Enviar búsqueda
Cargar
File000091
•
0 recomendaciones
•
738 vistas
Desmond Devendran
Seguir
Tecnología
Empresariales
Denunciar
Compartir
Denunciar
Compartir
1 de 54
Descargar ahora
Descargar para leer sin conexión
Recomendados
File000092
File000092
Desmond Devendran
File000093
File000093
Desmond Devendran
ISSC456_Final_J_Intindolo
ISSC456_Final_J_Intindolo
John Intindolo
Bq4301381388
Bq4301381388
IJERA Editor
Cell Phone Forensics Research
Cell Phone Forensics Research
Houston Rickard
Evidence Gathering and Identification of LINE Messenger on Android Device
Evidence Gathering and Identification of LINE Messenger on Android Device
IJCSIS Research Publications
Bluetooth
Bluetooth
aimenriyadh
State of art of mobile forensics
State of art of mobile forensics
STO STRATEGY
Recomendados
File000092
File000092
Desmond Devendran
File000093
File000093
Desmond Devendran
ISSC456_Final_J_Intindolo
ISSC456_Final_J_Intindolo
John Intindolo
Bq4301381388
Bq4301381388
IJERA Editor
Cell Phone Forensics Research
Cell Phone Forensics Research
Houston Rickard
Evidence Gathering and Identification of LINE Messenger on Android Device
Evidence Gathering and Identification of LINE Messenger on Android Device
IJCSIS Research Publications
Bluetooth
Bluetooth
aimenriyadh
State of art of mobile forensics
State of art of mobile forensics
STO STRATEGY
Bluetooth
Bluetooth
Pankaj Nayak
Blackberry final
Blackberry final
Ranjeet Rajput
Notacd02
Notacd02
Azmiah Mahmud
Chapter 9 security privacy csc
Chapter 9 security privacy csc
Hisyam Rosly
Peer To Peer Content Sharing On Wi-Fi Network For Smart Phones
Peer To Peer Content Sharing On Wi-Fi Network For Smart Phones
IOSR Journals
Understanding Telecom SIM and USIM/ISIM for LTE
Understanding Telecom SIM and USIM/ISIM for LTE
ntel
CNIT 128 Ch 2: Hacking the cellular network
CNIT 128 Ch 2: Hacking the cellular network
Sam Bowne
Ijariie1186
Ijariie1186
IJARIIE JOURNAL
Mobile com 21 3 2020
Mobile com 21 3 2020
Dr. MAMTA BANSAL
Chapter 05 Digital Safety and Security
Chapter 05 Digital Safety and Security
xtin101
2009: Voice Security And Privacy (Security Summit - Milan)
2009: Voice Security And Privacy (Security Summit - Milan)
Fabio Pietrosanti
Information Technology (IT)
Information Technology (IT)
Malik Afzaal
J017555559
J017555559
IOSR Journals
IRJET- Deployment of Nanosat at Low Altitude for Atmospheric Parameter Analysis
IRJET- Deployment of Nanosat at Low Altitude for Atmospheric Parameter Analysis
IRJET Journal
amrapali builders@@@bluetooth hacking.pdf
amrapali builders@@@bluetooth hacking.pdf
amrapalibuildersreviews
Android App
Android App
OnlineUser4
2 internet essentials
2 internet essentials
chris30931
A Survey on Communication for Smartphone
A Survey on Communication for Smartphone
Editor IJMTER
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
Damir Delija
2.2 working practices
2.2 working practices
Haa'Meem Mohiyuddin
Aha%202010
Aha%202010
José Luis Contreras Muñoz
File000160
File000160
Desmond Devendran
Más contenido relacionado
La actualidad más candente
Bluetooth
Bluetooth
Pankaj Nayak
Blackberry final
Blackberry final
Ranjeet Rajput
Notacd02
Notacd02
Azmiah Mahmud
Chapter 9 security privacy csc
Chapter 9 security privacy csc
Hisyam Rosly
Peer To Peer Content Sharing On Wi-Fi Network For Smart Phones
Peer To Peer Content Sharing On Wi-Fi Network For Smart Phones
IOSR Journals
Understanding Telecom SIM and USIM/ISIM for LTE
Understanding Telecom SIM and USIM/ISIM for LTE
ntel
CNIT 128 Ch 2: Hacking the cellular network
CNIT 128 Ch 2: Hacking the cellular network
Sam Bowne
Ijariie1186
Ijariie1186
IJARIIE JOURNAL
Mobile com 21 3 2020
Mobile com 21 3 2020
Dr. MAMTA BANSAL
Chapter 05 Digital Safety and Security
Chapter 05 Digital Safety and Security
xtin101
2009: Voice Security And Privacy (Security Summit - Milan)
2009: Voice Security And Privacy (Security Summit - Milan)
Fabio Pietrosanti
Information Technology (IT)
Information Technology (IT)
Malik Afzaal
J017555559
J017555559
IOSR Journals
IRJET- Deployment of Nanosat at Low Altitude for Atmospheric Parameter Analysis
IRJET- Deployment of Nanosat at Low Altitude for Atmospheric Parameter Analysis
IRJET Journal
amrapali builders@@@bluetooth hacking.pdf
amrapali builders@@@bluetooth hacking.pdf
amrapalibuildersreviews
Android App
Android App
OnlineUser4
2 internet essentials
2 internet essentials
chris30931
A Survey on Communication for Smartphone
A Survey on Communication for Smartphone
Editor IJMTER
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
Damir Delija
2.2 working practices
2.2 working practices
Haa'Meem Mohiyuddin
La actualidad más candente
(20)
Bluetooth
Bluetooth
Blackberry final
Blackberry final
Notacd02
Notacd02
Chapter 9 security privacy csc
Chapter 9 security privacy csc
Peer To Peer Content Sharing On Wi-Fi Network For Smart Phones
Peer To Peer Content Sharing On Wi-Fi Network For Smart Phones
Understanding Telecom SIM and USIM/ISIM for LTE
Understanding Telecom SIM and USIM/ISIM for LTE
CNIT 128 Ch 2: Hacking the cellular network
CNIT 128 Ch 2: Hacking the cellular network
Ijariie1186
Ijariie1186
Mobile com 21 3 2020
Mobile com 21 3 2020
Chapter 05 Digital Safety and Security
Chapter 05 Digital Safety and Security
2009: Voice Security And Privacy (Security Summit - Milan)
2009: Voice Security And Privacy (Security Summit - Milan)
Information Technology (IT)
Information Technology (IT)
J017555559
J017555559
IRJET- Deployment of Nanosat at Low Altitude for Atmospheric Parameter Analysis
IRJET- Deployment of Nanosat at Low Altitude for Atmospheric Parameter Analysis
amrapali builders@@@bluetooth hacking.pdf
amrapali builders@@@bluetooth hacking.pdf
Android App
Android App
2 internet essentials
2 internet essentials
A Survey on Communication for Smartphone
A Survey on Communication for Smartphone
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
2.2 working practices
2.2 working practices
Destacado
Aha%202010
Aha%202010
José Luis Contreras Muñoz
File000160
File000160
Desmond Devendran
File000097
File000097
Desmond Devendran
File000170
File000170
Desmond Devendran
File000124
File000124
Desmond Devendran
File000127
File000127
Desmond Devendran
Destacado
(6)
Aha%202010
Aha%202010
File000160
File000160
File000097
File000097
File000170
File000170
File000124
File000124
File000127
File000127
Similar a File000091
black berry
black berry
sireeshabyreddy9
File000149
File000149
Desmond Devendran
Blackberry technology
Blackberry technology
Sangavi G
It Presentation
It Presentation
gonzo1551
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Abhinav Biswas
Blackberry playbook – new challenges
Blackberry playbook – new challenges
Yury Chemerkin
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Duo Security
Bluetooth network-security-seminar-report
Bluetooth network-security-seminar-report
ROHIT SAGAR
dccn ppt-1.pptx
dccn ppt-1.pptx
FreefireGarena22
Security threats analysis in bluetooth enabled mobile devices
Security threats analysis in bluetooth enabled mobile devices
IJNSA Journal
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
ssuser57b3e5
Bluejacking ppt.pptx
Bluejacking ppt.pptx
DevMishra450797
DISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptx
DISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptx
mahendrarm2112
Blackberry Technology ppt
Blackberry Technology ppt
OECLIB Odisha Electronics Control Library
News Bytes June 2012
News Bytes June 2012
n|u - The Open Security Community
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to Chat
Duo Security
Bluejacking ppt
Bluejacking ppt
OECLIB Odisha Electronics Control Library
Defcon 22-weston-hecker-burner-phone-ddos
Defcon 22-weston-hecker-burner-phone-ddos
Priyanka Aash
News bytes Sept-2011
News bytes Sept-2011
Ashwin Patil, GCIH, GCIA, GCFE
Chapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptx
1SI19IS064TEJASS
Similar a File000091
(20)
black berry
black berry
File000149
File000149
Blackberry technology
Blackberry technology
It Presentation
It Presentation
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Blackberry playbook – new challenges
Blackberry playbook – new challenges
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Bluetooth network-security-seminar-report
Bluetooth network-security-seminar-report
dccn ppt-1.pptx
dccn ppt-1.pptx
Security threats analysis in bluetooth enabled mobile devices
Security threats analysis in bluetooth enabled mobile devices
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
Bluejacking ppt.pptx
Bluejacking ppt.pptx
DISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptx
DISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptx
Blackberry Technology ppt
Blackberry Technology ppt
News Bytes June 2012
News Bytes June 2012
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to Chat
Bluejacking ppt
Bluejacking ppt
Defcon 22-weston-hecker-burner-phone-ddos
Defcon 22-weston-hecker-burner-phone-ddos
News bytes Sept-2011
News bytes Sept-2011
Chapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptx
Más de Desmond Devendran
Siam key-facts
Siam key-facts
Desmond Devendran
Siam foundation-process-guides
Siam foundation-process-guides
Desmond Devendran
Siam foundation-body-of-knowledge
Siam foundation-body-of-knowledge
Desmond Devendran
Enterprise service-management-essentials
Enterprise service-management-essentials
Desmond Devendran
Service Integration and Management
Service Integration and Management
Desmond Devendran
Diagram of iso_22301_implementation_process_en
Diagram of iso_22301_implementation_process_en
Desmond Devendran
CHFI 1
CHFI 1
Desmond Devendran
File000176
File000176
Desmond Devendran
File000175
File000175
Desmond Devendran
File000174
File000174
Desmond Devendran
File000173
File000173
Desmond Devendran
File000172
File000172
Desmond Devendran
File000171
File000171
Desmond Devendran
File000169
File000169
Desmond Devendran
File000168
File000168
Desmond Devendran
File000167
File000167
Desmond Devendran
File000166
File000166
Desmond Devendran
File000165
File000165
Desmond Devendran
File000164
File000164
Desmond Devendran
File000163
File000163
Desmond Devendran
Más de Desmond Devendran
(20)
Siam key-facts
Siam key-facts
Siam foundation-process-guides
Siam foundation-process-guides
Siam foundation-body-of-knowledge
Siam foundation-body-of-knowledge
Enterprise service-management-essentials
Enterprise service-management-essentials
Service Integration and Management
Service Integration and Management
Diagram of iso_22301_implementation_process_en
Diagram of iso_22301_implementation_process_en
CHFI 1
CHFI 1
File000176
File000176
File000175
File000175
File000174
File000174
File000173
File000173
File000172
File000172
File000171
File000171
File000169
File000169
File000168
File000168
File000167
File000167
File000166
File000166
File000165
File000165
File000164
File000164
File000163
File000163
Último
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Sinan KOZAK
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
Slack Application Development 101 Slides
Slack Application Development 101 Slides
praypatel2
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
gurkirankumar98700
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Allon Mureinik
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
The Digital Insurer
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Neo4j
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
The Digital Insurer
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
Results
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Maria Levchenko
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
RTylerCroy
Último
(20)
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
Slack Application Development 101 Slides
Slack Application Development 101 Slides
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
File000091
1.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3323 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Computer Hacking Forensic Investigator (CHFI) Module XXXVI: BlackBerry Forensics Exam 312-49
