TomTom
Smartphones















Palm OS & Web OS
Windows CE OS
Windows Mobile
Windows Phone
Symbian OS
RIM BlackBerry OS
Apple iPhone
Apple iPad
Apple iPod Touch
Apple iPod
Android
Chinese Android
Android Wear
Kindle Fire
Tizen
Device Seizure Interface
Case Tab
• Create Case
– Create a new case
• Save As
– Rename the current case
• Close
– Close the current case
• Recent
– View and open recently viewed cases
• Options
– Set options for Device Seizure cases
• Exit
– Shuts down the application
Home Tab
• Start Acquisition
– Starts acquiring data from a device
• Import From
– Starts importing data from a file (acquired
previously)
• Generate Report
– Generates a report on acquired data
• Sort Data
– Starts sorting binary files in the case
Export Tab
• Export To
– Export selected data to its native format
• Batch Export
– Export checked data from a case to a single location
• Export Graphics and Multimedia
– Export all graphics and multimedia from Sorted Files
pane
• Export to XML
– Export data from the case to an XML file
Tools Tab
• Compare Cases
– Compare two cases to see differences between
them
• Open in Link2
– Open case data in Link2 to analyze links between
data stored on different devices
• SIM Cloner
– Duplicate identification files from a GSM SIM card
to a blank card
View Tab
• Restore Layout
– Returns view settings to defaults
• Viewers
– Specifies which viewers are visible
• Status Bar
– Enables or disables the status bar
DS Acquisition Capabilities




Logical and Physical
Media Cards
SIM Cards
CDR Data
DS Process Steps
1. Start case
2. Complete logical acquisition
3. Complete physical acquisition
4. Complete SIM card acquisition
5. Complete media card acquisition
6. Select to sort all data
7. Perform searches
8. Bookmark evidence
9. Generate report
10. Export graphics and media
Create a New Case
• Create a New Case from the Case menu or the
Welcome screen
Give the Case a Filename
• Name your new case and click Save
Starting an Acquisition
• Connect a device
• Click Start Acquisition on the Home tab of the Ribbon
• Note you can also click on Welcome Screen but case name
will be chosen for you
Automatic Detection vs. Manual Plug-In
Selection
• Automatic detection identifies devices
connected to your computer and allows you
to perform acquisition from them
• Manual plug-in selection allows you to
manually select the most suitable plug-in for
the device to perform logical or physical
acquisition
Select a Device
• Select a device/option for acquisition
Select Logical or Physical
• Select the type of acquisition to be performed
Select Additional Actions
• Select additional actions to be performed
Read Device Instructions
• Read specific acquisition instructions for
device
Select Sorting and Reporting Options
• Select actions to be performed after
acquisition
Acquisition Progress
• Watch the progress as each item is acquired
Data Acquired
• Success!
Case View with Acquired Data
Saving a Case
• Save the case from the Case Menu or the
Quick Access menu
Opening a Case
• Open a case from the Case menu or the
Welcome screen
Exporting
• You can export single files (images, videos)
and perform a batch export

Purchase answer to see full
attachment



Why Choose Us

  • 100% non-plagiarized Papers
  • 24/7 /365 Service Available
  • Affordable Prices
  • Any Paper, Urgency, and Subject
  • Will complete your papers in 6 hours
  • On-time Delivery
  • Money-back and Privacy guarantees
  • Unlimited Amendments upon request
  • Satisfaction guarantee

How it Works

  • Click on the “Place Order” tab at the top menu or “Order Now” icon at the bottom and a new page will appear with an order form to be filled.
  • Fill in your paper’s requirements in the "PAPER DETAILS" section.
  • Fill in your paper’s academic level, deadline, and the required number of pages from the drop-down menus.
  • Click “CREATE ACCOUNT & SIGN IN” to enter your registration details and get an account with us for record-keeping and then, click on “PROCEED TO CHECKOUT” at the bottom of the page.
  • From there, the payment sections will show, follow the guided payment process and your order will be available for our writing team to work on it.