Home

Paraben Device Seizure Version 4.3 Evaluation Report

1. M MMM 13 Test 6 LG C729 Double Play rtr ea a ansehen 13 CONCIUSION p 15 This report is current at the time of writing Please be sure to check the vendor website for the latest version and updates Paraben Device Seizure Version 4 3 BENI Introduction he National Institute of Justice NIJ Electronic Crime Technology Center of Excellence ECTCOE has been assigned the responsibil ity of conducting electronic crime and digital evidence tool technology and training testing and evaluations in support of the NIJ Research Development Testing and Evaluation RDT amp E process The NIJ RDT amp E process helps ensure that NIJ s research portfolios are aligned to best address the technology needs of the criminal justice community The rigorous process has five phases E Phase I Determine technology needs princi pally in partnership with the Law Enforcement and Corrections Technology Advisory Council LECTAC and the appropriate Technology Work ing Group TWG NIJ identifies criminal justice practitioners functional requirements for new tools and technologies For more information on LECTAC and the TWGs visit http www justnet org B Phase Il Develop technology program plans to address those needs NIJ creates a multiyear research program to address the needs identified in Phase I One of t
2. Special Features The following information is from the Paraben s website Most commercial or free software is designed to not only view data but to upload data This is not a safe way to perform a forensic examination In fact even some software marketed as forensic soft ware warns of possible data loss Device Seizure does not allow data to be changed on the device Paraben can also add support for unsupported cell phone models from supported manufacturers with simple log files and a little time Add all this together and there s no comparison for forensic acquisition analysis and reporting of handheld device data Paraben Device Seizure Version 43 IEEE N 4 m Overview Paraben focuses on the physical level of acquisi tion offering more physical downloads of devices than any other company Logical data acquisitions can t acquire more data than the device Operating System was designed to allow The physical acqui sition plug in is unique to Paraben offering memory imaging on most of the devices supported in Device Seizure which is where most deleted data can be recovered Please Note Paraben s SIM Card Seizure and Paraben s Device Seizure are able to recover de leted SMS data associated with transmission of text data on a GSM network However some cell mobile phones store SMS on the actual device rather than the SIM cara If that is the case the recovery of this data may or may not be possible using
3. LECTC NIJ Criminal Justice Electronic Crime Technology Center of Excellence EVALUATION REPORT LECTC NIJ Criminal Justice Electronic Crime Technology Center of Excellence NIJ Electronic Crime Technology Center of Excellence 550 Marshall St Suite B Phillipsburg NJ 08865 www ECTCoE org NIJ ECTCOE TESTING AND EVALUATION PROJECT STAFF Robert J O Leary CFCE DFCP Michael Terminelli ACE Victor Fay Wolfe Ph D Russell Yawn CFCE Randy Becker CFCE Kristen McCooey CCE ACE Chester Hosmer Jacob Fonseca Laurie Ann O Leary Mark Davis Ph D Contents iii Table of Contents lungs ii nina 1 E A o oe AQ A 3 Product A ES 3 Product Description anna naeh kenne 3 Special 21 7119 2 citan H pi ad 3 Target CUSTOMENS io di 4 Law Enforcement Applicatioris 2 enira ernannt nn Faure aye eph pa aan en sdeetuucatenssuadsayscetieaseseassced 4 Test Bed Config rati n 2242 2 2222322 22020222 5 Evaluation and Testing of Paraben Device Seizure unnunsnnnnennnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnneennnnnnnn 7 Testi Ssamsung SPH M30D teca 2 a A eu 10 MOSt MESI ME EET 10 Test 3 Nokia 60BbL iis sese pasate th ene Coe eaae DR RARE S EPA CSRRRN R eda En aan noria RENI RR Dafa aii 11 Test reb 12 Test 5 Apple iPhone 48