2.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3324 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. News: Police Join AG BlackBerry Investigation Source: http://www.10tv.com/ Police joined the search for a BlackBerry as they suspected that it may hold evidence related to a general investigation. Paul Aker reported that detectives were dusting Jen Urban’s (an attorney in the attorney general’s office) apartment for fingerprints as she said that her BlackBerry and other items were stolen from the apartment. “It’s unfortunate,” Urban told 10 investigators. “A lot of my personal belongings were taken. I do not know the motivation behind it.” Aker reported that: State investigators said they were "very curious" about the timing The burglary took place just hours after an unannounced sweep of Attorney General Marc Dann's office by the Inspector General Inspector General Thomas Charles locked all the computers with the one belonging to Urban Charles said that his office wants to find Urban’s missing BlackBerry According to investigators in their final report, the device could consist of important information as they doubt that Urban was romantically linked to Leo Jennings III, who served as Dann's communications director. Urban stated that someone walked inside the apartment at about 5 a.m. and took her television, along with her purse and BlackBerry. Continuing with this, she told police that the crime happened while she was on the back patio where Jessica Utovich, Dann’s former scheduler, was on her couch. Later, she changed her statement by saying that Utovich was out during the burglary. To support the later statement she said that, “It is discerned at this time that the items were taken before she rested on the couch.” Aker further reported that, 10 investigators got to know that the Inspector General seized a BlackBerry belonging to Tom Winters, who took over as acting Attorney General when Dann resigned. The women who were sexually harassed inside Dann’s office claimed that Winters knew about some of the problems in January but failed to act, where Winters denied to comment about it.
3.
4.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3326 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Module Objective This module will familiarize you with: BlackBerry BlackBerry Operating System How BlackBerry Works BlackBerry Serial Protocol Blackjacking Attack BlackBerry Security BlackBerry Forensics Best Practices Forensics Tools
5.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3327 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Module Flow
6.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3328 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. BlackBerry In 1999, Research In Motion (RIM) manufactured the BlackBerry wireless handheld device. It provides a number of applications such as email, mobile telephone, text messaging, Internet faxing, web browsing, and other wireless information services. Initially, it focused on email facility. BlackBerry transports data over the wireless data networks of mobile phone service companies. BlackBerry has a small built-in QWERTY keyboard, wtih an “Alt” key for entering special numbers and characters. It has a self-configurable "AutoText" feature that provides a list of frequently used words or special characters. You can navigate through the system using the “trackwheel” that allows you to select an option with a click function on the right side of the device. Certain BlackBerry models incorporate a two-way-radio. Modern BlackBerry devices have ARM 7 or 9’s processor. While the old BlackBerry 950 and 957 devices consist of Intel 80386 processors, the latest GSM BlackBerry models (8100 and 8700 series) consist of an Intel PXA901 312 MHz processor, 64 MB flash memory, and 16 MB SDRAM. BlackBerry provides solutions to meet the needs of: Individuals: Everyone can stay in contact with work and home Enterprise and government customers: With the help of BlackBerry, professionals can keep in contact with their existing email and other enterprise systems Small/medium business: The “Explore” option of a BlackBerry has the ability to address several wireless requirements of your business A BlackBerry can be used: As a address book, calendar, and to create to-do lists To compose, send, and receive messages As a phone To access wireless Internet As a tethered modem As an organizer For corporate data access As a paging service
7.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3329 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. BlackBerry Operating System The BlackBerry’s operating system runs on its Intel 80386 microprocessor. The devices that connect to BlackBerry require a built-in RIM wireless modem. The operating system is event-driven, and it supports multitasking and multithreading applications. This operating system makes use of input devices such as the thumbwheel. If a message needs access to the operating system, it is done using the “RimGetMessage ()” Application Programming Interface (API). When the operating system has no applications to process, the processor switches to standby mode. With the help of proprietary BlackBerry APIs, third-party developers can write software, but the applications that have some limited functionality must be digitally signed so that it gives authorship of an application to particular developers. Earlier, BlackBerry software development was based on C++, but the latest models support MDS and Java. Java supports the RIM devices that come with the J2ME MIDP platform. RIM provides a Java Developers Kit that supports a custom application model that is different from the J2ME MIDP specification. JDK consists of the javax.microedition and RIM’s own net.rim.device.api package that supports a host of operating system-specific classes like Bitmap, Application Registry, Keypad, Radio, and Persistent Object. BlackBerry OS 4.6 is the new version of BlackBerry. It has the following features: Supports of web standards, like AJAX and CSS 1 GB onboard memory and 128 MB flash memory High capacity, slim 1500 mAhr battery Tri-band UMTS: 2100/1900/850 3.6 Mbps HSDPA Supports Wi-Fi technology (802.11a/b/g) Supports GPS features Quad-band GSM/GPRS/EDGE Music synchronization Clock application – the evolution of the alarm application
8.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3330 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. How BlackBerry Works The BlackBerry wireless email solution is simple. It works as follows: Step 1: The BlackBerry enterprise server constantly monitors BlackBerry users’ mailboxes. When a new message arrives in a user's Exchange mailbox, BES picks up that message. Step 2: After retrieving the message, it gets compressed, encrypted, and sent over the Internet via a wireless network to the BlackBerry server. Step 3: Now the message is not a readable text message; it gets decrypted only on the destination user's BlackBerry handheld. Step 4: The server decrypts, decompresses, and then places the email into the Outbox. During this procedure, a copy of the message is placed in the Sent Items folder. The BlackBerry Enterprise Server (BES) uses MAPI for communication with the user's Inbox. Due to MAPI, BES immediately knows about the incoming message. BES supports triple DES security, which helps with secure transmission of the data.
