SAK 4801 INTRODUCTION TO COMPUTER FORENSICS Chapter 5 Computer Forensics Tools
Open Source Tools for Mobile Forensics Mattia Eppifani
Transcript of Open Source Tools for Mobile Forensics Mattia Eppifani
![Page 1: Open Source Tools for Mobile Forensics Mattia Eppifani](https://reader031.fdocuments.in/reader031/viewer/2022012404/55cf98d5550346d03399f224/html5/thumbnails/1.jpg)
OPEN SOURCE TOOLS FOR MOBILE FORENSICS MATTIA EPIFANI
SANS EUROPEAN DIGITAL FORENSICS SUMMIT
PRAGUE, 6 OCTOBER 2013
![Page 2: Open Source Tools for Mobile Forensics Mattia Eppifani](https://reader031.fdocuments.in/reader031/viewer/2022012404/55cf98d5550346d03399f224/html5/thumbnails/2.jpg)
SUMMARY
Introduction to 3 open source tools for Mobile and Computer Forensics
Developed by Italian teams
iPhone Backup Analyzer
WhatsApp Xtract
Skype Xtractor
![Page 3: Open Source Tools for Mobile Forensics Mattia Eppifani](https://reader031.fdocuments.in/reader031/viewer/2022012404/55cf98d5550346d03399f224/html5/thumbnails/3.jpg)
IPHONE BACKUP ANALYZER
Open source tool for iPhone Backup analysis
Python 2.7 with QT graphical interface
Multi platform (Windows, Linux, Mac OS X)
Main module (decoder and viewers) and Plugins
Mario Piccinelli (Brescia University) – Lead Developer
Mattia Epifani, Sandro Rossetti, Fabio Sangiacomo, Nicodemo Gawronsky
We need plugin developers! Join us!
http://www.ipbackupanalyzer.com
![Page 4: Open Source Tools for Mobile Forensics Mattia Eppifani](https://reader031.fdocuments.in/reader031/viewer/2022012404/55cf98d5550346d03399f224/html5/thumbnails/4.jpg)
IPHONE BACKUP ANALYZER
Thumbnails
Safari History
Viber
Call Logs
Address Book
Safari Bookmarks
Safari State
SMS / iMessage
Note
Binary Plist viewer
Skype Known WiFi
Decode and Explore iPhone backup
Network
XML Plist viewer
Hex viewer SQLITE Browser
Image and EXIF viewer Text viewer
![Page 5: Open Source Tools for Mobile Forensics Mattia Eppifani](https://reader031.fdocuments.in/reader031/viewer/2022012404/55cf98d5550346d03399f224/html5/thumbnails/5.jpg)
IPHONE BACKUP ANALYZER – MAIN WINDOW
![Page 6: Open Source Tools for Mobile Forensics Mattia Eppifani](https://reader031.fdocuments.in/reader031/viewer/2022012404/55cf98d5550346d03399f224/html5/thumbnails/6.jpg)
IPHONE BACKUP ANALYZER – SQLITE AND PLIST
![Page 7: Open Source Tools for Mobile Forensics Mattia Eppifani](https://reader031.fdocuments.in/reader031/viewer/2022012404/55cf98d5550346d03399f224/html5/thumbnails/7.jpg)
IPHONE BACKUP ANALYZER – CALLS AND MESSAGES
![Page 8: Open Source Tools for Mobile Forensics Mattia Eppifani](https://reader031.fdocuments.in/reader031/viewer/2022012404/55cf98d5550346d03399f224/html5/thumbnails/8.jpg)
IPHONE BACKUP ANALYZER – WHATSAPP AND SKYPE
![Page 9: Open Source Tools for Mobile Forensics Mattia Eppifani](https://reader031.fdocuments.in/reader031/viewer/2022012404/55cf98d5550346d03399f224/html5/thumbnails/9.jpg)
WHATSAPP XTRACT
Open Source tool for WhatsApp extraction and analysis
Python 2.7
Multi platform (Windows, Linux, Mac OS X)
By now supports iOS and Android
Fabio Sangiacomo (Genoa University) – Lead Developer
Mattia Epifani, Francesco Picasso, Marco Scarito
We need help to improve support (Blackberry, Windows Phone, Symbian, etc.)
