SlideShare a Scribd company logo

BlackBerry Forensics Guide

Desmond Devendran
Desmond Devendran

This document provides information about BlackBerry forensics. It discusses the BlackBerry operating system, how BlackBerry devices work, the BlackBerry serial protocol, security vulnerabilities and attacks against BlackBerry devices like blackjacking, and best practices for securing and investigating BlackBerry devices forensically. The document also outlines the steps of BlackBerry forensics including acquiring information and logs, imaging the device, reviewing evidence, and using tools like the Program Loader and BlackBerry simulator.

Technology
1 of 44
Download to read offline
Module XXXVI – Blackberry Forensics
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly ProhibitedSource: http://www.10tv.com/ News: Police Join AG BlackBerry Investigation
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: BlackBerry Wins Versus Windows Mobile For Google Apps Mail Source: http://www.informationweek.com/
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Objective • BlackBerry • BlackBerry Operating System • How BlackBerry Works • BlackBerry Serial Protocol • Blackjacking Attack • BlackBerry Security • BlackBerry Forensics • Best Practices • Forensics Tools This module will familiarize you with:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Flow BlackBerry Operating System BlackBerry Serial Protocol BlackBerry Forensics BlackBerry Forensics Tools Best Practices Blackjacking Attack BlackBerry Security How BlackBerry Works
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited BlackBerry • To compose, send, and receive messages • As a phone • To access wireless Internet • As tethered Modem • As an organizer • For sending SMS • For instant messaging • For corporate data access • As paging service Blackberries can be used: Personal wireless handheld device that supports e-mail, mobile phone capabilities, text messaging, web browsing and other wireless information services
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited BlackBerry Operating System • Supports web standards such as AJAX and CSS • Music Sync - a synchronization application for selecting and transferring music from a computer to a BlackBerry Smartphone • Clock application – the evolution of the alarm application • Supports continuous spell checking • Numerous enhancements to existing BlackBerry Smartphone applications • Eliminates the need of browsing the address book for composing SMS • Provides method to add recipients in SMS similar to Email To: field • Built-in light-sensing technology automatically adjusts screen and keyboard brightness for indoors or outdoors Features of BlackBerry OS 4.6: BlackBerry OS 4.6 is the new version of BlackBerry
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited How BlackBerry Works BlackBerry Device (Proprietary) Third Party Message Center Generic Internet Desktop E-mail System Microsoft Outlook BlackBerry Desktop Redirector SMTP/POP via Internet RIM PDA RIM Modem BlackBerry Message Center RIMs Wireless protocol BlackBerry Enterprise Server Microsoft Exchange Corporate message center GenericInternet CorporateInternet Mailbox Interface BlackBerry Message Center Mailbox Synchronization GenericInternet ISP Message Center
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited BlackBerry Serial Protocol BlackBerry Serial Protocol is used to back up, restore, and synchronize data between the BlackBerry handheld unit and the desktop software It comprises of simple packets and single byte return codes All packets have the same basic structure
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited BlackBerry Serial Protocol: Packet Structure Bytes Description 3 Packet header Always D9 AE FB 1 Command type Each command type has a unique value, which will limit the set of commands available: 40 = Normal command 60 = Extended packet 41 = ACK CF = Handshake challenge CE = Handshake reply 1 Command For "Command Type" 41 For "Command Type" 40, the value 00 specifies initialization-related commands. Any other value represents commands listed in the "Command Table For "Command Type" 60, the only observed value has been 02. Variable Command-dependent packet data 1 Footer Always BF EA 9D
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Blackjacking Attack Blackjacking is the process of using the BlackBerry environment to circumvent perimeter defenses and directly attack hosts on a enterprise’s networks Attacker installs BBProxy on the user’s BlackBerry or sends it as an email attachment to the targets Once this tool is activated, it opens a covert channel between attackers and compromised hosts on improperly secured enterprise networks
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited BlackBerry Attack Toolkit • BBProxy tool runs on BlackBerry devices and allows the device to be used as a proxy between the Internet and the internal network • BBScan is the BlackBerry port scanner "BlackBerry Attack Toolkit” contains the BBProxy, BBScan, and relevant MetaSploit patches to exploit the vulnerability of any website
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited BlackBerry Attachment Service Vulnerability BlackBerry Attachment Service in BlackBerry Enterprise Server uses (Graphics Device Interface) GDI component to convert images to a viewable format on the BlackBerry smartphone There exists a vulnerability in GDI component of Windows while processing Windows Metafile (WMF) and Enhanced Metafile (EMF) images This vulnerability causes the BlackBerry Attachment Service to allow a malicious user to run arbitrary code on the computer on which the BlackBerry Attachment Service is running If a BlackBerry smartphone user is on the BlackBerry Enterprise Server with that BlackBerry Attachment Service running, and tries to use the BlackBerry smartphone to open and view a WMF or EMF image attachment in a received email message sent by a user with malicious intent, the computer on which the BlackBerry Attachment Service is running could be compromised
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited TeamOn Import Object ActiveX Control Vulnerability BlackBerry Internet service works with T-Mobile My E-mail to provide a secure and direct access to the BlackBerry users to any combination of registered enterprise, proprietary, Post Office Protocol 3 (POP3), or Internet Message Access Protocol 4 (IMAP4) email accounts BlackBerry Internet Service and the T-Mobile My E-mail websites use TeamOn Import Object Microsoft ActiveX control which is vulnerable to buffer overflow This buffer overflow occurs when a user uses Internet Explorer to view the BlackBerry Internet Service or T-Mobile My E-mail websites and tries to install and run the ActiveX control
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Denial of Service in BlackBerry Browser A malicious user can create a web site with a HTML or WML web page which contains a long string value within the link When BlackBerry user accesses such links using the BlackBerry Browser, a temporary denial of service may occur which stops the device from responding
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited BlackBerry Security The BlackBerry Enterprise Solution offers two transport encryption options, Advanced Encryption Standard (AES) and Triple Data Encryption Standard (Triple DES), for all data transmitted between BlackBerry® Enterprise Server and BlackBerry smartphones • Integrity • Confidentiality • Authenticity of the data BlackBerry uses a strong encryption scheme to safeguard:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited BlackBerry Wireless Security • Choose either Triple DES ( Data Encryption Standard) or AES (Advanced Encryption Standard) to encrypt messages and data Transport encryption options • Enforce all local encryption data (messages, address book entries, calendar entries, memos, and tasks) via IT policy Content protection • Password Keeper securely stores password entries on the device (e.g. banking passwords, PINs, etc.) using AES encryption technology Password Keeper • Users regenerate encryption keys directly from their device Wireless encryption key regeneration
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited BlackBerry Security for Wireless Data
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited BlackBerry Security for Wireless Data (cont’d)
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Prerequisites for Blackberry Forensics • Faraday cage • RIM BlackBerry Physical Plug-in • StrongHold tent Hardware Tools: • Program Loader • Hex editor • Simulator • BlackBerry Signing Authority Tool Software Tools:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steps for BlackBerry Forensics Review the information Acquire the information Imaging and Profiling Document the scene and preserve the evidence Collect the evidence
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Collect the Evidence Seize the BlackBerry and computer evidence at the scene Seize the BlackBerry memory cards such as SD and MMC Collect non-electronic evidence such as written passwords, handwritten notes, and computer printouts Prevent the unauthorized user from entering at the scene and touching the evidence