9.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3331 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Figure 36-01: Working of BlackBerry (Source: http://www.freeprotocols.org/)
10.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3332 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. BlackBerry Serial Protocol BlackBerry Serial Protocol backs up, restores, and synchronizes the data between the BlackBerry device and desktop system. It is comprised of simple packets and single byte return codes. The packets have a similar structure and consist of the following fields: Packet header (3 bytes) Command type (1 byte) Command (1 byte) Command-dependent packet data (Variable) Footer (3 bytes) The various packets include: Normal command packets Extended packets ACK packets
11.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3333 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. BlackBerry Serial Protocol: Packet Structure Table 36-01: BlackBerry serial protocol packet structure
12.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3334 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Blackjacking Attack Blackjacking means hijacking a BlackBerry connection. Attackers make use of the BlackBerry environment to prevent the security perimeters and directly attack the host of the network. The attacker uses the BBProxy tool to conduct the Blackjacking. It is a security assessment tool which allows the attacker to use BlackBerry devices as a proxy between the Internet and an internal network. The attacker installs BBProxy on the user’s BlackBerry or sends it in email attachment to the target device. On being activated, it establishes a covert channel between attackers and compromised hosts on improperly secured enterprise networks.
13.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3335 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. BlackBerry Attack Toolkit "BlackBerry Attack Toolkit” contains the BBProxy, BBScan, and relevant MetaSploit patches to exploit the vulnerability of any website. The attacker can hide the malicious software in the handheld that in turn invades the entire network it is connected to. BBProxy is the tool generally used to attack the BlackBerry device. When this tool gets installed into the device, it allows the device to be used as a proxy between the Internet and the internal network. BBScan is the BlackBerry port scanner
14.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3336 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. BlackBerry Attachment Service Vulnerability Source: ‘http://www.BlackBerry.com/ BlackBerry Attachment Service in BlackBerry Enterprise Server uses a Graphics Device Interface (GDI) component to convert images to a viewable format on the BlackBerry smartphones. Vulnerability is prevalent in the GDI component of Windows while processing Windows Metafile (WMF) and Enhanced Metafile (EMF) images. This vulnerability in the GDI component exposes the BlackBerry Attachment Service to attacks that could allow a malicious user to cause arbitrary code to run on the computer on which the BlackBerry Attachment Service is running. If a BlackBerry smartphone user is on the BlackBerry Enterprise Server with the BlackBerry Attachment Service running, and the BlackBerry smartphone user tries to use the BlackBerry smartphone to open and view a WMF or EMF image attachment in a received email message sent by a user with malicious intent, the computer on which the BlackBerry Attachment Service is running could be compromised.
15.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3337 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. TeamOn Import Object ActiveX Control Vulnerability Source: http://www.BlackBerry.com/ The BlackBerry Internet Solution is designed to work with T-Mobile My E-mail to give BlackBerry device users secure and direct access to any combination of registered enterprise, proprietary, Post Office Protocol 3 (POP3), or Internet Message Access Protocol 4 (IMAP4) email accounts on their BlackBerry devices using a single user login account. Vulnerability exists in the TeamOn Import Object Microsoft ActiveX® control used by BlackBerry Internet Service 2.0 on the BlackBerry Internet Service and the T- Mobile My E-mail websites. This vulnerability has a Common Vulnerability Scoring System (CVSS) score of 8.0 (Critical). While using Internet Explorer to view the BlackBerry Internet Service or T-Mobile My E-mail websites that use the TeamOn Import Object ActiveX control, and when trying to install and run the ActiveX control, the ActiveX control introduces the vulnerability to the system. An exploitable buffer overflow exists in the TeamOn Import Object ActiveX control used by the BlackBerry Internet Service and T-Mobile My E-mail websites.
16.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3338 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Denial of Service in BlackBerry Browser Source: http://www.BlackBerry.com/ A website creator with malicious intent may use a Hypertext Markup Language (HTML) or Wireless Markup Language (WML) web page that contains a long string value within the link. If the BlackBerry device user accesses the link using the BlackBerry Browser, a temporary denial of service may occur and the BlackBerry device may stop responding. A temporary denial of service vulnerability exists in the BlackBerry Browser. The BlackBerry Browser may stop responding when parsing a long web page address. While in the process of parsing a long web page address, the BlackBerry Browser uses the BlackBerry device’s processing capability. This may cause the BlackBerry device to stop or become slow in responding.
