For this weeks lab, you will need to access the software through VM. Once you are in VM, go to the Start Menu, find Paraben and the click Device Seizure. Please note that some of the information in the videos deals with actual working with physical devices. Since this is an online class, you will be working only with images of devices. With that being said, you will need to download the image of the Palm Treo from Blackboard or download from Passouts-Paullet-Mobile, to your desktop. The image must ALWAYS be copied to the desktop in order to open it in the software. Once the image is on the desktop you can Click the image and it will open in Device Seizure or you can import the file by opening the software then clicking open case. Once the image is in the software you will need to click SORT from the top task bar. If you do not Sort the data you will not be able to analyze the image. For this weeks case you are only responsible for finding the answers to the questions being asked. You will need to explore the software to find the answers. Mobile forensics is very different than computer forensics. There is not a one size fits all for all phones.  The software that you are using currently supports over 26,000 devices. With each device you will see differences. In many ways  this is much different than computer forensics. Throughout the next few weeks you will see the file structures change from phone to phone. Please use the first couple of labs to become familiar with the tool. In addition to answering the questions in detail, you need to write a 1-page report. 

Note:  The required Paraben Device Seizure case file is attached to this assignment.  The case file name is “Palm Treo Case File.ds”

  • Any assignments submitted after that time will receive a 10% penalty per day and after three days the assignment will not be accepted.

Assignment Rubric ( 100 Points)Forensics analysis and written report80Writing Standards – APA format20


– attachmentsSlide 1 of 4

  • attachment_1attachment_1
  • attachment_2attachment_2
  • attachment_3attachment_3
  • attachment_4attachment_4