4. 117 Attachments 24 Search Results EE e T A 4 schedule dat VXS100 File EE dat E outbox0383 dat Fi ou 43 Calendar File Lo NXG100CalendonCalendr Fle 3 Calendar UG VXS100 CalendariCalendar When a search result hit is selected the file is dis played in the right pane of the interface Depending on what type of hit is selected the display will show the Reports can be generated in CSV HTML PDF text or hexadecimal location of the data the data as it has XLS formats been interpreted from the hex or it will display the hex Paraben s Device Seizure Report Wizard paq a Report Scheme Selection Select the report scheme that should be used to generate the report and text representation simultaneously All of these examples can be seen in the next screenshots ETE Ty em Description E New Open lol Save Bo Data Acquisiti a E e en en NUS gt Ex Html ea s Investigative Report OS can en n pe Simple Report rpm s MI s TreeView Report BEI i N E amp PDF 5 163 Phonebook 69 s cie Nissen Investigative Report 3 E Text i Simple text report scheme B XLS Excel Spreadsheet Report HE rear een ERHEUER ee aee HORE EN MINA LA soeces essa The report can include the entire case or only items Gem ER selected by the user and the user can enter his or her Event Description Date Start Date Ena Alarm Type R
5. LG VXS100 Calendari Calendar File Paraben Device Seizure Version 43 EEE 10 Evaluation and Testing of Paraben Device Seizure Test 1 Samsung SPH M300 This test was performed to determine how well Device Seizure acquires data from a Samsung SPH M300 Prior to starting the test the phone s battery was fully charged and the phone was powered on The following steps were performed to extract logical data 1 Connected the phone to the PC using the USB cable and waited for the driver to install 2 Launched the Paraben Device Seizure Application 3 Selected Data Acquisition 4 Clicked Next to start the Acquisition Wizard 5 Selected Samsung CDMA logical and clicked Next 6 Selected Samsung Mobile Modem 2 as the connection type and clicked Next 7 Checked off all options including Calendar Call History File System Notes Phonebook SMS History and ToDo History from the Data Type menu and clicked Next 8 When the acquisition finished the Sorter was filled Results In the acquisition Results window all of the data types were extracted successfully except for Notes and Call History which are unsupported according to Device Seizure Device Seizure found one sent SMS 35 phonebook contacts zero ToDo tasks zero calendar events and zero calls in the call history The results matched the data found when manually examining the phone ex cept for the phonebook and call history On the
6. 3 received SMS messages 61 sent SMS messages 16 quick notes 10 incoming calls and 10 outgoing calls It also found security in formation such as IMEI firmware version security lock code etc The results could not be verified because the phone menus could not be accessed without a SIM card Possible explanations for why the logical extraction did not find any SMS history or call history is either because Device Seizure could not extract the data without a SIM card in the phone or the history EN NLECTC Criminal Justice Electronic Crime Technology Center of Excellence was deleted from the phone This issue could likely be solved by cloning a SIM card Test 5 Apple iPhone 4S This test was performed to determine how well Device Seizure acquires data from an Apple iPhone 4S Prior to starting the test the phone s battery was fully charged and the phone was powered on The following steps were performed to extract logical data 1 Connected the phone to the PC using the USB cable and waited for the driver to install 2 Launched the Paraben Device Seizure Application 3 Selected Data Acquisition 4 Clicked Next to start the Acquisition Wizard 5 Selected iPhone iPad iTouch Advanced Logical for device type and clicked Next 6 Selected Apple iPhone Device as the model and clicked Next 7 Selected Apple iPhone Device in the connection selection and clicked Next 8 Checked off Backup Data from the Data Type men
7. Device Seizure depending on the specific device model As with any deleted data recovery depends on whether or not the information has been over written with new information Because of these factors Paraben cannot guarantee the recovery of deleted data Target Customers The target customers for Paraben s Device Seizure are state and local law enforcement organizations that maintain a separate unit for forensic examinations of digital media Device Seizure is a forensic grade acqui sition tool that is capable of creating reports that can be customized with an organization s and investiga tor s information and notes These reports are created and presented in an easy to read format Law Enforcement Applications Device Seizure is designed to assist state and local law enforcement with the acquisition of and reporting on both logical and physical examinations of mobile devices such as cellphones PDAs and GPS devices EN NLECTC Criminal Justice Electronic Crime Technology Center of Excellence Test Bed Configuration rior to downloading the software program the The phones that were selected for testing represent online user manual was reviewed The manual the different types of widely used phone technologies is informative and contains screenshots of the CDMA and GSM installation configuration and use of the program It To install Device Seizure on the test machine the fol is important to be sure to install the
