Mobile forensics qu...
 
Notifications
Clear all

Mobile forensics question

11 Posts
4 Users
0 Likes
1,257 Views
(@aco0008)
Posts: 3
New Member
Topic starter
 

I am looking for answers to a few questions I saw posted on the forums but have been unable to find any help. Could anyone assist me in answering the following few questions? Thanks in advance.

2. What would you do if presented with an exhibit bag containing a mobile phone (which cannot be fully accessed without a SIM Card) and a SIM Card (which was not inserted and may/may not be associated with the device) separately and what could the affects be if the SIM Card was inserted into the mobile phone?

3. What methods could be applied to prevent network connection to a device?

4. If a device was not seized in the correct manner (e.g. a battery was removed) what could be affected on the device in question? or if the device was turned on/activated with a memory card inserted, what would the affects be?

5. If the connection port is damaged/missing, what would you do? what alternatives methods could be used to obtain the notable data?

6. What data extraction method would you apply if the points to prove for the case was focused on obtaining deleted data? what alternative methods could you use to carve for deleted pictures files etc?

 
Posted : 10/04/2017 6:47 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

I am looking for answers to a few questions I saw posted on the forums but have been unable to find any help. Could anyone assist me in answering the following few questions? Thanks in advance.

The board seemingly ate your question #1. 😯

Maybe the reason why you saw (where BTW?) these questions (#2 to #6) and they were not answered was because they are extremely generic (I call them "vague").

Each single device (or family of devices) will behave differently in the scenarios depicted in #2 and #4 and as well procedures/remedies will be different for each single device (or family of devices) in the scenarios depicted in #5 and #6.

At first read the only one that has a single good-for-all answer (maybe) is #3, you shield the device (by transporting/moving it inside a "faraday bag" or "faraday box" (or similar) and later by having the lab/workbench where you work on it inside a faraday cage/shielded room).

jaclaz

 
Posted : 10/04/2017 7:02 pm
(@aco0008)
Posts: 3
New Member
Topic starter
 

I am looking for answers to a few questions I saw posted on the forums but have been unable to find any help. Could anyone assist me in answering the following few questions? Thanks in advance.

The board seemingly ate your question #1. 😯

Maybe the reason why you saw (where BTW?) these questions (#2 to #6) and they were not answered was because they are extremely generic (I call them "vague").

Each single device (or family of devices) will behave differently in the scenarios depicted in #2 and #4 and as well procedures/remedies will be different for each single device (or family of devices) in the scenarios depicted in #5 and #6.

At first read the only one that has a single good-for-all answer (maybe) is #3, you shield the device (by transporting/moving it inside a "faraday bag" or "faraday box" (or similar) and later by having the lab/workbench where you work on it inside a faraday cage/shielded room).

jaclaz

Thank you for the response. I have a test with these questions so I was just looking for peoples answers to the questions just to compare them with my answers to see if I am heading in the right direction

 
Posted : 10/04/2017 7:37 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Thank you for the response. I have a test with these questions so I was just looking for peoples answers to the questions just to compare them with my answers to see if I am heading in the right direction

Then you did not saw them on the forum unanswered, and you mis-represented where they came from 😯 .

A test for what?

I mean, is it for admission to a (presumably high level ? ) UNI course, an exam part of an already joined school/UNI course (or similar) or as part of a job application, or what? ?

Maybe the idea of such a test is that you elaborate on the answers providing a range of actions/options depending on a range of possible devices.

And still possibly the idea is that you don't check which answers are the most popular online, presumably the test is about ascertaining your own knowledge (and experience and inventiveness) and not the one of the community.

jaclaz

 
Posted : 10/04/2017 7:51 pm
(@aco0008)
Posts: 3
New Member
Topic starter
 

Thank you for the response. I have a test with these questions so I was just looking for peoples answers to the questions just to compare them with my answers to see if I am heading in the right direction

Then you did not saw them on the forum unanswered, and you mis-represented where they came from 😯 .

A test for what?

I mean, is it for admission to a (presumably high level ? ) UNI course, an exam part of an already joined school/UNI course (or similar) or as part of a job application, or what? ?

Maybe the idea of such a test is that you elaborate on the answers providing a range of actions/options depending on a range of possible devices.

And still possibly the idea is that you don't check which answers are the most popular online, presumably the test is about ascertaining your own knowledge (and experience and inventiveness) and not the one of the community.

jaclaz

To save a long, elaborated answer to your remark… it's not. I have a test and these exact questions were on it and I found it on these forums in 2014. If you do not want to cooperate and be helpful then please go on about your day and hopefully another individual can help me.

 
Posted : 10/04/2017 8:18 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

To save a long, elaborated answer to your remark…

Well, in answer to

Maybe the reason why you saw (where BTW?) these questions …

A link to where you found them, like here (for context)
https://www.forensicfocus.com/Forums/viewtopic/t=11529/
https://www.forensicfocus.com/Forums/viewtopic/p=6572027/

wouldn't have represented IMHO a long, elaborated answer roll .

Now that we know where they come from, it is also clear why they were not answered (and why the missing #1), they were posted as a base suggestion by member DCS1094 to someone asking for a list of questions for a test, each of them needs to be specialized/adapted OR it will need a long, extremely expanded answer, consisting of several pages, i.e. they are intended more or less as "generic" subjects ideas for a teacher to be given as exercise to his/her students.

jaclaz

 
Posted : 10/04/2017 10:03 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

trewmte just proposed (a very extensive and articulated) answer to question #2, here
https://www.forensicfocus.com/Forums/viewtopic/p=6588141/#6588141

Contaminating Evidence ONE - http//trewmte.blogspot.co.uk/2017/04/contaminating-evidence-one.html

Contaminating Evidence TWO - http//trewmte.blogspot.co.uk/2017/04/contaminating-evidence-two.html

jaclaz

 
Posted : 21/04/2017 2:06 pm
(@trewmte)
Posts: 1877
Noble Member
 

trewmte just proposed (a very extensive and articulated) answer to question #2, here
https://www.forensicfocus.com/Forums/viewtopic/p=6588141/#6588141

Contaminating Evidence ONE - http//trewmte.blogspot.co.uk/2017/04/contaminating-evidence-one.html

Contaminating Evidence TWO - http//trewmte.blogspot.co.uk/2017/04/contaminating-evidence-two.html

jaclaz

Thanks Jaclaz. Here is a further update in the series

Contaminating Evidence FOUR
http//trewmte.blogspot.co.uk/2017/05/contaminating-evidence-four.html

 
Posted : 10/05/2017 6:39 pm
(@trewmte)
Posts: 1877
Noble Member
 

Contaminating Evidence FIVE

http//trewmte.blogspot.co.uk/2017/05/contaminating-evidence-five.html

 
Posted : 11/05/2017 8:31 pm
(@trewmte)
Posts: 1877
Noble Member
 

Contaminating Evidence SIX

http//trewmte.blogspot.co.uk/2017/05/contaminating-evidence-six.html

 
Posted : 14/05/2017 6:00 pm
Page 1 / 2
Share: