The slides from the SICHERHEIT 2010 conference are now available for download. Please feel free to leave a comment.
The last days we worked on a paper for the Sicherheit 2010 conference. You can find the abstract of this paper here after.
Abstract: Nowadays, smartphones constitute one of the most commonly used electronic devices. Today’s smartphones combine a variety of different technologies: they offer in addition to excellent mobile availability and connectivity also high-speed data transfer for the user. Moreover, they are multimedia capable due to their integrated digital camera or music player, and offer a wide variety of communication services like e-mail, SMS or MMS. Consequently, they are used increasingly as a “mobile office”. In this paper, we outline the possibilities and obstacles of secure deletion, namely the problem of deleting sensitive data on a smartphone in such a way that this data cannot be restored during a later forensic investigation. In order to guarantee the complete deletion of data, it would be necessary to access the memory chip directly such that we can overwrite the address space of existing data with arbitrary data. However, this approach is not possible when dealing with smartphones due to several reasons. On the one hand, the user’s activities are restricted on the device, which implies that farreaching system interventions cannot be conducted easily. On the other hand, writing on a specific physical address is hindered due to the use of “wear leveling” algorithms on flash chips, which are intended to optimize durability. We discuss these problems in detail and introduce an approach to more securely delete data under certain constraints.
We are hoping that it will be accepted.
If you want to read the final version of my diploma thesis don’t hesitate to write an email.
Because of data privacy the published version doesn’t contain Chapter 4 (the functionality as well as the applicability of the developed tool is tested on several mobile phones by analyzing extracted data in a forensic way).
Although tools to extract such evidence already exist, there is a strong demand to develop more sound forensic procedures and tools in order to analyze data from a previously created dump as well as from the mobile phone itself. This aspect will be a major focus within this diploma thesis.
The developed tool should enable the process of loading a memory image which was previously created, with the help of Twister-Box. Those retrieved data, which are (dependent on the producer) available in coded form, will be subsequently converted into plain text to nally draw conclusions about the relevance of the content in the context of forensic analysis. Within all those operations it is tremendously important to not change data stored on the mobile phone or the dump, respectively. The reason for this lie in the fact that only unchanged data fulll the requirements of usability in a court of law. Within this part of the diploma thesis we will also address the issues of producer-specic codications of data and their store areas on mobile phones.
This diploma thesis will also include a chapter discussing the possibilities of securely deleting stored data directly from the mobile phone. Optionally, this thesis constitutes the forensic analysis of the SIM card, due to the fact that on the SIM card important data are stored (e.g. location information, which can play a vital role in resolving a crime). In order to conduct such an analysis successfully the PIN number is needed which implies an active commitment of the suspected person.