17.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3339 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. BlackBerry Security BlackBerry uses a strong encryption scheme to safeguard: Integrity: Data integrity depends on the security of the encryption protocol used to encrypt the data. Data integrity is generally maintained by using a Message Authentication Code (MAC) producing a unique “digital fingerprint” of a document known as a hash. Confidentiality: Confidentiality is achieved using various encryption mechanisms Authenticity: Authenticity is achieved using digital signatures BlackBerry Enterprise Solution provides two types of encryption techniques for all data transmitted between BlackBerry Enterprise Server and BlackBerry smartphones. Advanced Encryption Standard (AES) Triple Data Encryption Standard (Triple DES)
18.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3340 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. BlackBerry Wireless Security The BlackBerry encryption security mechanism meets United States Military standards. The U.S. government gave the designation 140/2 to BlackBerry, which permits its use by government agencies and the armed forces. During transit between the BES and BlackBerry, BES ensures that your confidential data is secured by using encryption methods such as the Advanced Encryption Standard (AES) and Triple Data Encryption Standard (Triple DES). BES keeps the data encrypted during transit and ensures the data between the BES and the handheld is not decrypted anywhere outside of the corporate firewall. The private encrypted keys are generated in a secure, two-way authenticated environment. The private keys that are used to access BlackBerry devices remotely are stored in the BlackBerry user’s secure mailbox (Microsoft Exchange, IBM, Lotus, Domino, or Novell GroupWise mailbox). Using the private key (which is available from the user’s mailbox), any data that is sent to a BlackBerry device can be encrypted and sent to the device, where it can be decrypted using the key available on that device. The MDS (Mobile Data System) service acts as a secure gateway between the wireless networks, corporate intranets, and the Internet.
19.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3341 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Figure 36-02: BlackBerry Security for Wireless Data (Source: http://www.BlackBerry.com/)
20.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3342 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Prerequisites for BlackBerry Forensics The following are the hardware tools: Faraday cage RIM BlackBerry Physical Plug-in StrongHold tent The following are the software tools: Program Loader Hex editor Simulator BlackBerry Signing Authority Tool
21.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3343 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Steps for BlackBerry Forensics Collect the evidence Document the scene and preserve the evidence Imaging and profiling Acquire the information Review the information
22.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3344 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Collect the Evidence Seize BlackBerry handheld devices and computer devices present at the evidence site. Seize the memory devices such as SD and MMC. Collect non-electronic evidence such as written passwords, handwritten notes, computer printouts, etc. While collecting the device, take the following precautions: While collecting the devices, take precautions to maintain the evidence such as fingerprint on the devices Evidence should not be damaged Collect and keep the devices in bags Stop the unauthorized user from entering the scene and touching the evidence
23.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3345 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Document the Scene and Preserve the Evidence Prepare documentation about the scene, which must include the state of all the evidence at the scene. Other than documents, photographs of the evidence are also necessary in the investigation. Take photographs of the scene and all the evidence present there. Evidence and documents must be kept in a secure place to protect them from damage. The main aim to preserve the evidence is to maintain the integrity of the evidence. Keep all evidence in such a way that it should be easily identifiable. If possible, label each piece of evidence with where, when, and how it was found. Secure the BlackBerry device and other evidence while transporting and storing. Secure the devices from mechanical or electrical shock. Maintain a chain of custody of documents, photographs, and evidence.
24.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3346 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Radio Control Radio waves can be used to control a device through radio signals. A switched-on BlackBerry device always emits radio waves to accept incoming connections. If a new connection is established using these radio waves, the evidence in the BlackBerry may get tampered or completely spoiled. This makes it necessary to control these radio waves to preserve evidence integrity. There are two different ways to control the wireless signals and maintain the evidentiary value of the device: Turn off the wireless signals through the main menu Place the device in a faraday cage when there is no need to interact with the device. The faraday cage will prevent the device from receiving any wireless data that can damage the evidence.
25.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3347 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Imaging and Profiling in BlackBerry Source: http://www.rh-law.com/ Imaging is the process of creating an exact copy of the contents of a digital device to protect the original one from changes. An image should be taken of the file system as the first step as long the logs are not required or a method of extracting the logs from the image is developed. An image or bit-by-bit backup is acquired using an SDK utility that dumps the contents of the Flash RAM into a file easily examined with a hex editor. The Program Loader, which is used to perform most of the inspection in addition to taking the image, will cause a reset each time it is run. Recalling a reset can mean a file system cleanup. This means that to get a partition table, you risk changing the file system and spoiling the data. One way to work around this is to use the BATCH command. The BATCH command will group all the command switches into one access, so multiple resets can be avoided. The Program Loader is run from the command line: PROGRAMMER [ [-Pport] [-Sspeed] [-Wpassword command
26.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3348 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Acquire the Information Source: ‘http://www.rh-law.com/ The radio in the “on” state allows data to be pushed onto the unit, overwriting the previous data, which makes it difficult to retrieve the lost data. Thus, a forensic investigator’s attempt to obtain an unaltered file system becomes more difficult. In order to preserve the unit, turn off the radio immediately. Turn “off” the radio and not the entire unit (including the BlackBerry device) for three specific reasons: 1. The BlackBerry is not really “off” unless power is removed for an extended period of time or the unit is placed in data storage mode. Only the display, keyboard, and radio are shut down when using the GUI to turn off the unit. 2. When the unit is turned on from an “off” mode or a true powered down state, queued items may be pushed to the unit before there is a chance to turn off the radio. 3. A program might be installed on the unit that can accept remote commands via email, by which the owner of the BlackBerry can delete or alter information to mislead the investigator. If the RIM is off, leave it off If the RIM is on, turn off the radio If the RIM is password protected, get the password Turn “off” the radio if the RIM is in the “on” state. If the unit is off at the time of acquisition, take the RIM to a secured location to turn it on and immediately shut down the radio before examination.