GSMA Intelligence January 2015 From feature phones to smartphones, the road ahead The increasing number of smartphone models priced under the $100 mark is the main driver of consumer migration from basic and feature phones to smartphones. GSMA Intelligence research shows that by 2020, around two thirds of all connections globally (excluding M2M) will be smartphones, illustrating the rapid shift away from basic and feature phones, which encompassed more than half of global connections in 2014. Data terminals (e.g, dongles, tablets, routers) make up the remaining share of connections (at just below 10% in 2014). Smartphones began as a developed world phenomenon … In many developed markets, smartphone adoption is approaching the 70-80% ‘ceiling’ at which growth tends to slow. Across the developed world, basic and feature phones represented only around a quarter of all connections in 2014, while only a residual share of the market is expected to run on these devices in 2020 as smartphones become ubiquitous. While heavy operator subsidies have contributed significantly to this shift in device migration in the developed region, the availability of smartphones at the same price as basic and feature phones shows that the latter device category is rapidly becoming obsolete. A study of Best Buy’s portfolio of ‘unlocked’ handsets in the US shows that the vast majority (84%) of mobile phones offered in the country are smartphones (most of them running on Android), with a number of them priced at the same level as that of the remaining basic and feature phones – less than $100 (Average Selling Price, before discounts and subsidies). Around half of smartphones on offer are priced below $200, while 29 smartphones are priced between $47 and $80. Devices that form the portfolio of basic and feature phones on offer still hold a slight pricing advantage, but this may not be the case for long. Figure 1: Best Buy USA, online portfolio of ‘unlocked’ handsets, December 2014 Source: GSMA Intelligence … but the focus is shifting to developing economies In 2010, the global smartphone connections market was equally distributed between the developed and developing regions. However, almost seven in every ten smartphone connections were located in the developing world in 2014. We expect that the rate of smartphone adoption will continue to increase over the coming years, driving the region to encompass four in every five smartphone connections globally by 2020. The wider availability of more affordable smartphones is an important factor behind this trend, however we expect that the transition away from basic and feature phones in the region will take longer as the availability of low-cost smartphones (below the $50 price point) is still limited. As of 2014, less than a third of all connections in the developing region are smartphones, showing the large prevalence of basic and feature phones currently. By 2020, we expect that only around 30% of connections in the region will still be running on basic and feature phones. Figure 2: % of regional total connections (excluding M2M) Source: GSMA Intelligence Our research shows that, while smartphone prices have declined since 2008 – by 30% in Asia, 25% in Latin America and 20% in Africa – the majority of smartphones in the developing world are priced above the $100 mark, whereas the ‘sweet spot’ for these regions is considered to be in the $25-$50 range. Mozilla is one of the pioneers of low-cost smartphones, announcing a $25 smartphone design at Mobile World Congress in 2014. The company’s COO, Li Gong, explained that Mozilla’s success in driving down the cost of smartphones using its Firefox OS was down to optimising its software for lower-cost hardware. Gong noted that “sometimes the margin on the low-cost phones could be actually bigger than higher cost hardware because it’s a question of what OS you put on and what optimisation you can get from the OS. We heard lots of demand for lower prices — below $50, below $40 phones. And we hear loud and clear that the market for that sort of segment, where you convert feature phone users to smartphone users, [is] a huge market for us”. Last year, a number of smartphones priced between $25-$50 were introduced across the developing region, with new models from several handset manufacturers. These launches only mark the start of a price expansion trend towards low-cost levels that will spread to more developing economies, contributing to the adoption of smartphones in the region – but this will not happen overnight. Last May, Ooredoo Group explained that in the markets it operates in, “not everyone has got a smartphone. In fact, the majority have got feature phones or 2G phones […] certainly in the developing market in Iraq and Indonesia and Algeria. The smartphone revolution is happening but it is not there yet.” GSMA Intelligence is run by GSMA Limited, a wholly owned subsidiary of GSMA © 2015 GSMA Intelligence. GSMA, The Walbrook Building, 25 Walbrook, London EC4N 8AF Lab #2 CELEBRITY STALKING CASE Case Brief: The owner of a Palm Treo 650 Smart Phone was arrested for stalking outside of a well-known celebrity’s home on the morning of May 14, 2009. Investigators must determine if the phone contains evidence pertaining to the stalking of ______? Case Questions 1. What is the owner’s name and address? 2. When was the device last “synched?” 3. Whose work phone number is 911? 4. What is the owner picking up before the BBQ at the beach? 5. Is there Internet history being stored on the device? If so, what sites were visited? 6. What is the Username associated with the device? 7. What is the phone number for voice mail? 8. When is “Baywatch Trivia Night?” 9. With what celebrity is the owner of the device obsessed? 