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Document the Scene and Preserve the Evidence All devices connected to the BlackBerry must be documented Take photographs of all evidence at the scene Document the state of the device during seizure Preserve all the documents in a secure location Secure the BlackBerry device and other evidence while transporting and storing Secure the devices from mechanical or electrical shock Maintain the chain of custody of documents, photographs, and evidence
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Radio Control There are two different ways to control wireless signal of the device to maintain evidence: • Turn off the wireless signal through the main menu • If the interaction with the device is not desired then put the device in a faraday cage Faraday cage prevents the device from receiving any wireless data
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Imaging and Profiling in BlackBerry Imaging is the process of creating an exact copy of contents of a digital device to protect the original one from changes Use SDK utility which dumps the contents of the Flash RAM into a file An investigator can extract the logs from the image or can perform the investigation on the image Use program loader for imaging and other inspection
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Acquire the Information Leave the RIM in an “off” state when: • Power is removed for an extended period of time or the unit is placed in data storage mode • Unit is turned back “on” from an “off” or true powered down state Turn off the radio, if RIM is in “on” state • Take the RIM to a secured location to turn it ‘on; and immediately shut down the radio before examination Get the password, if the RIM is password protected • To get the password, SHA-1 hash is stored on the RIM • Direct-to-hardware solution is taken, if the password is not available • Do not attempt passwords as the number of failed password attempts is limited; more number of failed attempts may lead to wiping of the memory
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Hidden Data in BlackBerry Data can be hidden on a RIM device in different ways such as: • Hidden databases • Partition gaps • Obfuscated data Data can be hidden in the gap between the OS/Application and Files partitions Use the tools such as Rim Walker database reader to read the hidden databases This hidden data can also be viewed by using SAVEFS Programmer command
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Acquire Logs Information from BlackBerry Log collection is the first step in the forensics investigation Collect the logs available on the BlackBerry device Logs are not accessible using standard user interface • Mobitex2 Radio Status • It provides information on Radio Status, Roam & Radio, Transmit or Receive, and Profile String • BlackBerry: Func + Cap + R • Simulator: Ctrl + Shift + R The following are some of the hidden control functions used to review the logs:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Acquire Logs Information from BlackBerry (cont’d) • It provides information on memory allocation, port status, file system allocation, and CPU WatchPuppy • Select a line in the Device status using the Rim’s thumbwheel to see detail information and to access logs • BlackBerry: Func + Cap + B (or V) • Simulator: Ctrl + Shift + B (or V) Device Status
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Acquire Logs Information from BlackBerry (cont’d) • It provides information on battery type, load, status and temperature Battery Status
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Acquire Logs Information from BlackBerry (cont’d) • It provides information on memory allocation, Common port, File system, Watchpuppy, OTA status, Halt, and Reset Free Mem
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Program Loader Program Loader is a imaging and analysis command line tool Use the following commands with Program Loader: • It writes a hex dump of the RIM’s Flash RAM to FILESYS.DMP, in the same directory as programmer.exeSAVEFS: • It lists applications residing on the handheld by memory locationDIR: • It displays detailed Flash and SRAM mapsMAP: • It displays a “partition table”ALLOC: • Switch on the BATCH command line or on the first line of the batch file if a password is requiredWpassword:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Review of Information Information from the evidence is reviewed by: • The hex editor provides access to the entire file system including deleted or “dirty” records indicated by byte 3 of the file header • Information available regarding the bitwise file storage method used by the RIM OS Hex editor: • Acquires or reads the data from image file load that dump file into the BlackBerry SDK Simulator • For this, rename the FILESYS.DMP file according to the following rules: • “FS” • “HH” if an 857/957 “Pgr” if an 850/950 • “Mb” if Mobitex or “Dt” if Datatac • “.DMP” • Simulator must be set to match the Flash memory size to the size of the DMP file Simulator:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Simulator: Screenshot
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Best Practices for Protecting Stored Data To secure information stored on BlackBerry devices, make password authentication mandatory through the customizable IT policies of the BlackBerry Enterprise Server To increase protection from unauthorized parties, there is no staging area between the server and the BlackBerry device where data is decrypted Clean the BlackBerry device memory Protect stored messages on the messaging server Encrypt application password and storage on the BlackBerry device Protect storage of user’s data on a locked BlackBerry device Limit the password authentication to ten attempts Use AES (Advanced Encryption Standard) technology to secure the storage of password keeper and password entries on BlackBerry device (e.g. banking passwords and PINs)
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited BlackBerry Signing Authority Tool BlackBerry Signing Authority Tool helps the developers by protecting the data and intellectual property It enables the developers to handle access to their sensitive APIs (Application Program Interfaces) and data by using public and private signature keys It uses asymmetric private/public key cryptography to validate the authenticity of the signature request It allows external developers to request, receive, and verify the signatures for accessing specified API and data in a secure environment
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Forensics Tool: RIM BlackBerry Physical Plug-in http://www.paraben-forensics.com/ • Address Book • Auto Text • Calendar • Categories • File System (form Content Store database) • Handheld Agent • Hotlist • Memo • Messages • PhoneCall • Profiles • QuickContacts • Service Book • SMS Task It can acquire: RIM BlackBerry device physical plug-in performs physical acquisition of data from most types of RIM BlackBerry devices
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited ABC Amber BlackBerry Converter http://www.processtext.com/ This tool is used to convert the message and contacts from IPD files into any document format
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Pocket PC http://www.datadoctor.in/ Pocket PC is the Windows-based tool that can be used for the filtering and searching the Blackberry files
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited ABC Amber vCard Converter http://www.processtext.com/ ABC Amber vCard Converter can be used to convert the contacts from the VCF (vCard) files to any document files
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited BlackBerry Database Viewer Plus http://www.cellica.com/ BlackBerry Database Viewer Plus is a database software for BlackBerry handheld Features: • Supports Databases: MS Access, MS Excel, Oracle, SQL Server, FoxPro, dBase, and Any ODBC Compliant Database • View and sync any database with BlackBerry • Modify database contents on BlackBerry and reflect them to database • Apply Filters, Sort the fields • Apply any SQL Select queries on database to purify records • Easy navigation through database in both Record and Grid view using shortcut keys • Create databases on BlackBerry and import those on Desktop as .csv format • Import Record or Field data to Memo pad • Manage database in different categories
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Summary BlackBerry is a personal wireless handheld device that supports e-mail, mobile phone capabilities, text messaging, web browsing, and other wireless information services BlackBerry safeguards integrity, confidentiality, and authenticity of data using a strong encryption scheme BlackBerry Serial Protocol is used to back up, restore, and synchronize data between the BlackBerry handheld unit and the desktop software RIM's push technology adds new dimension to forensics investigation of a PDA To secure information stored on BlackBerry devices, make password authentication mandatory through the customizable IT policies of the BlackBerry Enterprise Server
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited

Recommended

File000143
File000143File000143
File000143Desmond Devendran
 
File000142
File000142File000142
File000142Desmond Devendran
 
File000139
File000139File000139
File000139Desmond Devendran
 
File000144
File000144File000144
File000144Desmond Devendran
 
File000141
File000141File000141
File000141Desmond Devendran
 
Ce hv6 module 41 hacking usb devices
Ce hv6 module 41 hacking usb devicesCe hv6 module 41 hacking usb devices
Ce hv6 module 41 hacking usb devicesVi Tính Hoàng Nam
 
File000138
File000138File000138
File000138Desmond Devendran
 
File000150
File000150File000150
File000150Desmond Devendran
 

Recommended

File000143
File000143File000143
File000143Desmond Devendran
 
File000142
File000142File000142
File000142Desmond Devendran
 
File000139
File000139File000139
File000139Desmond Devendran
 
File000144
File000144File000144
File000144Desmond Devendran
 
File000141
File000141File000141
File000141Desmond Devendran
 
Ce hv6 module 41 hacking usb devices
Ce hv6 module 41 hacking usb devicesCe hv6 module 41 hacking usb devices
Ce hv6 module 41 hacking usb devicesVi Tính Hoàng Nam
 
File000138
File000138File000138
File000138Desmond Devendran
 
File000150
File000150File000150
File000150Desmond Devendran
 
Ce hv6 module 46 securing laptop computers
Ce hv6 module 46 securing laptop computersCe hv6 module 46 securing laptop computers
Ce hv6 module 46 securing laptop computersVi Tính Hoàng Nam
 
Ce hv6 module 48 corporate espionage by insiders
Ce hv6 module 48 corporate espionage by insidersCe hv6 module 48 corporate espionage by insiders
Ce hv6 module 48 corporate espionage by insidersVi Tính Hoàng Nam
 
Ce hv6 module 52 hacking rss and atom
Ce hv6 module 52 hacking rss and atomCe hv6 module 52 hacking rss and atom
Ce hv6 module 52 hacking rss and atomVi Tính Hoàng Nam
 
File000152
File000152File000152
File000152Desmond Devendran
 
Ceh v5 module 12 web application vulnerabilities
Ceh v5 module 12 web application vulnerabilitiesCeh v5 module 12 web application vulnerabilities
Ceh v5 module 12 web application vulnerabilitiesVi Tính Hoàng Nam
 
Ce hv6 module 50 software piracy and warez
Ce hv6 module 50 software piracy and warezCe hv6 module 50 software piracy and warez
Ce hv6 module 50 software piracy and warezVi Tính Hoàng Nam
 
File000151
File000151File000151
File000151Desmond Devendran
 
Ceh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypotCeh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypotVi Tính Hoàng Nam
 
Ce hv6 module 45 privacy on the internet
Ce hv6 module 45 privacy on the internetCe hv6 module 45 privacy on the internet
Ce hv6 module 45 privacy on the internetVi Tính Hoàng Nam
 
Ceh v5 module 08 denial of service
Ceh v5 module 08 denial of serviceCeh v5 module 08 denial of service
Ceh v5 module 08 denial of serviceVi Tính Hoàng Nam
 
Ceh v5 module 17 physical security
Ceh v5 module 17 physical securityCeh v5 module 17 physical security
Ceh v5 module 17 physical securityVi Tính Hoàng Nam
 
File000148
File000148File000148
File000148Desmond Devendran
 
Ceh v5 module 06 trojans and backdoors
Ceh v5 module 06 trojans and backdoorsCeh v5 module 06 trojans and backdoors
Ceh v5 module 06 trojans and backdoorsVi Tính Hoàng Nam
 
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingCeh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingVi Tính Hoàng Nam
 