http://blog.digital-forensics.it/2012/05/whatsapp-forensics.html
http://code.google.com/p/hotoloti/
![Page 10: Open Source Tools for Mobile Forensics Mattia Eppifani](https://reader031.fdocuments.in/reader031/viewer/2022012404/55cf98d5550346d03399f224/html5/thumbnails/10.jpg)
WHATSAPP XTRACT – IOS TABLES
Contacts.sqlite
ChatStorage.sqlite
![Page 11: Open Source Tools for Mobile Forensics Mattia Eppifani](https://reader031.fdocuments.in/reader031/viewer/2022012404/55cf98d5550346d03399f224/html5/thumbnails/11.jpg)
WHATSAPP XTRACT – ANDROID DECRYPTION
WhatsApp Database Encryption Project (Corjens, Spruyt and Wieringa)
https://www.os3.nl/_media/2011-2012/students/ssn_project_report.pdf
Vulnerability in the Android implementation of the 192-bit AES cypher
It is possible to extract the encryption key from the software package
346a23652a46392b4d73257c67317e352e3372482177652c
Few code lines….and the database is decrypted!
![Page 12: Open Source Tools for Mobile Forensics Mattia Eppifani](https://reader031.fdocuments.in/reader031/viewer/2022012404/55cf98d5550346d03399f224/html5/thumbnails/12.jpg)
WHATSAPP XTRACT – ANDROID TABLES
wa.db
msgstore.db
![Page 13: Open Source Tools for Mobile Forensics Mattia Eppifani](https://reader031.fdocuments.in/reader031/viewer/2022012404/55cf98d5550346d03399f224/html5/thumbnails/13.jpg)
WHATSAPP XTRACT – REPORT
![Page 14: Open Source Tools for Mobile Forensics Mattia Eppifani](https://reader031.fdocuments.in/reader031/viewer/2022012404/55cf98d5550346d03399f224/html5/thumbnails/14.jpg)
WHATSAPP XTRACT – REPORT
![Page 15: Open Source Tools for Mobile Forensics Mattia Eppifani](https://reader031.fdocuments.in/reader031/viewer/2022012404/55cf98d5550346d03399f224/html5/thumbnails/15.jpg)
SKYPE XTRACTOR
Open source tool for Skype analysis
Both for computer and mobile version
Python 2.7
Multi platform (Windows, Linux)
Nicodemo Gawronski (DEFT Team) – Lead Developer
Mattia Epifani, Davide Gabrini
We need testers! Join us!
http://www.skypextractor.com/
![Page 16: Open Source Tools for Mobile Forensics Mattia Eppifani](https://reader031.fdocuments.in/reader031/viewer/2022012404/55cf98d5550346d03399f224/html5/thumbnails/16.jpg)
SKYPE XTRACTOR
Extract
Account info
Contacts info
Calls
Chats
File transfer
Voice mails
Deleted and modified messages (Chat Sync)
Report
CSV
HTML (filters included)
PDF (under development)
![Page 17: Open Source Tools for Mobile Forensics Mattia Eppifani](https://reader031.fdocuments.in/reader031/viewer/2022012404/55cf98d5550346d03399f224/html5/thumbnails/17.jpg)
SKYPE XTRACTOR
root# python skype.py --chatsync main.db
![Page 18: Open Source Tools for Mobile Forensics Mattia Eppifani](https://reader031.fdocuments.in/reader031/viewer/2022012404/55cf98d5550346d03399f224/html5/thumbnails/18.jpg)
Q&A?
Mattia Epifani
Digital Forensics Expert
Owner @ REALITY NET – System Solutions
President @ DFA Association
CEH, CHFI, CCE, CIFI, ECCE, AME, ACE, MPSC
Mail [email protected]
Linkedin http://www.linkedin.com/in/mattiaepifani