Scribd Logo
Upload

Welcome to Scribd!

  • Mesbah Mobile Forensics Software Catalogue

    Uploaded by

    Maria S.Ferreira
    18 views16 pages

    Original Title

    Mesbah mobile forensics software catalogue (1)

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    18 views16 pages

    Mesbah Mobile Forensics Software Catalogue

    Uploaded by

    Maria S.Ferreira

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 16

    Mesbah

    Mobile Forensics
    Acquisition Tools
    Fapna Co.
    Mesbah

    Fapna Forensics
    Site: www.fapna-co.ir E-mail: info@fapna-co.ir 1
    Mobile devices forensics challenge:

    Is all evidence extracted from the device phone?

    Is all the gathered evidence existed on the device phone?

    Is the extracted evidence reliable?

    What if the extraction tool manipulate the evidence during extraction?

    Does the mobile forensics tool make any changes to the device phone?

    Does the mobile forensics tool support a wide range of phones in


    complete and convenient ways?

    Site: www.fapna-co.ir E-mail: info@fapna-co.ir 2


    Mesbah is a mobile phone forensics tool that is used to collect and extract
    evidence and data from smartphones. Mesbah is an Iranian software
    which is reliable in terms of security and functionality. It is comparable
    with other commercial tools such as Cellebrite UFED 4PC or Oxygen
    Forensics Detective. In some cases it has a better performance than the
    other tools.
    Site: www.fapna-co.ir E-mail: info@fapna-co.ir 3
    Site: www.fapna-co.ir E-mail: info@fapna-co.ir 4
    Mesbah Acqusiotion Methods

    Physical & Full file system methods


    These methods make use of security vulnerabilities They can be run
    on a wide range of mobile phones such as Samsung, Xiaomi, Huawei,
    and etc.

    File system method


    This method collects all available files from mobile phones of different
    manufactures such as Apple, Samsung, Xiaomi, Huawei, and etc.

    Logical methods
    This method collects all important files and evidence such as video,
    audio, image, contacts, messages, calls, browser history, and etc.
    This method can be used on different mobile phones brands and
    manufactures such as apple, Samsung, Xiaomi, Huawei, and etc.

    Site: www.fapna-co.ir E-mail: info@fapna-co.ir 5


    Mesbah Acqusiotion Methods

    Screen Capture method


    If it is not possible to obtain a phone's root permition from the phone
    and access the database files, this method can be used to extract
    evidence and data from the important applications such as messaging
    applications and social networks.
    Enable/Disable Lock Methods
    This method is used to temporarily remove the password and then
    set it again. It works on a limited number of phones.
    Apk Downgrade Method
    When it is not possible to obtain the root access on a phone, this
    method is absolutely useful. This method is very efficient in order to
    access to the database of some important and widely used applications
    such as messengers and social networks

    Site: www.fapna-co.ir E-mail: info@fapna-co.ir 6


    Screen
    Logical File System Physical
    Capture

    Image Chat Video Android Partial internal Downgrade Full Internal Full File Exynos Decrypt
    Capture Capture Capture ADB Rooted
    Backup storage apk Storage System Bootloader

    Auto Scroll Auto Scroll


    (Generic) (What’s app) FBE DBL LIVE

    Mesbah has offered several methods to collect data and evidence from
    mobile phones (base on their brand, version of operating system and
    security features).
    Site: www.fapna-co.ir E-mail: info@fapna-co.ir 7
    Receive screenshots automatically from all messages and chats of
    WhatsApp messengers. It provides an html file that includes text
    chats, profile photos, contacts, and etc. It has the ability of detecting
    unread messages, channels, groups, and some other features.
    Site: www.fapna-co.ir E-mail: info@fapna-co.ir 8
    This method collects all important files and evidence such as video,
    audio, image, contacts, messages, calls, browser history, and etc.
    from mobile device phones of different brands and manufactures
    such as apple, Samsung, Xiaomi, Huawei, and etc.

    Site: www.fapna-co.ir E-mail: info@fapna-co.ir 9


    For Android

    Android backup method will acquire android backup


    and partial backup method provides full android backup
    However, the full internal storage method, acquires any
    available files on the phone except the evidence that are
    collected in the two previously mentioned methods.
    Full file system
    It acquires all the files of different paths in the phone. specially the
    paths that require root permission.
    Apk downgrade
    It acquires the files of third-party applications that are in /data/data
    path. Accessing these files normally requires root permission.

    Site: www.fapna-co.ir E-mail: info@fapna-co.ir 10


    For iphone

    Full file system

    This method is used to collect evidence and data from jailbroken


    apple phones or apple phones that their chip is newer than A12.

    File system

    This method is used to collect evidence and data from all apple
    phones or iPads. It make use of iTunes backup and AFC method.

    Site: www.fapna-co.ir E-mail: info@fapna-co.ir 6


    11
    In order to extract the evidence and data from the database of social
    networks and messengers, the first step is to obtain root access. Since
    obtaining root access is not possible many phones, it is necessary
    to use some other methods.

    APK Downgrade method:

    One of these methods is


    APK Downgrade. It takes
    advantage of the existing
    defects in the old versions
    of programs. In this way it
    can access to their database.

    Site: www.fapna-co.ir E-mail: info@fapna-co.ir 12


    Full File System Method
    In these methods, more information can be gathered than full internal
    storage method. For example, they can provide access to /data/data
    folder in android OS.
    Site: www.fapna-co.ir E-mail: info@fapna-co.ir 13
    Physical method

    The physical method is the most comprehensive method of forensics


    acquisition. But due to the security features of the phones, it covers a
    small number of mobile phones. Mesbah software has taken the
    advantage of some vulnerabilities in exynos chips. In this way this
    method provides physical collection on some Samsung phones.

    Site: www.fapna-co.ir E-mail: info@fapna-co.ir 14


    Due to the security features, in most cases it is not possible to
    collect evidence from third party programs. Therefore, it is
    necessary to use other methods. By use of Auto scroll
    screen capture method, it is possible to automatically take
    a screenshot by automatic scrolling in these applications.

    Site: www.fapna-co.ir E-mail: info@fapna-co.ir 15


    Use Auto scroll method to automatically capture images
    from messenger applications.

    Site: www.fapna-co.ir E-mail: info@fapna-co.ir 16

    You might also like