File000175
File000175File000175
File000175Desmond Devendran
 
Ceh v5 module 04 enumeration
Ceh v5 module 04 enumerationCeh v5 module 04 enumeration
Ceh v5 module 04 enumerationVi Tính Hoàng Nam
 
Ceh v5 module 07 sniffers
Ceh v5 module 07 sniffersCeh v5 module 07 sniffers
Ceh v5 module 07 sniffersVi Tính Hoàng Nam
 
Ce hv6 module 62 case studies
Ce hv6 module 62 case studiesCe hv6 module 62 case studies
Ce hv6 module 62 case studiesVi Tính Hoàng Nam
 
Ceh v5 module 15 hacking wireless networks
Ceh v5 module 15 hacking wireless networksCeh v5 module 15 hacking wireless networks
Ceh v5 module 15 hacking wireless networksVi Tính Hoàng Nam
 
Ceh v5 module 14 sql injection
Ceh v5 module 14 sql injectionCeh v5 module 14 sql injection
Ceh v5 module 14 sql injectionVi Tính Hoàng Nam
 
File000158
File000158File000158
File000158Desmond Devendran
 
Secure lab setup for cyber security
Secure lab setup for cyber securitySecure lab setup for cyber security
Secure lab setup for cyber securityBirju Tank
 

More Related Content

What's hot

Ce hv6 module 46 securing laptop computers
Ce hv6 module 46 securing laptop computersCe hv6 module 46 securing laptop computers
Ce hv6 module 46 securing laptop computersVi Tính Hoàng Nam
 
Ce hv6 module 48 corporate espionage by insiders
Ce hv6 module 48 corporate espionage by insidersCe hv6 module 48 corporate espionage by insiders
Ce hv6 module 48 corporate espionage by insidersVi Tính Hoàng Nam
 
Ce hv6 module 52 hacking rss and atom
Ce hv6 module 52 hacking rss and atomCe hv6 module 52 hacking rss and atom
Ce hv6 module 52 hacking rss and atomVi Tính Hoàng Nam
 
Ceh v5 module 12 web application vulnerabilities
Ceh v5 module 12 web application vulnerabilitiesCeh v5 module 12 web application vulnerabilities
Ceh v5 module 12 web application vulnerabilitiesVi Tính Hoàng Nam
 
Ce hv6 module 50 software piracy and warez
Ce hv6 module 50 software piracy and warezCe hv6 module 50 software piracy and warez
Ce hv6 module 50 software piracy and warezVi Tính Hoàng Nam
 
Ceh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypotCeh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypotVi Tính Hoàng Nam
 
Ce hv6 module 45 privacy on the internet
Ce hv6 module 45 privacy on the internetCe hv6 module 45 privacy on the internet
Ce hv6 module 45 privacy on the internetVi Tính Hoàng Nam
 
Ceh v5 module 08 denial of service
Ceh v5 module 08 denial of serviceCeh v5 module 08 denial of service
Ceh v5 module 08 denial of serviceVi Tính Hoàng Nam
 
Ceh v5 module 17 physical security
Ceh v5 module 17 physical securityCeh v5 module 17 physical security
Ceh v5 module 17 physical securityVi Tính Hoàng Nam
 
Ceh v5 module 06 trojans and backdoors
Ceh v5 module 06 trojans and backdoorsCeh v5 module 06 trojans and backdoors
Ceh v5 module 06 trojans and backdoorsVi Tính Hoàng Nam
 
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingCeh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingVi Tính Hoàng Nam
 
Ceh v5 module 15 hacking wireless networks
Ceh v5 module 15 hacking wireless networksCeh v5 module 15 hacking wireless networks
Ceh v5 module 15 hacking wireless networksVi Tính Hoàng Nam
 

What's hot (20)

Ce hv6 module 46 securing laptop computers
Ce hv6 module 46 securing laptop computersCe hv6 module 46 securing laptop computers
Ce hv6 module 46 securing laptop computers
 
Ce hv6 module 48 corporate espionage by insiders
Ce hv6 module 48 corporate espionage by insidersCe hv6 module 48 corporate espionage by insiders
Ce hv6 module 48 corporate espionage by insiders
 
Ce hv6 module 52 hacking rss and atom
Ce hv6 module 52 hacking rss and atomCe hv6 module 52 hacking rss and atom
Ce hv6 module 52 hacking rss and atom
 
File000152
File000152File000152
File000152
 
Ceh v5 module 12 web application vulnerabilities
Ceh v5 module 12 web application vulnerabilitiesCeh v5 module 12 web application vulnerabilities
Ceh v5 module 12 web application vulnerabilities
 
Ce hv6 module 50 software piracy and warez
Ce hv6 module 50 software piracy and warezCe hv6 module 50 software piracy and warez
Ce hv6 module 50 software piracy and warez
 
File000151
File000151File000151
File000151
 
Ceh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypotCeh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypot
 
Ce hv6 module 45 privacy on the internet
Ce hv6 module 45 privacy on the internetCe hv6 module 45 privacy on the internet
Ce hv6 module 45 privacy on the internet
 
Ceh v5 module 08 denial of service
Ceh v5 module 08 denial of serviceCeh v5 module 08 denial of service
Ceh v5 module 08 denial of service
 
Ceh v5 module 17 physical security
Ceh v5 module 17 physical securityCeh v5 module 17 physical security
Ceh v5 module 17 physical security
 
File000148
File000148File000148
File000148
 
Ceh v5 module 06 trojans and backdoors
Ceh v5 module 06 trojans and backdoorsCeh v5 module 06 trojans and backdoors
Ceh v5 module 06 trojans and backdoors
 
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingCeh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hacking
 
File000175
File000175File000175
File000175
 
Ceh v5 module 04 enumeration
Ceh v5 module 04 enumerationCeh v5 module 04 enumeration
Ceh v5 module 04 enumeration
 
Ceh v5 module 07 sniffers
Ceh v5 module 07 sniffersCeh v5 module 07 sniffers
Ceh v5 module 07 sniffers
 
