[ISN] Forensic toolkit harvests cellphone data

From: InfoSec News (alerts@private)
Date: Tue Sep 12 2006 - 00:33:35 PDT


http://m-net.net.nz/content/view/614/373/

By Keith Newman    
11 September 2006

A new breed of forensic tools, designed with the help of Whangarei-based 
Thackray Forensics, can now access and clone the full contents of a 
mobile phone or PDA within seconds.

Managing director John Thackray is one of a handful of qualified 
instructors in the use of the .XRY toolkit worldwide and is the only 
qualified instructor in the Southern Hemisphere. Since the launch of the 
range of products from Micro Systemation (MSAB) he has trained 
specialists in government and corporate organisations including the FBI, 
the British Secret Service, Scotland Yard and the Italian police.

However he says the majority of New Zealand's law enforcement and 
corporate agencies are still lagging in this area of technical 
investigation. To date only the Customs Services and one other service 
that cannot be named are using the technology other than Thackray 
Forensics.

Thackray, a former British policeman, was originally imported to New 
Zealand over a decade ago as the first full-time New Zealand Police 
computer forensics expert and has not only helped develop the toolkit 
but has also come up with operational procedures that are now being 
adopted worldwide.

He has just returned from teaching the Italian police how to use the 
technology in their detection of terrorism and for forensic 
investigation. In August he is off to train the Royal Canadian Mounted 
Police on how to use the new electronic crime fighting tools.

He says the cellphone is taking over from the computer as the modern 
criminal's preferred tool of trade with organised crime, drug dealing 
and fraudsters using text messaging as their main means of 
communication.

The major problem recovering information from cellphones in the past has 
been the inability to access the myriad of models, operating systems and 
protocols used by different manufacturers. "Even the same manufacturer 
may have a variety of phones with diverse systems and there are up to 50 
models released globally every month," says Thackray.

The new approach can access all models and operating systems to harvest 
physical information from SIM cards and memory cards. "It is phenomenal 
the amount of information that can come from cellphones including 
deleted SMS messages, contact lists, and historical information about 
the phone owner from a deep level on the computer chips."

In the corporate sector the toolkit is useful in detecting everything 
from inappropriate text messaging on company phones to uncovering 
industrial espionage and the theft of intellectual property. "It is not 
uncommon now for a cellphone with a camera to have a 2Gb SD card to 
store photographs, videos and data. You could steal a company's whole 
database. The cellphone is becoming a high priority on the list of 
things to get at a crime scene and is streamlining investigations."

However he warns people who're upgrading or selling their old cellphone 
to be wary even though they may think they have wiped the memory data. 
"I purchased six cellphones from a second hand outlet in Malaysia as 
part of an exercise teaching their customs people. We got text messages, 
contact lists and some very personal photographs. This is a real concern 
in terms of privacy," says Thackray.

"Even after you have wiped your hard drive there's still information 
there that people with the right tools and knowledge can retrieve and 
you can buy cracked versions of these tools on the internet already."


_________________________________
HITBSecConf2006 - Malaysia 
The largest network security event in Asia 
32 internationally renowned speakers 
7 tracks of hands-on technical training sessions. 
Register now: http://conference.hitb.org/hitbsecconf2006kl/



This archive was generated by hypermail 2.1.3 : Tue Sep 12 2006 - 00:44:36 PDT