8. Nokia Symbian OS 9 x logical Nokia TDMA logical O Palm OS Based Devices physical Psion 16 32 bit Devices logical RIM BlackBerry Samsung CDMA logical Phone Devices Only logical Samsung GSM logical Pod physical Samsung GSM physical Be ee 5 Device Seizure displays a list of the available device features that it supports for acquisition The user may select one or all of the available options Paraben Device Seizure Version 43 EEE E 8 Evaluation and Testing of Paraben Device Seizure Fie tdt View Care Took CSistck Hep 2 New Open ll Save B gt Date Acquisition E Continue Acquistion Seach ho Adi Bookmark 4 GenerateRenort di FII Sorter 4 Advanced Soner Data Type Selection Select the data types to be acquired from the device E S LI Losa E Ds ss DES Fie System 1191370 List of data types Y Calendar Y Call Logs Y File System Y Memo v v ss Phonebook SMS History Found Seach Expession Full Path VA AAA Sehnen Select All Unselect All tents of files Device Seizure also includes an advanced sorter which places the extracted files into categories based on file type e g graphics multimedia text etc The next screenshot shows the advanced sorter tab 6 Device Seizure will begin the acquisition process selected i
9. actual program and the driver pack which will allow the workstation to connect to the device being acquired A detailed explanation of each type of report that can be gener ated is provided in the online user manual The test machine is a Dell Optiplex 760 with a clean Windows 7 x64 installation 4GB of RAM and a 2 66 GHz Intel Core 2 Duo processor Installed on the test machine were both the Device Seizure application and the Device Seizure driver pack lowing steps were performed 2 Executed the installer for the Device Seizure 3 Executed the installer for the Device Driver Pack to Test Bed Configuration 5 1 Downloaded the Device Seizure software and the Device Driver Pack from Paraben s website software which includes the hardware licensing dongle driver install components that will allow the computer to connect to a wide variety of devices Paraben Device Seizure Version 43 EEE Evaluation and Testing of Paraben Device Seizure 7 um Evaluation and Testing of Paraben Device Seizure he Device Seizure interface allows the user to 3 The next dialog provides instructions specific to perform extractions and analysis of mobile de the device to the user For example how to set the vices To start using the software these general device into a special data mode to allow for acqui steps must be followed to acquire data from a device sition and any special connection instructions 1 Launching the applicat
10. e is an advanced forensic acquisition and analysis tool for examining cellphones PDAs and GPS devices Device Seizure now includes software and hardware so you have everything you need to get started in mobile forensics Don t settle for half the data Most commercial cellphone forensic software only gets logical data files That s like doing an investigation on half a crime scene If a tool doesn t have advanced analysis features it s probably because they don t get enough data to analyze Deleted data and user data such as text messages and images can often be found in a physical data dump of a phone Device Seizure was designed from the ground up as a forensic grade tool that has been upheld in countless court cases Overview 3 Product Description The following information is from the Device Seizure user guide Paraben s Device Seizure is designed to allow investigators to acquire the data contained on cellphones smartphones GPS Hybrids MP3 and PDA devices without affecting data integrity With cellphones it is designed to retrieve data such as phone numbers dates times pictures call history and full data dumps similar to flasher dumps It also provides ways to search and add bookmarks to important data For Hybrids and PDA devices the software is designed to acquire search and report on all data associated with most versions of the Palm OS Windows CE Pocket PC Symbian iPhone and RIM BlackBerry devices