27.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3349 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Hidden Data in BlackBerry The various methods to perform data hiding on RIM devices are through hidden databases, partition gaps, and obfuscated data. Certain databases that are custom written do not display their icon in the ribbon graphical user interface (GUI). This enables hidden data transport. Rim Walker is a tool that can identify such a database on the subject unit by installing it on that unit. Such a database can be viewed by the SAVEFS Programmer command if it is in unencrypted form. Unused space in the file system can be utilized using the SDK tools. Data stored at the “end” of the available file system space is retained after the device is reset and can be tested with the SAVEFS Programmer command. The data can only be viewed but is not accessible. The gap between the OS/application and files partitions can be used to store information. You can view the partition table using the ALLOC Programmer command. The space between partitions can be used with SAVEFS and LOADFS commands that can load data to such spaces. Attackers may program to directly access the memory and write to the space between the partitions.
28.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3350 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
29.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3351 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Acquire Logs Information from BlackBerry Source: ‘http://www.rh-law.com/ The initial step for collecting evidence from a BlackBerry is to gather logs. This procedure is in violation of forensic methods because it requires an image to be taken and afterwards wiped from the record of logs on the handheld. Prior to applying the SDK tool, you must access the logs present on the original device and not through the standard user interface. The hidden controls to review logs are Mobitex2 Radio Status, Device Status, Battery Status, and Free Mem. Logs are reviewed by unit control functions: Mobitex2 Radio Status Provides access to the following four logs: 1. Radio Status: Enumerate the state of radio functions 2. Roam & Radio: Records Base/Area (tower) and Roam (channel) information are recorded with a duration of up to 99 hours per Base/Area/Channel. This log wraps at 16 entries and will not survive a reset. A blank entry represents a radio-off state 3. Transmit/Receive: Records TxRx, gateway MAN addresses, type and size of the data transmitted, and both network and handheld date stamps per transmission 4. Profile String: This is a recorded negotiation with the last utilized radio tower Radio Status: BlackBerry: Func + Cap + R Simulator: Ctrl + Shift + R
30.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3352 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Figure 36-03: Radio Status Device Status This function reviewed the logs that give detailed information about memory allocation, port status, file system allocation, and CPU WatchPuppy. Select a line in the Device Status using the rim’s thumbwheel to see detailed information and to access logs. BlackBerry: Func + Cap + B (or V) Simulator: Ctrl + Shift + B (or V) Figure 36-04: Device Status Battery Status Battery Status provides information on battery type, load, status, and even temperature. Figure 36-05: Battery Status
31.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3353 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Free Mem This provides information on memory allocation, common port, file system, WatchPuppy, OTA status, halt, and reset. This value can prove that the unit cleans up the file system when reset. Figure 36-06: Free Mem Comm Port This indicates the port’s state. The security thread is not unique. Figure 36-07: Comm Port File System This indicates the basic values for free space and handles. The numbers of handles, which can be found in the SDK guides, are limited. Figure 36-08: File System WatchPuppy The CPU WatchPuppy logs an entry when an application uses the CPU past a predetermined threshold. It kills processes that do not release the CPU. Figure 36-09: WatchPuppy Change to You can find the Over the Air (OTA) calendar log in the Change To menu: the OTA logs the last items synchronized via wireless calendaring on 32 lines and provides access to the debugging information.
32.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3354 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Figure 36-10: Change to Halt & Reset Reset causes the unit to re-read the file-system and can trigger a file system cleanup. The items, which are marked as ”deleted” during cleanup will be deleted permanently. At cleanup, the memory is freed for future use, which has to be avoided for a successful forensic investigation. Figure 36-11: Halt & Reset
33.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3355 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Program Loader Source: http://www.rh-law.com/ Program Loader is an imaging and analysis command line tool. Use the following commands with Program Loader: SAVEFS: The SAVEFS command writes a hex dump of the RIM’s Flash RAM to FILESYS.DMP, in the same directory as programmer.exe. The file will be exactly equal to the amount of Flash RAM available in the device (i.e. 950 = 4 MB, 957 = 5 MB). View this file with any hex editor. See Appendix A for more hex dump information. Immediately rename and write protect the file. The next time the Program Loader is run with SAVEFS it will overwrite FILESYS.DMP without warning. This is also a good opportunity to hash the file to prove integrity later in the investigation. DIR: The DIR command lists applications residing on the handheld by memory location. This will be useful later when attempting to emulate the original handheld on a PC. Take note of any non- standard or missing applications. Figure 36-12: List of DIR commands
34.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3356 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. VER: The VER command lists applications residing on the handheld and corresponding version numbers. This will be useful later when attempting to emulate the original handheld on a PC. Take note of any non-standard or missing applications. Figure 36-13: List of VER commands MAP: The MAP command displays detailed Flash and SRAM maps.
35.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3357 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Figure 36-14: List of MAP commands ALLOC: The ALLOC command displays a “partition table” that lists the breakpoints between application memory and file system memory. Take note of any unused sectors and any difference between the end of the files area and the start of the OS and application area. These do not have to be the same and is an excellent example of how data hiding can occur on a RIM device.
36.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3358 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Figure 36-15: List of ALLOC commands BATCH filename: The BATCH command groups the previous commands into a single communication session with the RIM device. This author’s testing has shown that all of the commands are compatible within the same batch, with the exception of the SAVEFS or LOADFS options. These must be performed separately, which is why the SAVEFS image should come before all of the others. The amount of free space can possibly change during an initialization. Since a cleanup may erase previously retrievable data, it makes sense to perform the image first. Wpassword: Switch on the BATCH command line or on the first line of the batch file if a password is required.
37.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3359 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Review of Information Source: http://www.rh-law.com/ Using hexdump, there are two options to review the information: 1. Manual review of the hex files using a hex editor enables access to the file system including the deleted records (indicated by byte 3 of the file header). 2. Load the hex file into the BlackBerry SDK Simulator for review. The SDK enables to decode dates on the expired records. Hex Editor Figure 36-16: Extract from file dump created using PROGRAMMER SAVEFS Simulator The Simulator operates in exactly the same manner as a handheld BlackBerry with the additional convenience of PC keyboard manipulation. You can load the dump file into the BlackBerry SDK Simulator using hex dump without handling the original unit. Procedure to simulate BlackBerry: 1. Rename the FILESYS.DMP file as following build rules: “FS” “HH” if an 857/957 “Pgr” if an 850/950 “Mb” if Mobitex or “Dt” if Datatac “.DMP” 2. Now the Mobitex pager style BlackBerry has a load file “FSPgrMb.DMP.”
38.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3360 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. 3. During the loading, if you place the DMP file in the same directory as the Simulator and all ancillary Simulator options are set to match, the file (do not mark it read-only) will be substituted for the default blank file system. The file will be overwritten to match the last state of the simulator while exiting the Simulator. 4. Set the Simulator to exactly match its Flash memory size to that of the DMP file. However, you can use a file that is smaller than the available Flash; FFh will be appended to the image file to make it match the size set in the simulator. Figure 36-17: Screenshot for Simulator options 5. Set the Simulator to match the network and model of the investigated unit. Figure 36-18: Screenshot for Simulator settings 6. Load the applications from those available in the SDK. In this stage, the DIR listing acquired in the earlier evidence acquisition will become useful. Figure 36-19: Screenshot for application loading For example, in the following figure, you can identify that the default applications of a Mobitex BlackBerry are loaded. The default applications are the same to all the models with other applications being added with respect to that model.
39.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3361 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Figure 36-20: Screenshot of loaded Mobitex BlackBerry applications 7. Select the “control”, “start simulation” to “Run” the simulator. Figure 36-21: Screenshot to run the Simulator 8. To connect the Simulator to a serial port on a PC, run the following command: OSLoader.exe OsPgrMb.dll /s1
40.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3362 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Best Practices for Protecting Stored Data The following are some of the best practices for protecting the stored data: Make password authentication mandatory through the customizable IT policies of the BlackBerry enterprise server To increase protection from unauthorized parties, there is no staging area between the server and the BlackBerry device where the data is decrypted Clean the BlackBerry device’s memory Protect the stored messages on the messaging server Encrypt the application password and storage on the BlackBerry device Protect storage of the user’s data on a locked BlackBerry device Limit the password authentication to 10 attempts Use Advanced Encryption Standard (AES) technology to secure the storage of the password keeper and the password entries on the BlackBerry device (e.g. banking passwords and PINs)
41.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3363 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. BlackBerry Signing Authority Tool Source: http://www.BlackBerry.com/ The BlackBerry Signing Authority Tool enables developers to protect the data and intellectual property of their applications. Developers can manage access to sensitive APIs and data using public and private signature keys. Administrators can select and access specific APIs and data stores. The tool validates the authenticity of a signature request using private/public key cryptography. The administrator can configure the tool to either restrict internal developers or allow external developers to request and receive signature access to specific APIs and data stores. Signature requests can be tracked and accepted or rejected based on administrator control. The BlackBerry Signing Authority Tool supports all versions of the BlackBerry Java Development Environment (JDE) and applications created for Java- based BlackBerry devices.
42.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3364 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Forensics Tool: RIM BlackBerry Physical Plug-in Source: http://www.paraben-forensics.com/ The RIM BlackBerry device physical plug-in allows you to perform a physical acquisition from most types of RIM BlackBerry devices. The BlackBerry plug-in allows you to acquire the following data from the devices: Address book Auto text Calendar Categories File system (from content store database) Handheld agent Hotlist Memo Messages Phone call Profiles Quick contacts Service book SMS Task
43.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3365 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. ABC Amber BlackBerry Converter Source: http://www.processtext.com/ ABC Amber BlackBerry Converter is a very useful tool that converts emails, contacts, SMS messages, PIN messages, autotext entries, calendar events, phone hotlist entries, memos, phone call logs, tasks, etc. from IPD (BlackBerry backup) files to any format (PDF, HTML, CHM, RTF, HLP, TXT, DOC, MDB, XLS, CSV, etc.) easily and quickly. Reads IPD (BlackBerry backup) files and exports selected messages, contacts, SMS messages, PIN messages, autotext entries, calendar events, memos, phone call logs, phone hotlist entries, and tasks to a single file of any document format: PDF format (Adobe Acrobat doesn't need to be installed), RTF format (also doesn't require MS Word to be installed), hypertext HTML format, text format, MS DOC format, popular CHM format, old good HLP format, and many more (Access, Excel, DBF, etc.) Generates contents with bookmarks (in RTF, DOC, PDF and HTML) and hyperlinks in the output file Supports column sorting Displays selected message (or contact) Supports advanced PDF export options (document information, 40/128 bits PDF encryption, PDF security options, page size, page orientation and page margins, resolution mode, compression mode, viewer options) Supports multiple CHM and HLP export options Exports messages to TIFF and DCX (multipage) Converts messages to EML in bulk. You can then drag those *.eml files and drop them into an MS Outlook Express folder. Website Creator for BlackBerry, Advanced CHM Maker Converts BlackBerry items to LIT (MS Reader), RB (Rocket eBook), FB2 (FictionBook), and PDB (Palm) Extracts text of MMS messages Exports browser URLs and browser bookmarks Supports Extended MAPI
44.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3366 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Converts contacts to VCF (vCard), emails to MSG (Outlook), calendar events to VCS (vCalendar) Allows to transfer emails to Novell GroupWise (since 6.44) Command line support, multiple language support, skin support and more Figure 36-22: Screenshot of ABC Amber BlackBerry Converter