Ce hv6 module 62 case studies
Ce hv6 module 62 case studiesCe hv6 module 62 case studies
Ce hv6 module 62 case studies
 
Ceh v5 module 15 hacking wireless networks
Ceh v5 module 15 hacking wireless networksCeh v5 module 15 hacking wireless networks
Ceh v5 module 15 hacking wireless networks
 
Ceh v5 module 14 sql injection
Ceh v5 module 14 sql injectionCeh v5 module 14 sql injection
Ceh v5 module 14 sql injection
 

Viewers also liked

Secure lab setup for cyber security
Secure lab setup for cyber securitySecure lab setup for cyber security
Secure lab setup for cyber securityBirju Tank
 
Forensic laboratory setup requirements
Forensic laboratory setup requirementsForensic laboratory setup requirements
Forensic laboratory setup requirementsSonali Parab
 
Forensic Lab Development
Forensic Lab DevelopmentForensic Lab Development
Forensic Lab Developmentamiable_indian
 
Introduction to Forensic science labs in India
Introduction to Forensic science labs in IndiaIntroduction to Forensic science labs in India
Introduction to Forensic science labs in IndiaSaurabh Bhargava
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic pptPriya Manik
 
Forensic laboratory setup requirements
Forensic laboratory setup requirements Forensic laboratory setup requirements
Forensic laboratory setup requirements Sonali Parab
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsLalit Garg
 
Scanning Electron Microscopy (SEM) lecture
Scanning Electron Microscopy (SEM) lectureScanning Electron Microscopy (SEM) lecture
Scanning Electron Microscopy (SEM) lectureSaurabh Bhargava
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensicsRahul Baghla
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 

Viewers also liked (16)

File000158
File000158File000158
File000158
 
Secure lab setup for cyber security
Secure lab setup for cyber securitySecure lab setup for cyber security
Secure lab setup for cyber security
 
The Forensic Lab
The Forensic LabThe Forensic Lab
The Forensic Lab
 
File000120
File000120File000120
File000120
 
Forensic laboratory setup requirements
Forensic laboratory setup requirementsForensic laboratory setup requirements
Forensic laboratory setup requirements
 
Forensic Lab Development
Forensic Lab DevelopmentForensic Lab Development
Forensic Lab Development
 
Introduction to Forensic science labs in India
Introduction to Forensic science labs in IndiaIntroduction to Forensic science labs in India
Introduction to Forensic science labs in India
 
Digital Forensic
Digital ForensicDigital Forensic
Digital Forensic
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic ppt
 
Forensic laboratory setup requirements
Forensic laboratory setup requirements Forensic laboratory setup requirements
Forensic laboratory setup requirements
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Scanning Electron Microscopy (SEM) lecture
Scanning Electron Microscopy (SEM) lectureScanning Electron Microscopy (SEM) lecture
Scanning Electron Microscopy (SEM) lecture
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensics
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
 

Similar to BlackBerry Forensics Guide

Blackberry technology
Blackberry technologyBlackberry technology
Blackberry technologySangavi G
 
Information Security Lesson 6 - Web Security - Eric Vanderburg
Information Security Lesson 6 - Web Security - Eric VanderburgInformation Security Lesson 6 - Web Security - Eric Vanderburg
Information Security Lesson 6 - Web Security - Eric VanderburgEric Vanderburg
 
A security system that changed the world
A security system that changed the worldA security system that changed the world
A security system that changed the worldSTO STRATEGY
 
VOIP2DAY 2015: "WebRTC security concerns, a real problem?"
VOIP2DAY 2015: "WebRTC security concerns, a real problem?"VOIP2DAY 2015: "WebRTC security concerns, a real problem?"
VOIP2DAY 2015: "WebRTC security concerns, a real problem?"Quobis
 
WebRTC Security Concerns, a real problem?
WebRTC Security Concerns, a real problem?WebRTC Security Concerns, a real problem?
WebRTC Security Concerns, a real problem?VOIP2DAY
 
Building cross platfrom solutions for enterprise - the mobileshow- may 2014
Building cross platfrom solutions for enterprise - the mobileshow- may 2014Building cross platfrom solutions for enterprise - the mobileshow- may 2014
Building cross platfrom solutions for enterprise - the mobileshow- may 2014Kareem ElSayyed
 
The Year the Internet Fell Apart
The Year the Internet Fell ApartThe Year the Internet Fell Apart
The Year the Internet Fell ApartIBM Security
 
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Honeywell
 
20130226 How Personal Is Your Cloud?
20130226 How Personal Is Your Cloud?20130226 How Personal Is Your Cloud?
20130226 How Personal Is Your Cloud?T.Rob Wyatt
 
The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...
The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...
The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...Eric Vanderburg
 
Beaglebone Black Webcam Server For Security
Beaglebone Black Webcam Server For SecurityBeaglebone Black Webcam Server For Security
Beaglebone Black Webcam Server For SecurityIJTET Journal
 

Similar to BlackBerry Forensics Guide (20)

File000091
File000091File000091
File000091
 
Blackberry technology
Blackberry technologyBlackberry technology
Blackberry technology
 
Information Security Lesson 6 - Web Security - Eric Vanderburg
Information Security Lesson 6 - Web Security - Eric VanderburgInformation Security Lesson 6 - Web Security - Eric Vanderburg
Information Security Lesson 6 - Web Security - Eric Vanderburg
 
black berry
black berryblack berry
black berry
 
Blackberry ppt
Blackberry pptBlackberry ppt
Blackberry ppt
 
News Bytes - May by corrupt
News Bytes - May by corruptNews Bytes - May by corrupt
News Bytes - May by corrupt
 
A security system that changed the world
A security system that changed the worldA security system that changed the world
A security system that changed the world
 
Blackberry final
Blackberry finalBlackberry final
Blackberry final
 
Blackberry
BlackberryBlackberry
Blackberry
 
VOIP2DAY 2015: "WebRTC security concerns, a real problem?"
VOIP2DAY 2015: "WebRTC security concerns, a real problem?"VOIP2DAY 2015: "WebRTC security concerns, a real problem?"
VOIP2DAY 2015: "WebRTC security concerns, a real problem?"
 