11. epeat Before Hours Before Minutes Ringtone Vibrate Exce 2 ter WaQ011 4 8 2016 15minutes Type Ne o 15 7 Off 1 el VE Wm Ue RRT case data to be included with the generated report 0 esed 42016 15minutes Type None o 15 7 or nom 13000 em Interval o 278 Student Council Party 1111011 an 5 26 2015 15minutes Type None 0 15 7 Of 11 15 00 AM 12 00 00 PM Interval 1 416 Mr Deridder s b day 5 30 2010 5 30 2015 15minutes Type Yearly 0 15 7 Of P 9 5 A a 80000AM 3 00 00 PM Repeat Each 30 Paraben s Device Seizure Case Information Wizard n E p e 554 Easter AMQDD 42018 15minutes Type Yearly o 15 7 of aun 12 00 00 AM 11 00 00 PM Repeat Each 4 120 3 5 one AM Information about the case pee cet Er ro doi a E ace Filling information about the case 830 April Fools day 4 1 2010 4 1 2015 15minutes Type Yearly 0 15 7 Of o 300 00PM 4 00 00 PM Repeat Each 1 Apr Interval 4 968 last day of school 5 28 2010 5 28 2015 15 minutes Eze we 15 gt o EC ES T pr EEE a m1 goback 2 michigan 78200 19205 15minutes Type None 7 Property Evidence v TESODOAM 123000 PM Number 1382 camping with savannah 5 28 2010 EC 15 minutes EN None 0 15 7 Of 5 Booom 3000 Interval Y o Company Agency a oo E z z Device Information Notes Found Search Expression Full Path 2202101728AM 4 dakota 43 schedule dat LG VXS10Q File Systemischischedule dat E outbox0383 dat LG VXS100File Systemismsloutboxioutbox0383 dat 43 Calendar File
12. gs or Memo checked off in the Data Types menu EN NLECTC Criminal Justice Electronic Crime Technology Center of Excellence Device Seizure found 10 received SMS three sent SMS two calendar files with no data and 19 phone book contacts The results matched the data found when manually examining the phone except for the calendar which has two scheduled events The file system was successfully extracted Call logs and memos failed to extract Test 3 Nokia 6085h This test was performed to determine how well Device Seizure acquires data from a Nokia 6085h Prior to starting the test the phone s battery was fully charged and the phone was powered on The following steps were performed to extract logical data 1 Connected the phone to the PC using the USB cable and waited for the driver to install 2 Launched the Paraben Device Seizure Application 3 Selected Data Acquisition 4 Clicked Next to start the Acquisition Wizard 5 Selected Nokia GSM logical and clicked Next 6 The phone was put into PC Sync mode as instructed by Device Seizure 7 Selected USB DKU 2 CA 53 DKE 2 as the connection type and clicked Next 8 Checked off all options including Calendar Call Logs Chat Settings File System FM Station GPRS Access Points Logos MMS Settings Notes Phonebook Profiles SMS History SyncML Settings ToDo List and WAP from the Data Types menu and clicked Next 9 When the acquisition finished the Sor
13. guides and standards and provides technology assistance to second adopters The High Priority Criminal Justice Technology Needs are organized into five functional areas B Protecting the Public W Ensuring Officer Safety BW Confirming the Guilty and Protecting the Innocent BW Improving the Efficiency of Justice BW Enabling Informed Decision Making The NIJ ECTCOE tool technology and training evalu ation and testing reports support the NIJ RDT amp E pro cess which addresses high priority needs for criminal justice technology National Institute of Justice High Priority Criminal Justice Technology Needs March 2009 NCJ 225375 Paraben Device Seizure Version 4 3 EEE Overview ith the world becoming more mobile every day law enforcement encounters more cell phones and mobile devices in their inves tigations Many tools exist on the market to process these mobile devices but every tool does not support every device Paraben states that their product Device Seizure can acquire and analyze data from over 4 000 mo bile phones PDAs and GPS devices Device Seizure is a software platform that installs onto a computer workstation and includes a driver pack designed to maintain forensic integrity of device acquisitions Device Seizure also includes a toolbox of cables and hardware for connecting devices to the workstation Product Information The following information is from Paraben s website Device Seizur
