By Kevin Cardwell and Craig Wright
Service provider takeaway: This section of the chapter excerpt from Syngress Publishing's Alternate Data Storage Forensics summarizes the forensic investigative analysis methods discussed in the previous sections.
Download the .pdf of the chapter here.
The chapter started with an introduction to the personal digital assistant device, and how the technology of today has pretty much provided us with a handheld computer. We continued the discussion with a look at the concept of PDA forensics. And how many of the same things that have to be considered in forensics on normal systems; however, we discussed some of the difference that had to be considered when performing forensics on PDA devices.
Once we had covered the considerations you have to make when it comes to
PDA forensics we moved on and discussed the methods of investigating a PDA. We talked about securing the evidence, and how the PDA, docking cradle and any external memory cards should be seized. The next method we discussed was the acquiring of the evidence, we covered how we have to create an exact image of the evidence, and once we have secured and acquired the evidence we need to go on and examine the evidence we have acquired.
We continued in the chapter talking about the forensic examination considerations when confronted with a BlackBerry (RIM) device. We concentrated on how the BlackBerry (RIM) has similarities to the PDA, but one way that they do differ is the BlackBerry (RIM) does not require synchronization to receive a significant amount of information. The BlackBerry (RIM) is always on, and to make our task a little more difficult it is in a state where it is susceptible to receiving push technology updates at any time; therefore, we discussed how it is imperative that we take this into account when preparing to examine the BlackBerry (RIM). We also discussed in this chapter the software that is available to assist us when we are examining the BlackBerry (RIM), an excellent package of software is the software development kit (SDK) from BlackBerry themselves. We also discussed some of the ways and tools available to attack the BlackBerry (RIM), we discussed the BlackBerry Attack Toolkit, the Attack Vector, and the forms of hijacking or blackjacking as it is called. Finally, we wrapped up this chapter by discussing the methods of securing the BlackBerry (RIM), we did this by discussing the BlackBerry Signing Authority Toolkit that provides tools to help developers protect their data and intellectual property, and uses asymmetric cryptography to authenticate information.
PDA, BlackBerry and iPod Forensic Analysis
PDA Investigative Tips
Introduction to the BlackBerry
The iPod and Linux
About the book
Alternate Data Storage Forensics explores forensic investigative analysis methods when dealing with alternate storage options. The book presents cutting-edge investigative methods from cyber-sleuths professionals. Purchase the book from Syngress Publishing.
Reprinted with permission from Syngress Publishing from Alternate Data Storage Forensics by Amber Schroader and Tyler Cohen (Syngress, 2007)
This was first published in July 2008