Andriod Forensics

Hackers are exploiting the vulnerabilities of PDFs. And these PDFs are not caught by virus scanners. A company may be infected with multiple viruses every week and have no means of protection. More effort needs to be made by companies to protect themselves against these kinds of attacks.

In the first quarter of 2009, malicious PDF files made up 56% of all exploits tracked by ScanSafe. That figure climbed above 60% in the second quarter, over 70% in the third and finished at 80% in the fourth quarter.”

PDF exploits are usually the first ones attempted by attackers,” said Mary Landesman, a ScanSafe senior security researcher, referring to the multi-exploit hammering that hackers typically give visitors to malicious Web sites. “Attackers are choosing PDFs for a reason. It’s not random. They’re establishing a preference for Reader exploits.”

via Rogue PDFs account for 80% of all exploits, says researcher.

Yet more evidence that the forensics community needs to be focusing on mobile devices. Join viaForensics’ Open Source Android Forensics project.

Computer scientists at Rutgers University this week are demonstrating ways that rootkits can attack new generations of smart mobile phones.

The researchers… are showing how a rootkit could cause a smartphone to eavesdrop on a meeting, track its owner’s travels, or rapidly drain its battery to render the phone useless — all without the user’s knowledge.

“Smartphones are essentially becoming regular computers,” says Vinod Ganapathy, assistant professor of computer science in Rutger’s; School of Arts and Sciences. “They run the same class of operating systems as desktop and laptop computers, so they are just as vulnerable to attack by [malware].”

via Researchers: Rootkits Work Nicely On Smartphones, Thank You – wireless security/Security – DarkReading.

Mobile phones these days are essentially computers and are increasingly a magnet for criminal activity. Corporations and individuals need take seriously the threat against these devices. And e-forensic investigators need to learn new techniques and devise tools to combat this threat. (Hint: Take a look at viaForensics’ work on iPhone and Android forensics).

The increasing use of mobile devices for banking, money transfer, and payment is increasing the risk that criminals will target these devices for financial gain.

More banks are providing customers with the ability to access their accounts using mobile devices. In a number of cases, criminals have gained access to bank accounts by tricking cell phone providers into issuing SIM cards associated with the customer’s account…

In addition, fraudulent mobile banking applications have emerged for Android devices that attempt to steal personal financial information…

These risks will continue to grow in the coming years as more mobile devices are used to execute financial transactions…

via Identity Theft Coming to a Mobile Device Near You.

FOR IMMEDIATE RELEASE

Contact:
Andrew Hoog
Chief Investigative Officer
viaForensics
Phone: +1 312-283-0551
http://viaforensics.com/contact-us

viaForensics announces release of Open Source Android Forensics application

viaForensics has released a beta version of its Open Source Android Forensics application supporting all Android devices.

Chicago, Feb 25, 2010 – viaForensics, a computer and mobile forensics firm, has released a beta version of its Open Source Android Forensics application, which allows forensics examiners to export data from an Android device for use by law enforcement and forensic investigators.

The beta version of the application, developed under the direction of lead architect Derek Guardiola, can be downloaded to an Android device enabling examiners to then export data, including browser history, call logs, contact methods, organizations, people and short message service (text messages), to a CSV file on an SD Card.

The development of this application on an open source platform, viaForensics believes, will support the further development of an unparalleled Android Forensics application which can be used free of charge. Developers can easily create plug-ins which will extract additional data from Android devices. Developers interested in participating in the application can contact viaForensics. The project source code and apk files can be downloaded from Google Code: http://code.google.com/p/android-forensics/

As the foremost experts in Android Forensics, viaForensics has developed techniques and training programs preparing law enforcement and forensic providers with the resources to successfully investigate Android devices. viaForensics is also in development on a complimentary reporting application for the extracted data. For more information, visit the viaForensics web page on Android Forensics.

About viaForensics

viaForensics is an innovative computer/mobile forensic and e-discovery firm focusing on providing proactive services to corporations, law enforcement and law firms. Andrew Hoog is a computer scientist, computer/forensics researcher and Chief Investigative Officer at viaForensics.

###

I’m very happy to announce the beta release of our open source Android Forensics application.

Overview

The application was written for the 1.5 API which allows it to run on all Android devices.  The initial application exports the following data to a CSV file on the SD Card:

• Browser history
• Call logs
• Contact Methods (email, phones, etc.)
• Organizations (companies that contacts are in)
• People (the individual people)
• SMS

The apk file is less than 20 KB and installed the application only 44 KB on the phone.  The forensics examiner would replace the user’s SD Card with their own (and presumably image the original for forensic analysis) and the results from the application would be saved for further analysis.

