What Will I Learn?
We are big on our pentesting and hacking tools lists, for example,
“Our Top Ten Linux Penetration Testing Linux Distro’s”, “Our 2013 recommended penetration testing tools” and “Linux wireless pentesting distributions” and it’s certainly time to have a look at digital forensics tools within mobile device forensics.
Update: since this post was written all the popular hacking tools as mentioned above are here and I’ve also created a mobile encryption app resource here.
What is Mobile Device Forensics?
Mobile device forensics is directly connected to digital forensics and can be defined as being the recovery of digital information or data which is often used for criminal evidence. Mobile Device Forensics by definition applies only to mobile devices, e.g. tablets, cell phones, etc, but the term also includes any portable digital device that has both internal memory and communication abilities such as PDA devices and also GPS devices.
It is definitely worth mentioning here that if mobile (cell) digital forensics is your thing then we’d really encourage you to watch our Hacker Hotshot web show with Georgia Weidman titled: “Smartphone Penetration Testing Framework.”
Mobile Forensics Tools
Our list is a mix of open source and commercial digital forensics tools used in forensics tools are typically platform-specific and are configured to address smartphone analysis. Here are a few examples:
(If you can think of a tool that we might be missing please let us know in the comments below, thanks!)
The iPhone Analyzer allows you to forensically investigate and recover data from within an iOS device. The iPhone Analyzer is a forensic tool that works with iTunes and supports all the latest iOS devices. This security tool, which is Java-based, works on every major Operating System. The developer’s website contains a lot more information but in summary, this forensics tool can, for example, recover “deleted” sqlite records (as long as they have not been purged by the device). This tool also allows users to browse the device file structure and can analyze jailbroken devices directly over SSH.
BitPim is certainly worth checking out if you are interested in mobile forensics. BitPim, which is free to download and use, allows the user to view and manipulate data on most CDMA phones. The tool is very well supported and their website contains a lot more information including screenshots.
These guys have many excellent mobile forensics tools that they have developed – many of which are free to use! Out of all the resources in this post, we’d recommend these guys the most. One of their key products is via extract, a program that allows the user to extract data from Android devices, crack passphrases and PINS and to examine images from external (SD) and internal (EMMC) storage cards. This program, which is one of their commercial products, works on many of the most popular Android smartphones and mobile devices.
Mobile Internal Acquisition Tool (MIAT)
Follow this link for a really great resource into this tool which discusses a crucial aspect of Mobile Device Forensics, i.e. the recovery of deleted SMS Text Messages. We are not 100% sure if this tool is publically available and if anyone reading this can help us locate where to find it we’d been very grateful!
Although their website has not been updated for several years the actual framework seems to have been updated just this April 2013 so if you are interested in mobile forensics then certainly take a look at TULP2G. By their own definition, “TULP2G is a forensic software framework developed to make it easy to extract and decode data from digital devices.”
Katana Forensics’ Lantern Lite Imager
This product, which we believe is at version 3, is a well known mobile forensics tool which seems to be particularly well suited for iOS devices such as iPhones, iPod Touch, and iPads. The Latern (as the folks behind the tool prefer to call it) allows the user to parse and triage a Mac running OSX or a Mac OSX image and also allows for data extraction, analysis, and auditing.
With the continued growth of mobile and portable devices and the decline of the desktop market, digital mobile forensics will continue to become a popular subject and skills within this space will be very much in demand, especially if you are interested in following a career in digital forensics. Let us know your thoughts below, and please add a tool if you think we might have missed one (which I am sure we have since there are dozens of them out there).
BuiltWith, which I use via its' Chrome browser extension is a useful tool. Why? Because you can see what tech a website is using. The types of data you can find out about include: Their...
This is promoting a paid service (I'm not an affiliate for this product) but anyway - here it is! Just shy of a million individuals are available to advertise your brand for USD $75 each month if...