WebRTC Security Concerns, a real problem?
WebRTC Security Concerns, a real problem?WebRTC Security Concerns, a real problem?
WebRTC Security Concerns, a real problem?
 
Building cross platfrom solutions for enterprise - the mobileshow- may 2014
Building cross platfrom solutions for enterprise - the mobileshow- may 2014Building cross platfrom solutions for enterprise - the mobileshow- may 2014
Building cross platfrom solutions for enterprise - the mobileshow- may 2014
 
News bytes Sept-2011
News bytes Sept-2011News bytes Sept-2011
News bytes Sept-2011
 
The Year the Internet Fell Apart
The Year the Internet Fell ApartThe Year the Internet Fell Apart
The Year the Internet Fell Apart
 
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
 
Blackberry OS
Blackberry OSBlackberry OS
Blackberry OS
 
20130226 How Personal Is Your Cloud?
20130226 How Personal Is Your Cloud?20130226 How Personal Is Your Cloud?
20130226 How Personal Is Your Cloud?
 
The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...
The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...
The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...
 
Blackberry Technology ppt
Blackberry Technology pptBlackberry Technology ppt
Blackberry Technology ppt
 
Beaglebone Black Webcam Server For Security
Beaglebone Black Webcam Server For SecurityBeaglebone Black Webcam Server For Security
Beaglebone Black Webcam Server For Security
 

More from Desmond Devendran

Siam foundation-process-guides
Siam foundation-process-guidesSiam foundation-process-guides
Siam foundation-process-guidesDesmond Devendran
 
Siam foundation-body-of-knowledge
Siam foundation-body-of-knowledgeSiam foundation-body-of-knowledge
Siam foundation-body-of-knowledgeDesmond Devendran
 
Enterprise service-management-essentials
Enterprise service-management-essentialsEnterprise service-management-essentials
Enterprise service-management-essentialsDesmond Devendran
 
Service Integration and Management
Service Integration and Management Service Integration and Management
Service Integration and Management Desmond Devendran
 
Diagram of iso_22301_implementation_process_en
Diagram of iso_22301_implementation_process_enDiagram of iso_22301_implementation_process_en
Diagram of iso_22301_implementation_process_enDesmond Devendran
 

More from Desmond Devendran (20)

Siam key-facts
Siam key-factsSiam key-facts
Siam key-facts
 
Siam foundation-process-guides
Siam foundation-process-guidesSiam foundation-process-guides
Siam foundation-process-guides
 
Siam foundation-body-of-knowledge
Siam foundation-body-of-knowledgeSiam foundation-body-of-knowledge
Siam foundation-body-of-knowledge
 
Enterprise service-management-essentials
Enterprise service-management-essentialsEnterprise service-management-essentials
Enterprise service-management-essentials
 
Service Integration and Management
Service Integration and Management Service Integration and Management
Service Integration and Management
 
Diagram of iso_22301_implementation_process_en
Diagram of iso_22301_implementation_process_enDiagram of iso_22301_implementation_process_en
Diagram of iso_22301_implementation_process_en
 
CHFI 1
CHFI 1CHFI 1
CHFI 1
 
File000176
File000176File000176
File000176
 
File000174
File000174File000174
File000174
 
File000173
File000173File000173
File000173
 
File000172
File000172File000172
File000172
 
File000171
File000171File000171
File000171
 
File000170
File000170File000170
File000170
 
File000169
File000169File000169
File000169
 
File000168
File000168File000168
File000168
 
File000167
File000167File000167
File000167
 
File000166
File000166File000166
File000166
 
File000165
File000165File000165
File000165
 
File000164
File000164File000164
File000164
 
File000163
File000163File000163
File000163
 

Recently uploaded

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

Recently uploaded (20)