Open source

We are confident this application will grow in significance and capabilities.  Already there is significant interest from the community for further development.  By deigning an extensible framework, developers can easily create plugins which will extract additional data form the device.  We believe the open source philosophy will support the development of an unparalleled Android Forensics application which can be used free of charge.

viaForensics

viaForensics has sponsored this important application.  As the foremost experts in Android Forensics, our techniques and training programs prepare law enforcement and forensic providers with the resources to successfully investigation Android devices.   On supported phones, our techniques provide a full “dd image” of key partitions providing a vast recovery of data (including deleted data and versioning of files).  We are also developing a complimentary reporting application for the extracted data and pricing will be announced soon.

How you can help

If you are interested in participating in the application, please Contact Us.  The project source code and apk files can be downloaded from Google Code:

http://code.google.com/p/android-forensics/

Special Thanks

Finally, we want to thank our lead architect and developer on this project Derek Guardiola.  Many a late night (early morning) has been spent preparing for this initial release.  His work has been instrumental in providing this important application to the forensic community.

We hope to hear from you!

FOR IMMEDIATE RELEASE

Contact:
Andrew Hoog
Chief Investigative Officer
viaForensics
Phone: +1 312-283-0551
http://viaforensics.com/contact-us

The CIO of viaForensics, Andrew Hoog, has been invited to speak at the International Conference on Cyber Security 2010 presented by the Federal Bureau of Investigation and Fordham University in New York City this August.

Chicago, Feb 24, 2010 –  viaForensics’ CIO Andrew Hoog will offer a training course on Android forensics at the upcoming Interational Conference on Cyber Security (ICCS 1020), held August 2-5, 2010, in New York City. The conference, hosted jointly by the Federal Bureau of Investigation and Fordham University, brings together law enforcement officials, industry professionals and academic experts to discuss emerging worldwide cyber threats.

In 2009, the conference hosted more than 500 professionals representing 40 counties. Attendees were an International mix of law enforcement agents and prosecutors, cyber-security researchers, members of academia and business and government leaders.

This year the conference will feature 50 lectures covering three broad areas: Emerging Technologies, Operations and Enforcement, and Real Life Experiences. In addition to the lectures, panel discussions, sponsors’ presentations, exhibitions and networking opportunities, ICCS will present two unique events – a Law Enforcement Workshop and the Cyber Security Tutorial – featuring experts presenting both technical and non-technical sessions.

viaForensics’ training, presented by CIO Andrew Hoog, provides examiners with six separate techniques to acquire data from an Android device. The course explains the techniques and analysis tools needed to effectively investigate an Android phone. The full course outline  is provided on the viaForensics website. The training will be offered on the first day of the conference, August 2nd.

Andrew Hoog has authored a groundbreaking white paper on iPhone forensics and is currently authoring a book on Android forensics. Hoog also maintains the Android Forensics Wiki (AFWiki).

About viaForensics

viaForensics is an innovative computer/mobile forensic and e-discovery firm focusing on providing proactive services to corporations, law enforcement and law firms. Andrew Hoog is a computer scientist, computer/forensics researcher and Chief Investigative Officer at viaForensics.

###

FOR IMMEDIATE RELEASE

Contact:
Andrew Hoog
Chief Investigative Officer
viaForensics
Phone: +1 312-283-0551
http://viaforensics.com/contact-us

viaForensics’ CIO, Andrew Hoog, earns Certified Computer Examiner designation

Chief Investigative Officer of viaForencis, Andrew Hoog, recently obtained his (CCE)® certification from the International Society of Forensic Computer Examiners

Chicago, Feb 19, 2010 –  The CIO of the computer/mobile forensic and e-discovery firm viaForensics, Andrew Hoog, has earned the Certified Computer Examiner (CCE) designation awarded by the International Society of Forensic Computer Examiners, an internationally recognized professional organization dedicated to upholding standards in the computer forensics community.

CCE certification is awarded to individuals who demonstrate knowledge and proficiency of skills related to the practice of digital forensics. Applicants for certification must complete an approved amount of training or professional experience and pass a four-part test.

Mr. Hoog adds this recognition to his list of credentials which includes the Global Information Assurance Certified Forensic Analyst (GCFA) designation and membership in the International High Technology Crime Investigation Association (HTCIA).

About viaForensics

viaForensics is an innovative computer/mobile forensic and e-discovery firm focusing on providing proactive services to corporations, law enforcement and law firms. Andrew Hoog is a computer scientist, computer/forensics researcher and Chief Investigative Officer at viaForensics.

# # #

FOR IMMEDIATE RELEASE

Contact:
Andrew Hoog
Chief Investigative Officer
viaForensics
Phone: +1 312-283-0551
http://viaforensics.com/contact-us

viaForensics CIO speaks on iPhone and Android Forensics at The Midwest HTCIA Chapter meeting

CIO of viaForensics, Andrew Hoog, spoke about the challenges of digital forensics on the iPhone and Android platforms

Chicago, Feb 17, 2010 –  Andrew Hoog, CIO of viaForensics, spoke last week on the challenges of performing digital forensics on mobile devices. He spoke to an audience at the meeting of the Midwest Chapter of the High Technology Crime Investigator’s Association (HTCIA). His talk focused specifically on the challenges presented by iPhone’s platform and touched briefly on the new Android platform.

