±Forensic Focus Partners

±Your Account


Nickname
Password


Forgotten password/username?


Membership:
New Today: 0
New Yesterday: 17
Overall: 27344
Visitors: 72

±Follow Forensic Focus

Join our LinkedIn group

Subscribe to news

Subscribe to forums

Subscribe to blog

Subscribe to tweets

Forensics Android App

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page Previous  1, 2, 3, 4, 5  Next 
  

Re: Forensics Android App

Post Posted: Tue Jul 24, 2012 4:13 am

Hi ForensicIT_Dude,

Retrieving the data is a simple process of putting the phone into USB Debugging mode and sending the files across a java pipe. The down side to this is the fact the examiner needs to know where to photos are stored on the device as they are required to enter a destination.

With regards to deleted files - I haven't really thought about it. I believe retrieving deleted photos would be of great benefit to the program, but make it much more complicated. Perhaps something to look into once I have the basics completed. I assume the photos are stored in a DB?  

JWasley
Member
 
 
  

Re: Forensics Android App

Post Posted: Sat Jul 28, 2012 1:25 am

James, nice project. Some observations of possibilities:

- where the images are stored on the desktops does PEAP differentiate between the file timestamps and timestamps recorded in the images?

- where your app shows timestamps in images created by particular mobile OSs, will the app identify the format of the timestamp?

- where you show the box containing 'GT-I9100' perhaps you may wish to consider adding another box underneath it or have a user selectable arrow from a corner of the GT-I9100 box that allows an IMEI to be displayed (if it is recorded in the EXIF data). My preference would be the former because I don't want to have an app that make me hunt for the basic info and invariably images do get transferred between mobiles/devices containing EXIF data?

- it would be useful to have a feature that allows exploration in hex view where your app viewer highlights the hex data relevant to the data shown in your image above?

- where images that have been deleted, recovered, and saved in the PEAP app folder (or wherever the images are stored on the desktop) perhaps PEAP could have access to competitive product viewers, e.g. Irfanview etc?

- how might your app comment to the investigator where all metadata is missing? I am still working on this project - www.forensicfocus.com/...ic/t=9071/

Given the timescale of your FYP I appreciate you may not include all or any of the above observations.

Good luck.
_________________
Institute for Digital Forensics (IDF) - LinkedIn
Mobile Telephone Examination Board (MTEB) - LinkedIn
Mobile Telephone Evidence & Forensics trewmte.blogspot.com
ForensicMobex now MTEB Linkedin Subgroup 

trewmte
Senior Member
 
 
  

Re: Forensics Android App

Post Posted: Tue Jul 31, 2012 7:17 am

Hi Trewmte,


- trewmte

- where the images are stored on the desktops does PEAP differentiate between the file timestamps and timestamps recorded in the images?

When the picture is copied from the device, the date shown in PEAP is the date the photo was taken. I've just done some tests, and if the user was to right click the duplicated image and go to it's properties, the "date created" changes. However, as I've said - the date shown on PEAP is the original date. Not sure if this would be an issue?


- trewmte

- where your app shows timestamps in images created by particular mobile OSs, will the app identify the format of the timestamp?

What do you mean "the format of the timestamp"? If you mean the way in which the timestamp is layed out EG - dd/mm/yy, I wouldn't imagine so. The only devices I've tested the program on is Android (Icecream and Jellybean).


- trewmte

- where you show the box containing 'GT-I9100' perhaps you may wish to consider adding another box underneath it or have a user selectable arrow from a corner of the GT-I9100 box that allows an IMEI to be displayed (if it is recorded in the EXIF data). My preference would be the former because I don't want to have an app that make me hunt for the basic info and invariably images do get transferred between mobiles/devices containing EXIF data?

Adding the IMEI is a great idea. Never thought of that - thanks. Although i'm not sure if the IMEI is stored in EXIF data?


- trewmte

- it would be useful to have a feature that allows exploration in hex view where your app viewer highlights the hex data relevant to the data shown in your image above?

Another fantastic idea that I will definitely include if time isn't an issue.



- trewmte

- how might your app comment to the investigator where all metadata is missing? I am still working on this project - www.forensicfocus.com/...ic/t=9071/

Unsure what you mean by this question.

Thanks for the ideas trewmte. Definitely giving me something to think about!  

Last edited by JWasley on Tue Aug 07, 2012 6:08 am; edited 1 time in total

JWasley
Member
 
 
  

Re: Forensics Android App

Post Posted: Tue Jul 31, 2012 9:59 am

There is an app for Androids that shows where texts are made from, where calls are made from, the top ten apps that have sent out data on the phone, and many other features. Its called "Sentrysp insight" on the google store.
_________________
Chris Faiella\r\nManaging Director, Digital Forensics\r\nGlobal Risk Solutions\r\nMiami, Florida 

cjfaiella
Newbie
 
 
  

Re: Forensics Android App

Post Posted: Mon Nov 26, 2012 11:25 am

Update 2

Thought i'd post a quick update as I have several people contacting me via private messaging regarding the project.

If you haven't read the above posts, the project has changed some-what from the original post.

WATSON (originally named PEAP) is a Java based application designed to run on Windows 7. Aimed at law enforcement agencies, WATSON allows you to perform secure forensic extraction of images from a wide variety of devices and unearth potential evidence from metadata.

From the data retrieved, WATSON enables the user to produce a timeline detailing when and where photos were taken using Google Earth. Furthermore, WATSON has an in-built feature which can produce both web and word based reports. The idea behind this is to help reinforce evidence used during a trial.





I'm at a stage where the project is nearly complete and I'm in need of suggestions / improvements. Good or bad, I'd like to get some feedback.

Cheers  

JWasley
Member
 
 
  

Re: Forensics Android App

Post Posted: Mon Nov 26, 2012 8:32 pm

JWasley,

So you are working on a final paper, why did you put for Law Enforcement on your program?
_________________
Why order a taco when you can ask it politely?

Alan B. "A man can live a good life, be honorable, give to charity, but in the end, the number of people who come to his funeral is generally dependent on the weather. " 

armresl
Senior Member
 
 
  

Re: Forensics Android App

Post Posted: Tue Nov 27, 2012 9:24 am

Is there a way to tell where information was generated by your software, versus keyed in - there is no way to tell form the screenshot if the image details are from EXIF, calculated, or keyed in.

- JWasley
Update 2
I'm at a stage where the project is nearly complete and I'm in need of suggestions / improvements. Good or bad, I'd like to get some feedback.


In light of the above, I second the question below.

- armresl
JWasley,

So you are working on a final paper, why did you put for Law Enforcement on your program?
 

jhup
Senior Member
 
 
Reply to topicReply to topic

Share this forum topic to encourage more replies



Page 3 of 5
Go to page Previous  1, 2, 3, 4, 5  Next