10. Are there pictures of this celebrity on the device? If so, how many? 11. Write a 1-page report answering the below questions a) Describe, in detail, three (3) functions used in Device Seizure to find the information on the celebrity stalking case. b) What is the importance of each function in conducting a forensics analysis on a mobile device? What is a SIM card? A SIM card, also known as a subscriber identity module, is a subscriber identity module application on a smartcard that stores data for GSM/CDMA Cellular telephone subscribers. Such data includes user identity, network authorization data, personal security keys, contact lists and stored text messages. Security features include Authentication and encryption to protect data and prevent eavesdropping. The smartcard with Subscriber identity module application is generally known as SIMCARD. But, In reality, the SIM is effectively a mass-market smartcard. When the SIM is viewed as a smartcard, it opens up security possibilities that resonate far beyond the mobile world. By combining stored evidence of identity (such as a key) with personal information only the user will know (a password, for example), it offers the same two-tier authorisation provided by smartcards. It is becoming clear that the SIM — a feature unique to the mobile world — has applications far beyond those for which it was originally designed. The clue is in the name — Subscriber Identity Module. It was created to remotely authenticate users to the network and to the billing systems that allow operators to generate revenues from voice traffic. The GSM standards as specified by ETSI requires authentication of a mobile subscriber through a secure device (the SIM card). Functionality of the SIM card? The SIM card performs the following valuable functions: 1) Identification of a subscriber: The IMSI programmed on the SIM card, is the identity of a subscriber. Each IMSI is mapped to a mobile number and provisioned on the HLR to allow a subscriber to be identified. 2) Authentication of a subscriber: This is a process, where, using the authentication algorithm (COMP128V3 for 2/2.5 G GSM, CAVE for CDMA and Milenage for 3G) on the SIM card, a unique response is provided by each subscriber based on IMSI, Ki (stored on SIM) and RAND (provided by network). By matching this response with values computed on the network a legal subscriber is logged on to the network and he or she can now make use the services of the mobile service provider. 3) Storage: To store phone numbers and SMS. 4) Applications: The SIM Tool Kit or GSM 11.14 standard allows creating applications on the SIM to provide basic information on demand and other applications for m-commerce, chatting, cell broadcast, phonebook backup, location based services etc. Subscriber information, such as the IMSI (International Mobile Subscriber Identity), is stored in the Subscriber Identity Module (SIM). The Subscriber Identity Module (SIM) can be used to store user-defined information such as phonebook entries. One of the advantages of the GSM architecture is that the SIM may be moved from one Mobile Station to another. This makes upgrades very simple for the GSM telephone user. Why is the SIM card secure? SIM card in reality is a mass market smartcard with a subscriber identity module application. SIM Cloning can not be confused with smartcard cloning. It is not possible to clone the smartcard and only data can be read when application allows the reading of the data.(SIM Cloning is covered below) Smartcard is very secure and provides i) ii) iii) the secure loading of the applications Secure data storage for the application data and application cryptographic keys Secure Crypto operation support. However, Application security depends on the application design and smartcard only provides a secure platform for developing secure applications. The security of smart card is similar to the security offered by HSM(Hardware security module). Security of Subscriber Identity Module(SIM application) The Presence of Cryptographic algorithm and secret key in SIM card makes the SIM card secure. The most sensitive information of SIM card is the cryptographic algorithm A3, A8, secret Ki, PIN, PUK and Kc. A3, A8 algorithm were written into the SIM card in the producing process, and most people could not read A3, A8 algorithm. HN code could be settled by the phone owners. PUK code is held by the operator. Kc was derived in the process of encryption from Ki. The other factors which make the SIM secure are…. PIN and PUK: PIN –Personal Identification Number 2 PINs exist (PIN 1 and PIN2) Limited attempts on PIN access PUK –PIN Unblocking Code Resetting PUK, resets PIN and the attempt counter Too many attempts on PUK blocks use permanently Two ways of Storing Data in SIM 1. As GSM Files The data used for Telco and GSM operation are all stored over the files. Telco/operator can change the Data this file through RFM in a secure channel. Only upon successful verification of file access condition a file can be read. All files are protected by access conditions. 2. As application data within an STK application as instance data. mChek stores all its secured encrypted information within application data. All the information stored is in persistent objects. Only mChek Server can access these data through mChek OTA platform. Further, data on the SIM is protected by Administrative keys which are in hexadecimal and it is proven, that to compromise the security of a SIM one requires physical access to the SIM, enormous supercomputing ability and lots of time to crack one single card. Till date there are no instances of COMP128V3 (GSM), CAVE (CDMA) or Milenage (3G) being compromised. The few reported cases in the media are of COMP128V1, which is phased out and it is acknowledged that this version has been hacked and with physical access it is possible to clone these cards. The applications on the SIM(for GSMA)/RUIM(for CDMA) cards are protected by the same set of administrative keys and are hence subject the same levels of security. In addition, the messages transmitted from the SIM can be encrypted with DES/TDES which are well accepted in banking industry as a secure encryption standard. Additional security can be enforced by implementing more complex algorithms and digital certificates (issued by CA). M-banking applications have been implemented across the world from Latin America to Europe to Asia. What are the current SIM card capabilities in the Market Place ? From the Year 2003, the SIM cards which were provided in the Market Place were Java 2.0, however, because there was no need of porting the application and due to commercial implications this was discontinued for about 2 years and has again started to be issued. However, the market would have about 50% of the cards OTAC enabled (Source: GemAlto). Though this is the position in the market place, getting all the SIM cards which are OTAC enabled application portable compliant there is a lot of work that needs to be done with the customer’s SIM card and each individual SIM vendor. Operationally this is absolutely not feasible. However, in the past we have seen with the 8K to 32K migration keeping in mind the kind of churn rate that we see in the Industry it will take about 3 years for all old SIM cards to move to a new Portable SIM card which can house secure banking applications. Also Telecom Operators (Bharti Airtel has already started the exercise) can provide new secure applications in all new activations and also ensure that they are