Andrew Hoog is the author of a groundbreaking white paper on iPhone forensics that has gained recognition throughout the industry. In the paper, Hoog reveals the vast amount of personal information stored on Apple’s iPhone and reviews six specific products and techniques for retrieving this information.

The HTCIA is a non-profit professional organization focused on the prevention, investigation and prosecution of crimes involving advanced technology. The Midwest HTCIA Chapter holds bi-monthly meetings and hosts presentations of relevant topics.

About viaForensics

viaForensics is an innovative computer/mobile forensic and e-discovery firm focusing on providing proactive services to corporations, law enforcement and law firms. Andrew Hoog is a computer scientist, computer/forensics researcher and Chief Investigative Officer at viaForensics.

###

FOR IMMEDIATE RELEASE

Contact:
Andrew Hoog
Chief Investigative Officer
viaForensics
Phone: +1 312-283-0551
http://viaforensics.com/contact-us

viaForensics’ Android Forensics article published in Digital Forensics Magazine

In his article recently published in Digital Forensics Magazine, Andrew Hoog, CIO of viaForensics, provides an inside look Androids’ new platform from a digital forensics standpoint.

Chicago, Feb 15, 2010 –  Andrew Hoog explains Google’s mobile devise platform in his article “Android on the Loose” published in the Feb 1^st issue of Digital Forensics Magazine. The article is tailored to the digital forensics community, providing forensic examiners with strategies and techniques which take into account the challenges of mobile phone forensics as well as unique characteristics of the Android platform.

The Android platform has presented several challenges for the digital forensics community, including its effective security model, YAFFS2 file system and use of a wide range of hardware and software. While much research is still needed, Hoog’s article provides an overview of practical strategies for extracting and analyzing data, including the “Hoog Method,” still in development by viaForensics, which enables the examiner to recover all information, both deleted and undeleted.

The article also serves as a jumping off point for further discussion and exploration of this topic by the digital forensics community. More information on this topic, including updated research, can be found on the viaForensics’ website: http://viaforensics.com/android and the Android Forensics Wiki at http://viaforensics.com/afwiki.

The full article is available to subscribers of Digital Forensics Magazine, a quarterly publication featuring news and articles relevant to the computer security and digital forensics industries. Digital Forensics Magazine is published by UK-based TR Media.  Subscription information can be found at http://digitalforensicsmagazine.com.

About viaForensics

viaForensics is an innovative computer/mobile forensic and e-discovery firm focusing on providing proactive services to corporations, law enforcement and law firms. The author, Andrew Hoog, is a computer scientist, computer/forensics researcher and Chief Investigative Officer at viaForensics. He is currently writing a book about Android Forensics.

# # #

FOR IMMEDIATE RELEASE

Contact:
Andrew Hoog
Chief Investigative Officer
viaForensics
Phone: +1 312-283-0551
http://viaforensics.com/contact-us

CIO of viaForensics speaks on Android Forensics at DoD’s DC3 Conference

CIO of viaForensics, Andrew Hoog, spoke about digital forensics and the Android platform at the U.S. Department of Defense Cyber Crime Conference 2010.

Chicago, Feb 11, 2010 – The CIO of viaForensics, Andrew Hoog, gave a presentation titled “Android Forensics Techniques, File Systems and Analysis” to a group of attendees at the U.S. Department of Defense (DoD) Cyber Crime Conference on January 27, 2010. As the Android mobile device platform is poised to make significant inroads into the market, viaForensics’ presentation provides timely information on the Android platform, significant areas of focus for the forensic examiner and forensic techniques that examiners can use today.

While the release of Android’s open source platform is a welcome change, it presents unique challenges for digital forensics examiners, including its use of the YAFFS2 file system, the non-standard C library and the Dalvik virtual machine. viaForensics has put significant research and development efforts into Android Forensics. They have developed a comprehensive training course outlining six separate techniques used to acquire data from Android devices. viaForensics also maintains the Android Forensics Wiki with the latest information on the topic.

The DoD’s Cyber Crime Conference brings together forensic examiners, prosecutor, law enforcement personnel and Federal investigators to address issues related to cyber crime. The conference is sponsored by the DoD Cyber Crime Center (DC3), the Joint Take Force – Global Network Operations and the Defense Criminal Investigative Service. Historically, the conference draws over 800 participants each year. This year’s theme was “Cyber Professionals: Sentinels of U.S. Security.”

More information on this topic, including information about training sessions and upcoming events, can be found on viaForensics’ website: http://viaforensics.com/android and the Android Forensics Wiki at http://viaforensics.com/afwiki.

About viaForensics

viaForensics is an innovative computer/mobile forensic and e-discovery firm focusing on providing proactive services to corporations, law enforcement and law firms. Andrew Hoog is a computer scientist, computer/forensics researcher and Chief Investigative Officer at viaForensics.

###