Click the cellebrite ufed link download the ufed reader exe file
|
Workshop 11 | TJA 2021 |
|---|
Topic Eleven: Mobile Forensics
1. Start Magnet AXIOM Process, and click the CREATE NEW CASE button. In the Case number text box, type today’s date followed by a hyphen and the number of the case you’re working on that day. In both the LOCATION FOR CASE FILES and LOCATION FOR ACQUIRED EVIDENCE sections, type Jim_Shu in the Folder name text box. In both sections, click the BROWSE button next to the File path text box, navigate to and click your work folder, and click Select Folder. Click the GO TO EVIDENCE SOURCES button.
2. In the SELECT EVIDENCE SOURCE section, click the MOBILE icon. In the next window, click ANDROID to specify the type of device you’re accessing, and then click NEXT. In the next window, click the LOAD EVIDENCE icon, and then click IMAGE. Browse to and click the TCL Alcatel_JShu.zip file, and then click Open. In the EVIDENCE SOURCES window, click NEXT.
Part 2: Magnet AXIOM for analysing Tom’s cell phone image [2 marks]
In an actual case in which several hard drives or mobile devices have been seized as evidence, you would add devices to the case in Magnet AXIOM Process (or a similar function in other tools).
5.Write a short report describing your findings and any conclusions you drew. Include your screenshots from Step 2. When you’re finished, exit Magnet AXIOM.
Part 1: Santoku Linux for Mobile Forensics [2 marks]
4.Next, you need to create an Android 2.3.3 virtual device (AVD) for making a forensic extraction. Click Start, Santoku, Development Tools, SDK Manager. Santoku Page 2 of 6
| ICT378 | Workshop 11 | TJD 2021 |
|---|
downloads the development tools, which might take a few minutes.
10.In the VM’s command prompt window, type adb install ~/Desktop/AFlogical- OSE_1.5.2.apk and press Enter. When you see the “Success” message, you know the APK was able to retrieve data from the Android virtual device.
11.Close the AVD and any other open windows, and exit Santoku.
1.Start a Web browser, go to and scroll to the table at the bottom of the page. Click Mobile Device Images, and on the next page, click the Cellebrite UFED link.
2.Download the UFED Reader 3.2.exe file. In the table on the first page, find the entry with Nokia in the first column and Logical Acquisition in the second column. In the third column, click the ufdr link, and download Nokia-logical.ufdr. Go back to the table, find the entry with Nokia in the first column and Physical Acquisition in the second column. In the third column, click the ufdr link, and download Nokia- physical.ufdr.
| ICT378 | Workshop 11 | TJD 2021 |
|---|
Part 3: SIM Manager for Mobile Forensics [2 marks]
Many SIM card reader tools aren’t forensically sound. In this project, you use one of these tools to examine SIM cards.
5.Click the SMS Messages icon on the left. Examine the messages displayed on the right.
6.Click the Print toolbar icon to print the messages. Accept the default selections, and then click Print.
12.Compare the two sets of messages, and correlate the timestamps.
13.Write a short report on your findings and any relevant conclusions.
