The slides from the SICHERHEIT 2010 conference are now available for download. Please feel free to leave a comment.
If you want to read the final version of my diploma thesis don’t hesitate to write an email.
Because of data privacy the published version doesn’t contain Chapter 4 (the functionality as well as the applicability of the developed tool is tested on several mobile phones by analyzing extracted data in a forensic way).
Although tools to extract such evidence already exist, there is a strong demand to develop more sound forensic procedures and tools in order to analyze data from a previously created dump as well as from the mobile phone itself. This aspect will be a major focus within this diploma thesis.
The developed tool should enable the process of loading a memory image which was previously created, with the help of Twister-Box. Those retrieved data, which are (dependent on the producer) available in coded form, will be subsequently converted into plain text to nally draw conclusions about the relevance of the content in the context of forensic analysis. Within all those operations it is tremendously important to not change data stored on the mobile phone or the dump, respectively. The reason for this lie in the fact that only unchanged data fulll the requirements of usability in a court of law. Within this part of the diploma thesis we will also address the issues of producer-specic codications of data and their store areas on mobile phones.
This diploma thesis will also include a chapter discussing the possibilities of securely deleting stored data directly from the mobile phone. Optionally, this thesis constitutes the forensic analysis of the SIM card, due to the fact that on the SIM card important data are stored (e.g. location information, which can play a vital role in resolving a crime). In order to conduct such an analysis successfully the PIN number is needed which implies an active commitment of the suspected person.