14. he first steps is to determine whether products that meet those needs currently exist or whether they must be developed If a solu tion is already available Phases II and Ill are not necessary and NIJ moves directly to demonstra tion testing and evaluation in Phase IV If solutions do not currently exist they are solicited through annual competitively awarded science and technol ogy solicitations and TWG members help review the applications E Phase Ill Develop solutions Appropriate solici tations are developed and grantees are selected through an open competitive peer reviewed Introduction 1 process After grants are awarded the grantee and the NIJ program manager then work collaboratively to develop the solutions B Phase IV Demonstrate test evaluate and adopt potential solutions into practice A potential solu tion is tested to determine how well it addresses the intended functional requirement NIJ then works with first adopting agencies to facilitate the intro duction of the solution into practice After adoption the solution s impact on practice is evaluated Dur ing the testing and evaluation process performance standards and guides are developed as appropri ate to ensure safety and effectiveness not all new solutions will require the publication of new stan dards or guides E Phase V Build capacity and conduct outreach to ensure that the new tool or technology benefits practitioners NIJ publishes
15. ion displays a dialog al Paraben s Device Seizure jis lowing the user to begin an acquisition open an EERENS E cy Additional device specific information that could help you to acquire data p E existing case or create a new case from the device successfully p After connecting the device to the PC define its connection mode as Sync Data or Modem Mode This option can usually be found in the phone menu under Settings If it is not available continue with the normal steps in the acquisition wizard Paraben s Device Seizure Welcome Welcome to Paraben s Device Seizure Comprehensive Mobile Forensic Solutions 4 Device Seizure will scan the computer for available ports and display a list for the user to select the correct device 2 After selecting Data Acquisition a dialog wizard is Paraben s Device Seizure Acqui launched that walks the user through the process Connection Selection E a Please select the appropriate connection type er of acquiring a device The first dialog allows the user to select the model and type of device GrP Communications Port COM1 Intel R Active Management Technology SOL COM22 LGECDMA USB Modem 2 RIM Virtual Serial Port v2 COM3 RIM Virtual Serial Port v2 COM4 Standard Modem Paraben s Device Seizure Acquisi Device Type Selection 1 Please select the type of device that you are going to acquire en
16. izure found and parsed 26 e mail contacts but not list and phonebook entries Also parsed were 79 call history entries 17 system settings 65 audio files seven images zero videos and 134 URLs in browser history SMS message history failed to be extracted from the device on two different attempts No calendar events were found although the device did have some events stored Paraben Device Seizure Version 4 3 TEE Conclusion araben s Device Seizure does a good job of reporting extracted information to the user in a readable fashion It should be noted that deleted information will likely not be recovered with a logical extraction Physical extractions if supported for a particular phone may recover deleted data The list of manufacturer and phone types given in the Data Acquisition wizard does nat clearly identify which phone models are actually supported For example Conclusion 15 Device Seizure claims to support Motorola GSM phones for logical and physical extraction but it is not clear which Motorola models are supported for either or both extraction types It is also not clear which fea tures of the phone can be extracted until the extrac tion is actually attempted and completed Also during testing some phones could not recover data due to the lack of a SIM card It is likely that this shortcoming could be overcome by creating a cloned SIM card for examination Paraben Device Seizure Version 43 EEE