application portable compliant. What needs to be done to ensure that the SIM cards in the Market Place can house safe banking based applications? SIM(smartcard) provides the secure platform for developing a highly secure applications. The banking application should be designed with out any security loop holes by utilizing the secure storage and secure cryptographic operation provided by smartcard. The Cryptographic keys used by the banking application can be loaded in to banking application data storage on the smartcard. The Global Platform standards can be adopted for the design and development of Banking applications. The SIM/RUIM is a device which is easy to distribute and cuts across the entire subscriber base of a mobile service provider. Secure applications on a SIM/RUIM address the entire base of a mobile service provider. Conclusion 1. The current market scenario does not allow the SIM cards available in the market place to be ported with applications over the air. 2. New SIM card seeding would be required for this activity which some Telco’s have already started working on. 3. SIM card is extremely secure as a mode and is ideal for Banking Applications to be ported on. 2016 NowSecure Mobile Security Report TA B L E O F C O N T E N T S I. Introduction: Security in a mobile world 2 II. Mobile security requires new methods 4 III. Mobile security snapshot 5 A. System issues 6 1. Google Android 6 2. Apple iOS 7 B. Configuration issues C. App issues 8 1. Leaky apps and social engineering 9 2. A note on app containerization 9 D. Network issues IV. 8 9 Detailed app vulnerability findings 10 A. Methodology 10 Overview of app security weaknesses 12 C. Security weaknesses by app category 14 B. 1. Business 14 2. Finance 15 3. Games (aggregated) 16 4. Shopping 17 5. Social V. 1 © 2016 NowSecure. All rights reserved. Conclusion 18 19 I. Introduction: Security in a mobile world 87% of time spent using mobile devices is spent using apps IT and security professionals who manage and secure personal and corporate-owned mobile devices for enterprises have a difficult job. People want to use a wide range of different devices and mobile apps to access enterprise assets, interact with corporate data, and collaborate with their colleagues. Because mobile began as a consumer technology, many 74% devices lack the security and administrative functions that IT and security teams use to of organizations allow, or manage traditional endpoints such as laptops and desktops. plan to allow, employees The speed, volume, and variety of devices coming online is incredible. Benedict Evans, an analyst at Andreessen Horowitz, summed it up well when he titled a presentation, “Mobile is to use their personal mobile devices for work eating the world.”1 Consider the following: • The number of mobile devices on Earth has surpassed the number of people living on it2 • In 2015 more Google searches occurred on mobile devices than on computers in 10 countries3 • 87 percent of time spent using mobile devices is spent using apps4 • An average of 53,309 mobile apps were released on the Apple App Store each month in 20155 • Forrester predicted people would download more than 226 billion apps in 20156 The mobile tidal wave will not subside any time soon, and enterprises need to prepare themselves. In 2015, Tech Pro Research reported that 74 percent of organizations allow, or plan to allow, employees to use their personal mobile devices for work.7 Employees want to use their own devices, and enterprises want to realize the benefits of increased productivity that come with the bring-your-own-device (BYOD) approach. In discussion around BYOD, an important point is often overlooked. More important than who owns the device is how it is used and how it is secured. Enterprise risk is increasing as a greater variety of devices running more apps from untrusted sources connect and process sensitive data. Tightly controlling all devices and limiting apps to a small whitelist is simply not viable for all scenarios. Connect with us: 2 © 2016 NowSecure. All rights reserved. A B O UT THIS REPORT We present this report, gleaned from our database of mobile security intelligence, to help IT and security pros make informed decisions about managing and securing mobile devices, mobile apps, and their enterprises’ mobile ecosystem. 35% of communications sent by mobile devices are unencypted Some of our eye-opening statistics regarding mobile insecurity include: • 24.7 percent of mobile apps include at least one high risk security flaw • The average device connects to 160 unique IP addresses every day • 35 percent of communications sent by mobile devices are unencrypted • Business apps are three times more likely to leak login credentials than the average app • Games are one-and-a-half times more likely to include a high risk vulnerability than the average app Enterprise IT and security teams should take data points such as these into consideration as they develop and manage their mobile security strategies. Connect with us: 3 © 2016 NowSecure. All rights reserved. II. Mobile security requires new methods The traditional, malwarefocused approach to network security does not translate to mobile. Mobile endpoints differ from traditional endpoints in a number of ways: • Lack of administrative, or “root,” access • Complex, drawn-out patching cycles for device updates • Operating system (OS) access-control that limits the functionality of security apps • Constant connectivity, frequently traversing insecure and untrusted networks • A broad attack surface spanning devices, apps, and back-end services and infrastructure The traditional, malware-focused approach to network security does not translate to mobile. According to Verizon’s 2015 Data Breach Investigations Report, only “an average of 0.03 percent of smartphones per week—out of tens of millions of mobile devices on the Verizon network—were infected with ‘higher-grade’ malicious code.”8 Focusing on malicious apps leaves out too many important aspects of mobile security. We founded NowSecure on a different approach to mobile security, which we call the SCAN Principle. SCAN stands for System, Configuration, Apps and Network. System vulnerabilities include security flaws in mobile operating systems….

Do you similar assignment and would want someone to complete it for you? Click on the ORDER NOW option to get instant services at

Do you have a similar assignment and would want someone to complete it for you? Click on the ORDER NOW option to get instant services at We assure you of a well written and plagiarism free papers delivered within your specified deadline.