45.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3367 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Pocket PC Source: http://www.datadoctor.in/ Pocket PC is the Windows-based tool that can be used to extract all detailed information of Windows- based mobile devices for evidence usage. The handheld PC forensic utility is used to collect data from all PDAs or equivalent digital devices for forensic analysis and scientific investigation. The smartphone investigator utility is fully capable to capture detailed information from mobile phones, such as Windows registry records, database records, mobile processor architecture, and other related information of cell phone devices. The Windows powered cell phone examiner tool is helpful to examine the other relevant information of a cellular phone, including SMS (sent or received messages), call history (call duration and call log), last dialed and received number, and saved files/folders (music, pictures, images, text documents etc) history. The Pocket PC data extraction application provides mobile phone information including model number with manufacturer name, SIM IMSI number, mobile IMEI number, battery status, and signal quality. Easy to use multimedia mobile phone forensic software is used in the field of forensic investigation to identify any data theft. The following are the features of the Pocket PC: Extract all detailed information of Windows-based pocket PC or PDA mobile phone devices such as OS registry records, database records, all saved files, and folder information Examine the information about saved text messages, call history, mobile model number with manufacturer name, IMEI number, sim IMSI number, battery status, and signal quality Generate text reports of extracted cell phone information for further use Support all major brands and companies of multimedia cell phone devices Useful for scientific investigation and forensic use User friendly software utility is easily understandable by layman users Easy to use software facilitates with systematic help menu for user’s assistance
46.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3368 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Figure 36-23: Screenshot of Pocket PC
47.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3369 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. ABC Amber vCard Converter Source: http://www.processtext.com/ ABC Amber vCard Converter is a useful tool that converts contacts from your VCF (vCard) files to many document formats (PDF, MS Word, HTML, RTF, TXT and others). The following are the features of the ABC Amber vCard Converter: Reads VCF (vCard) files Exports selected contacts to a single file of any document format: PDF format (Adobe Acrobat doesn't need to be installed), RTF format (also doesn't require MS Word to be installed), hypertext HTML format, text format, MS DOC format, popular CHM format, old good HLP format, and many more Generates contents with bookmarks and hyperlinks in the output file Command line support Supports column sorting in ascending and descending order Supports multiple PDF export options (document information, 40/128 bits PDF encryption, advanced PDF security options, page size, page orientation and page margins, resolution mode, compression mode, viewer options) Supports multiple CHM and HLP export options Displays selected contact, saves it to disk and prints it to printer Multiple language support Exports contacts to TIFF and DCX (multipage) Converts contacts to IPD (BlackBerry) Converts contacts to MS Outlook directly
48.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3370 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Figure 36-24: Screenshot of ABC Amber vCard Converter
49.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3371 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. BlackBerry Database Viewer Plus Source: http://www.cellica.com/ Wireless Database Viewer Plus allows you to be more productive by allowing you to view and update database contents on your BlackBerry. Wireless Database Viewer Plus allows you to sync with Microsoft Access, Microsoft Excel, and any ODBC-compliant database like Oracle, SQL Server, etc. The following are the features of the BlackBerry Database Viewer Plus: Get any desktop data wirelessly on your BlackBerry device Push only updated desktop data to the BlackBerry automatically Apply SQL select queries, filters, sort the fields and push data according to it Supported databases: MS Access, MS Excel, Oracle, SQL Server, FoxPro, dBase and any ODBC- compliant database Make a phone call for the selected field's numeric contents, which will be treated as a phone number Find and find again option to search a record Easy navigation in both record and grid view using shortcut keys Data is secured as 128 bit AES used for encryption Supports unicode language database such as Japanese, Chinese, Korean, Russian, etc. Figure 36-25: Screenshot of BlackBerry Database Viewer Plus
50.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3372 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Summary BlackBerry is a personal wireless handheld device that supports email, mobile phone capabilities, text messaging, web browsing, and other wireless information services BlackBerry OS 4.6 is the new version of BlackBerry It uses encryption to protect integrity, confidentiality, and authenticity of the data BlackBerry Serial Protocol backs up, restores, and synchronizes the data between the BlackBerry handheld unit and the desktop software Make password authentication mandatory through the customizable IT policies of the BlackBerry enterprise server Blackjacking is the process of using the BlackBerry environment to circumvent perimeter defenses and directly attacking hosts on a enterprise networks "BlackBerry Attack Toolkit” contains the BBProxy, BBScan, and relevant MetaSploit patches to exploit the vulnerability of any website Imaging is the process of creating an exact copy of contents of a digital device to protect the original one from changes The radio in the “on” state allows data to be pushed onto the unit, overwriting the previous data, which makes it difficult to retrieve the lost data Program Loader is an imaging and analysis command line tool Use AES technology to secure the storage of the password keeper and the password entries on the BlackBerry device (e.g. banking passwords and PINs) The RIM BlackBerry device physical plug-in allows you to perform a physical acquisition from most types of RIM BlackBerry devices
51.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3373 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Exercise: 1. How does a BlackBerry work? 2. Write a summary about the BlackBerry Serial Protocol. 3. Explain the different BlackBerry attacks. 4. List the different vulnerabilities in a BlackBerry.
52.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3374 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. 5. Describe the process for BlackBerry forensics. 6. How do you acquire log information from a BlackBerry? 7. Give a brief description of BlackBerry wireless security. 8. List some of the BlackBerry forensic tools. 9. Why is radio control necessary to preserve evidence in a BlackBerry?
53.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3375 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. 10. What are the best practices for protecting stored data?
54.
Computer Hacking Forensic
Investigator Exam 312-49 BlackBerry Forensics Module XXXVI Page | 3376 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Hands-On 1. Connect the BlackBerry to the forensic computer via a USB cable and examine the contents of the BlackBerry device. 2. See the contents such as hidden files, email content, phone call data, security event log, and system settings in the BlackBerry. 3. What is the version and make of the operating system running your BlackBerry?
Descargar ahora