17. ked Next 8 Selected Motorola USB Modem as the connection type and clicked Next 9 Checked off all options including Call Logs Events File System Phonebook and SMS History from the Data Type menu and clicked Next 10 When the acquisition finished the Sorter was filled Results In the acquisition Results window all of the data types were extracted successfully Device Seizure found zero SMS history zero phone book contacts zero calls in the call log and zero events in the datebook The results could not be veri fied because the phone menus could not be accessed without a SIM card This could likely be solved by cloning a SIM card The file system was successfully extracted Physical Extraction The following steps were performed to extract physical data 1 Connected the phone to the PC using the USB cable driver was already installed 2 Launched the Paraben Device Seizure Application 3 Selected Data Acquisition 4 Clicked Next to start the Acquisition Wizard 5 Selected Motorola physical and clicked Next 6 Selected Motorola USB Modem as the connection type and clicked Next 7 Checked off all options including Call History Security Information and SMS and Quick Notes Dump from the Data Type menu and clicked Next 8 When the acquisition finished the Sorter was filled Results In the acquisition Results window all of the data types were extracted successfully Device Seizure found 4
18. n the lower left pane The graphics category and will display a dialog with the results being has been selected in the left pane and the results are either successful or failing upon completion displayed in the right pane File Edt View Care Tools CHR Help E New Open ll Seve Doto Acquistion D Continue Acquisition Seach lly Add Bookmark Generate Report 8 Fi Soter Advenced Sorter Options wu w ME een OXOOIGB ipg D pd opr 5000955 60 05150003569 0515001000 69 518001120152 0515001 120nipa SIS AD ps 05180011908 icc 051600112268 Parade Device Sur Aegon wear ME Acquisition Results Statuses of the acquisition process for each data type Zum Po Pmelorl A Cancel The search feature includes support to search through Once these steps are completed the user can browse the acquired files The search can be for file names through the collected data There are two views within and extensions or for text or hex values the user interface The first is the case view In this ot El view all of the collected data is displayed in a tree in gt gt les the left pane of the main display The next two screen Sica shots show this view while selecting incoming calls ende Mach Cee Pause Parameters for search in binary files and phonebook in the left pane a er z IL Locale en English X Gear IT Search hex _ N El Neu E Open A Save e Data Acquistion B Continue Acquisi
19. phone there are actually 95 contacts and there were several outgoing incoming and missed calls in the call history The file system was successfully extracted Test 2 LG Rumor This test was performed to determine how well Device Seizure acquires data from an LG Rumor Prior to starting the test the phone s battery was fully charged and the phone was powered on The following steps were performed to extract logical data 1 Connected the phone to the PC using the USB cable and waited for the driver to install 2 Launched the Paraben Device Seizure Application 3 Selected Data Acquisition 4 Clicked Next to start the Acquisition Wizard 5 Selected LG CDMA logical and clicked Next 6 All of the connection types available were attem pted but none could make a connection to the phone 7 The phone was put into modem mode as instruct ed by Device Seizure 8 Selected LGE CDMA USB Modem 4 as the connection type and clicked Next 9 Checked off all options including Calendar Call Logs File System Memo Phonebook and SMS History from the Data Types menu and clicked Next 10 When the acquisition finished the Sorter was filled Results In the acquisition Results window all of the data types were extracted successfully except for Memo and Call Logs because of a read error Device Seizure suggests reacquiring the device The acquisition was reattempted several times without success with only Call Lo
20. rter was filled Results In the acquisition Results window all of the data types were extracted successfully Device Seizure found zero calendar events 20 incom ing calls 20 missed calls 20 outgoing calls and zero SMS history The results match the data found when Paraben Device Seizure Version 4 3 TEE 12 Evaluation and Testing of Paraben Device Seizure manually examining the phone except for the SMS history and call history On the phone there are actu ally several sent and received SMS messages and zero calls in the call history This suggests that Device Seizure has recovered the deleted call history The PM memory was successfully extracted Test 4 Motorola V3 This test was performed to determine how well Device Seizure acquires data from a Motorola V3 Prior to starting the test the phone s battery was fully charged and the phone was powered on The following steps were performed to extract logical data 1 Connected the phone to the PC using the USB cable and waited for the driver to install 2 The driver did not install properly so the Motorola USB driver for Windows version 5 2 0 was down loaded from Motorola s website and installed 3 The phone was reconnected to the computer and the driver installed correctly 4 Launched the Paraben Device Seizure Application 5 Selected Data Acquisition 6 Clicked Next to start the Acquisition Wizard 7 Selected Motorola logical and clic
