DIGITAL

FORENSIC
 INTRODUCTION

• WHAT IS FORENSIC:

Process of using scientific knowledge in the collection analysis and presentation of evidence in the
courts

• WHAT IS DIGTAL FORENSIC

Study/Science of collection analysis/examine of digital data

 PHASES OF FORENSIC

Phase PREPARATIO Phase • Collection Phase • Examination Phase • Presentation

• Preservation • Analysis • Reporting
1 N
2 3 4
 Live
Forensic

Computer
Forensic
Database
Forensic

Digital
Forensic

Network
Mobile Forensic
Forensic
TYPICAL SOURCES OF DIGITAL EVIDENCE
 MOBILE FORENSIC
People store a wealth of information in mobile phones.
Items stored in mobile devices:
• Incoming/outgoing/missed calls
• Application Data
• Text and short messages • Social media
• Emails • Web history
• Instant messages • And other missilinous
• Voice notes
• Webpages • GPS data
• Pictures • Address books
• Contact • Media
• Personal calendars •
ACQUISITION LEVELS

Micro read

Chip off
Physical Extraction
Logical Extraction
Manual Extraction
 LOGICAL VS FILE SYSTEM VS
PHYSICAL
• A logical extraction copies user data from areas of the storage media that hold
existing data only.
• A file system extraction copies user and system data from areas of the storage
media that hold data only.
• A physical extraction involves copying data from the device's storage media,
including deleted data (closest to a forensic ‘bit for bit’ image).
• A logical extraction may be faster than a physical extraction
• Some devices cannot be physically extracted.
• Logical extractions may recover some deleted data depending on the phone and
operating system version.
 WHERE WE ARE STANDING
• Cellebrite UFED 4PC
UFED 4PC is Cellebrite's software-based mobile forensic solution. It provides users a cost
effective, flexible and convenient tool on their existing PC or laptop. UFED 4PC Ultimate is
based on the same trusted UFED technology, enabling users to perform extraction, decoding,
analysis and reporting on a single platform.
• What are we using:
We are using UFED 4pc version 6.2.1.17 (May-2017)
This old version was given by AFP (Australian Federal Police) in 2016 and not
upgraded yet.
It lacks almost all new mobile phones compatibilities, logical and as well as physical support,
we can get very few or no data of current running models.
 WAY FORWARD.
As cellebrite UFED is an Israel based forensic tool, we cant get the latest version due to some
global restrictions
 As a lot of tools are available in market and used by F.B.I, M.I, and they don’t use only single
forensic tool.
 A set of Forensic tool is required to do Forensic in this modern era and thousands of new
mobile models which are increasing day by day.
 Some major tools which are used by law enforcement world wide:
1. Cellebrite UFED 4pc
2. Detego MD Next, MD RED
3. FinalMobile Forensics
4. Oxygen Forensic
 CONT.
 These tools or few of them must be readily available to fulfil CTD Digital forensic
requirement.
Why these tools:
1. Forensically sound
2. Used by law enforcements as well as PFSA (Punjab forensic science agency)
3. Data recovery is maximum
4. Give a very good Forensic report in multiple formats
5. Hundreds of Mobile models supports physical extraction
 COMPUTER FORENSIC
Tool used for computer forensic
 SOFTWARES USE IN COMPUTER
FORENSICS
• FTK IMAGER
• Magnet Forensics
• OS Forensics
• X-ways (at CTD HQ)
• FTK (Forensic Toolkit)
 X-WAYS FORENSICS
• Maximum extraction of deleted data
• Sorting into file types
• Search specific file (with its type and name)
• Lightning fast powerful physical and logical search capabilities for many search terms at the
same time
• What we need:
• Decode different databases (skype chat msn yahoo)
• Extract database of browsers and apps
• Dumps the RAM /virtual memory of all running processes
• Details of accounts, web history, last login, files opened
 MAGNET AXIOM
Extraction with Magnet AXIOM
• Recovering Deleted data
• chat history
• Browsing history
• Connected networks
• USBs attached
• Total login accounts
• Online accountsº
• last login, Recent files (with Timestamp)
• Passwords,
• Social Networking and cloud URLs
THANK YOU