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

BlackBerry Forensics Guide

  • 1. Module XXXVI – Blackberry Forensics
  • 2. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly ProhibitedSource: http://www.10tv.com/ News: Police Join AG BlackBerry Investigation
  • 3. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: BlackBerry Wins Versus Windows Mobile For Google Apps Mail Source: http://www.informationweek.com/
  • 4. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Objective • BlackBerry • BlackBerry Operating System • How BlackBerry Works • BlackBerry Serial Protocol • Blackjacking Attack • BlackBerry Security • BlackBerry Forensics • Best Practices • Forensics Tools This module will familiarize you with:
  • 5. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Flow BlackBerry Operating System BlackBerry Serial Protocol BlackBerry Forensics BlackBerry Forensics Tools Best Practices Blackjacking Attack BlackBerry Security How BlackBerry Works
  • 6. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited BlackBerry • To compose, send, and receive messages • As a phone • To access wireless Internet • As tethered Modem • As an organizer • For sending SMS • For instant messaging • For corporate data access • As paging service Blackberries can be used: Personal wireless handheld device that supports e-mail, mobile phone capabilities, text messaging, web browsing and other wireless information services
  • 7. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited BlackBerry Operating System • Supports web standards such as AJAX and CSS • Music Sync - a synchronization application for selecting and transferring music from a computer to a BlackBerry Smartphone • Clock application – the evolution of the alarm application • Supports continuous spell checking • Numerous enhancements to existing BlackBerry Smartphone applications • Eliminates the need of browsing the address book for composing SMS • Provides method to add recipients in SMS similar to Email To: field • Built-in light-sensing technology automatically adjusts screen and keyboard brightness for indoors or outdoors Features of BlackBerry OS 4.6: BlackBerry OS 4.6 is the new version of BlackBerry
  • 8. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited How BlackBerry Works BlackBerry Device (Proprietary) Third Party Message Center Generic Internet Desktop E-mail System Microsoft Outlook BlackBerry Desktop Redirector SMTP/POP via Internet RIM PDA RIM Modem BlackBerry Message Center RIMs Wireless protocol BlackBerry Enterprise Server Microsoft Exchange Corporate message center GenericInternet CorporateInternet Mailbox Interface BlackBerry Message Center Mailbox Synchronization GenericInternet ISP Message Center
  • 9. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited BlackBerry Serial Protocol BlackBerry Serial Protocol is used to back up, restore, and synchronize data between the BlackBerry handheld unit and the desktop software It comprises of simple packets and single byte return codes All packets have the same basic structure
  • 10. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited BlackBerry Serial Protocol: Packet Structure Bytes Description 3 Packet header Always D9 AE FB 1 Command type Each command type has a unique value, which will limit the set of commands available: 40 = Normal command 60 = Extended packet 41 = ACK CF = Handshake challenge CE = Handshake reply 1 Command For "Command Type" 41 For "Command Type" 40, the value 00 specifies initialization-related commands. Any other value represents commands listed in the "Command Table For "Command Type" 60, the only observed value has been 02. Variable Command-dependent packet data 1 Footer Always BF EA 9D
  • 11. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Blackjacking Attack Blackjacking is the process of using the BlackBerry environment to circumvent perimeter defenses and directly attack hosts on a enterprise’s networks Attacker installs BBProxy on the user’s BlackBerry or sends it as an email attachment to the targets Once this tool is activated, it opens a covert channel between attackers and compromised hosts on improperly secured enterprise networks
  • 12. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited BlackBerry Attack Toolkit • BBProxy tool runs on BlackBerry devices and allows the device to be used as a proxy between the Internet and the internal network • BBScan is the BlackBerry port scanner "BlackBerry Attack Toolkit” contains the BBProxy, BBScan, and relevant MetaSploit patches to exploit the vulnerability of any website
  • 13. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited BlackBerry Attachment Service Vulnerability BlackBerry Attachment Service in BlackBerry Enterprise Server uses (Graphics Device Interface) GDI component to convert images to a viewable format on the BlackBerry smartphone There exists a vulnerability in GDI component of Windows while processing Windows Metafile (WMF) and Enhanced Metafile (EMF) images This vulnerability causes the BlackBerry Attachment Service to allow a malicious user to run arbitrary code on the computer on which the BlackBerry Attachment Service is running If a BlackBerry smartphone user is on the BlackBerry Enterprise Server with that BlackBerry Attachment Service running, and tries to use the BlackBerry smartphone to open and view a WMF or EMF image attachment in a received email message sent by a user with malicious intent, the computer on which the BlackBerry Attachment Service is running could be compromised
  • 14. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited TeamOn Import Object ActiveX Control Vulnerability BlackBerry Internet service works with T-Mobile My E-mail to provide a secure and direct access to the BlackBerry users to any combination of registered enterprise, proprietary, Post Office Protocol 3 (POP3), or Internet Message Access Protocol 4 (IMAP4) email accounts BlackBerry Internet Service and the T-Mobile My E-mail websites use TeamOn Import Object Microsoft ActiveX control which is vulnerable to buffer overflow This buffer overflow occurs when a user uses Internet Explorer to view the BlackBerry Internet Service or T-Mobile My E-mail websites and tries to install and run the ActiveX control
  • 15. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Denial of Service in BlackBerry Browser A malicious user can create a web site with a HTML or WML web page which contains a long string value within the link When BlackBerry user accesses such links using the BlackBerry Browser, a temporary denial of service may occur which stops the device from responding
  • 16. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited BlackBerry Security The BlackBerry Enterprise Solution offers two transport encryption options, Advanced Encryption Standard (AES) and Triple Data Encryption Standard (Triple DES), for all data transmitted between BlackBerry® Enterprise Server and BlackBerry smartphones • Integrity • Confidentiality • Authenticity of the data BlackBerry uses a strong encryption scheme to safeguard:
  • 17. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited BlackBerry Wireless Security • Choose either Triple DES ( Data Encryption Standard) or AES (Advanced Encryption Standard) to encrypt messages and data Transport encryption options • Enforce all local encryption data (messages, address book entries, calendar entries, memos, and tasks) via IT policy Content protection • Password Keeper securely stores password entries on the device (e.g. banking passwords, PINs, etc.) using AES encryption technology Password Keeper • Users regenerate encryption keys directly from their device Wireless encryption key regeneration
  • 18. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited BlackBerry Security for Wireless Data
  • 19. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited BlackBerry Security for Wireless Data (cont’d)
  • 20. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Prerequisites for Blackberry Forensics • Faraday cage • RIM BlackBerry Physical Plug-in • StrongHold tent Hardware Tools: • Program Loader • Hex editor • Simulator • BlackBerry Signing Authority Tool Software Tools:
  • 21. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steps for BlackBerry Forensics Review the information Acquire the information Imaging and Profiling Document the scene and preserve the evidence Collect the evidence
  • 22. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Collect the Evidence Seize the BlackBerry and computer evidence at the scene Seize the BlackBerry memory cards such as SD and MMC Collect non-electronic evidence such as written passwords, handwritten notes, and computer printouts Prevent the unauthorized user from entering at the scene and touching the evidence
  • 23. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Document the Scene and Preserve the Evidence All devices connected to the BlackBerry must be documented Take photographs of all evidence at the scene Document the state of the device during seizure Preserve all the documents in a secure location Secure the BlackBerry device and other evidence while transporting and storing Secure the devices from mechanical or electrical shock Maintain the chain of custody of documents, photographs, and evidence