21. ter was filled Results In the acquisition Results window all of the data types were extracted successfully Evaluation and Testing of Paraben Device Seizure 11 Device Seizure found 86 phonebook contacts zero calls in the call history zero calendar events one item in the ToDo list zero SMS history zero profiles zero WAP five GPRS access points eight logos zero chat settings zero FM stations zero MMS settings zero notes and zero SyncML settings The results match the data found when manually examining the phone except for the SMS history On the phone there are actually several sent and received SMS messages The phonebook could not be verified because it could not be accessed without a SIM card in the phone This could likely be remedied by cloning a SIM card The file system was successfully extracted Physical Extraction The following steps were performed to extract physical data 1 Connected the phone to the PC using the USB cable driver was already installed 2 Launched the Paraben Device Seizure Application 3 Selected Data Acquisition 4 Clicked Next to start the Acquisition Wizard 5 Selected Nokia GSM physical and clicked Next 6 Selected USB DKU 2 CA 53 DKE 2 as the connection type and clicked Next 7 Checked off all options including Calendar Call Logs Permanent Memory Phonebook and SMS History from the Data Types menu and clicked Next 8 When the acquisition finished the So
22. tion ho Art Bookmark Generate Report di FH Somer E Advanced Sonar i Y Save history ne SIC A Pone Number Name Tere Number in Phonebcor Dura All files 308 isoevopros z EDE smsa 5 Dita Fe yet 1027 RER 3 3 File mask E E Memo 2L LA S Ea Cat Lage 241 te S Lii har Cols ES 1 3 reoing Cats Fio 11 C Outooing Call En arvana vanas e mais Aeneis f Sec Rank EN NLECTO Criminal Justice Electronic Crime Technology Center of Excellence Evaluation and Testing of Paraben Device Seizure 9 E The search results are displayed in the bottom pane of 5 CFT x Lala the main interface The results are displayed in a tree format that shows the number of hits for each search A LZC9LZC9hey i just landed in north dakota off the plane S PEACE S 5172945950Bret5 178965446 A search result can be expanded to list all of the files 1To8en2cso A INE SugN I eEfNa d j L G f IE hE fti 5H XO H where the search hit was located i S Tert if Hex x Search Time Found Search Expression Full Path E 212012 10 1728 AM 4 dakota HB schedule dat LG VXSTOOFile Systemischischedule dat outbox0383 dat LG VXSTOOFile Systemismsloutbaxloutbox0383 dat A Calendar File LG VXS100 CalendariCalendar File 7 Calendar LG VXS100 CalendariCalendar VETTER Search Time Found Search Expression Full Path Be Bookmarks
23. u and clicked Next 9 When the acquisition finished the Sorter was filled Results Device Seizure found and parsed phone information 5 704 messages 75 calendar events 107 address book entries one note 100 call history entries 1 418 graphics 39 multimedia files and several other small file system artifacts Some of these artifacts include web cookies deleted messages and a dynamic library of typed words Evaluation and Testing of Paraben Device Seizure 13 Test 6 LG C729 Double Play This test was performed to determine how well Device Seizure acquires data from an LG C729 The device is running the Android Operating System version 2 3 4 Prior to starting the test the phone s battery was fully charged and the phone was powered on The following steps were performed to extract logical data 1 Connected the phone to the PC using the USB cable and waited for the driver to install 2 Launched the Paraben Device Seizure Application 3 Selected Data Acquisition 4 Clicked Next to start the Acquisition Wizard 5 Selected Android Logical for device type and clicked Next 6 Selected LG C729 80A012827000849887 in the connection selection and clicked Next 7 Checked off Browser History Calendar Call Logs Contacts File System Media Store MMS History Settings and SMS History from the Data Type menu and clicked Next 8 When the acquisition finished the Sorter was filled Results Device Se

Paraben Device Seizure Version 4.3 Evaluation Report

Contents

Download Pdf Manuals

Related Search

Related Contents