  • 24. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Radio Control There are two different ways to control wireless signal of the device to maintain evidence: • Turn off the wireless signal through the main menu • If the interaction with the device is not desired then put the device in a faraday cage Faraday cage prevents the device from receiving any wireless data
  • 25. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Imaging and Profiling in BlackBerry Imaging is the process of creating an exact copy of contents of a digital device to protect the original one from changes Use SDK utility which dumps the contents of the Flash RAM into a file An investigator can extract the logs from the image or can perform the investigation on the image Use program loader for imaging and other inspection
  • 26. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Acquire the Information Leave the RIM in an “off” state when: • Power is removed for an extended period of time or the unit is placed in data storage mode • Unit is turned back “on” from an “off” or true powered down state Turn off the radio, if RIM is in “on” state • Take the RIM to a secured location to turn it ‘on; and immediately shut down the radio before examination Get the password, if the RIM is password protected • To get the password, SHA-1 hash is stored on the RIM • Direct-to-hardware solution is taken, if the password is not available • Do not attempt passwords as the number of failed password attempts is limited; more number of failed attempts may lead to wiping of the memory
  • 27. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Hidden Data in BlackBerry Data can be hidden on a RIM device in different ways such as: • Hidden databases • Partition gaps • Obfuscated data Data can be hidden in the gap between the OS/Application and Files partitions Use the tools such as Rim Walker database reader to read the hidden databases This hidden data can also be viewed by using SAVEFS Programmer command
  • 28. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Acquire Logs Information from BlackBerry Log collection is the first step in the forensics investigation Collect the logs available on the BlackBerry device Logs are not accessible using standard user interface • Mobitex2 Radio Status • It provides information on Radio Status, Roam & Radio, Transmit or Receive, and Profile String • BlackBerry: Func + Cap + R • Simulator: Ctrl + Shift + R The following are some of the hidden control functions used to review the logs:
  • 29. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Acquire Logs Information from BlackBerry (cont’d) • It provides information on memory allocation, port status, file system allocation, and CPU WatchPuppy • Select a line in the Device status using the Rim’s thumbwheel to see detail information and to access logs • BlackBerry: Func + Cap + B (or V) • Simulator: Ctrl + Shift + B (or V) Device Status
  • 30. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Acquire Logs Information from BlackBerry (cont’d) • It provides information on battery type, load, status and temperature Battery Status
  • 31. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Acquire Logs Information from BlackBerry (cont’d) • It provides information on memory allocation, Common port, File system, Watchpuppy, OTA status, Halt, and Reset Free Mem
  • 32. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Program Loader Program Loader is a imaging and analysis command line tool Use the following commands with Program Loader: • It writes a hex dump of the RIM’s Flash RAM to FILESYS.DMP, in the same directory as programmer.exeSAVEFS: • It lists applications residing on the handheld by memory locationDIR: • It displays detailed Flash and SRAM mapsMAP: • It displays a “partition table”ALLOC: • Switch on the BATCH command line or on the first line of the batch file if a password is requiredWpassword:
  • 33. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Review of Information Information from the evidence is reviewed by: • The hex editor provides access to the entire file system including deleted or “dirty” records indicated by byte 3 of the file header • Information available regarding the bitwise file storage method used by the RIM OS Hex editor: • Acquires or reads the data from image file load that dump file into the BlackBerry SDK Simulator • For this, rename the FILESYS.DMP file according to the following rules: • “FS” • “HH” if an 857/957 “Pgr” if an 850/950 • “Mb” if Mobitex or “Dt” if Datatac • “.DMP” • Simulator must be set to match the Flash memory size to the size of the DMP file Simulator:
  • 34. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Simulator: Screenshot
  • 35. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Best Practices for Protecting Stored Data To secure information stored on BlackBerry devices, make password authentication mandatory through the customizable IT policies of the BlackBerry Enterprise Server To increase protection from unauthorized parties, there is no staging area between the server and the BlackBerry device where data is decrypted Clean the BlackBerry device memory Protect stored messages on the messaging server Encrypt application password and storage on the BlackBerry device Protect storage of user’s data on a locked BlackBerry device Limit the password authentication to ten attempts Use AES (Advanced Encryption Standard) technology to secure the storage of password keeper and password entries on BlackBerry device (e.g. banking passwords and PINs)
  • 36. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited BlackBerry Signing Authority Tool BlackBerry Signing Authority Tool helps the developers by protecting the data and intellectual property It enables the developers to handle access to their sensitive APIs (Application Program Interfaces) and data by using public and private signature keys It uses asymmetric private/public key cryptography to validate the authenticity of the signature request It allows external developers to request, receive, and verify the signatures for accessing specified API and data in a secure environment
  • 37. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Forensics Tool: RIM BlackBerry Physical Plug-in http://www.paraben-forensics.com/ • Address Book • Auto Text • Calendar • Categories • File System (form Content Store database) • Handheld Agent • Hotlist • Memo • Messages • PhoneCall • Profiles • QuickContacts • Service Book • SMS Task It can acquire: RIM BlackBerry device physical plug-in performs physical acquisition of data from most types of RIM BlackBerry devices
  • 38. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited ABC Amber BlackBerry Converter http://www.processtext.com/ This tool is used to convert the message and contacts from IPD files into any document format
  • 39. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Pocket PC http://www.datadoctor.in/ Pocket PC is the Windows-based tool that can be used for the filtering and searching the Blackberry files
  • 40. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited ABC Amber vCard Converter http://www.processtext.com/ ABC Amber vCard Converter can be used to convert the contacts from the VCF (vCard) files to any document files
  • 41. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited BlackBerry Database Viewer Plus http://www.cellica.com/ BlackBerry Database Viewer Plus is a database software for BlackBerry handheld Features: • Supports Databases: MS Access, MS Excel, Oracle, SQL Server, FoxPro, dBase, and Any ODBC Compliant Database • View and sync any database with BlackBerry • Modify database contents on BlackBerry and reflect them to database • Apply Filters, Sort the fields • Apply any SQL Select queries on database to purify records • Easy navigation through database in both Record and Grid view using shortcut keys • Create databases on BlackBerry and import those on Desktop as .csv format • Import Record or Field data to Memo pad • Manage database in different categories
  • 42. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Summary BlackBerry is a personal wireless handheld device that supports e-mail, mobile phone capabilities, text messaging, web browsing, and other wireless information services BlackBerry safeguards integrity, confidentiality, and authenticity of data using a strong encryption scheme BlackBerry Serial Protocol is used to back up, restore, and synchronize data between the BlackBerry handheld unit and the desktop software RIM's push technology adds new dimension to forensics investigation of a PDA To secure information stored on BlackBerry devices, make password authentication mandatory through the customizable IT policies of the BlackBerry Enterprise Server
  • 43. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 44. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited