Project 4 Mobile Forensics

I. Mobile Forensics Lab

  1. Assignment Rules:
    1. Each student has to do the lab individually. No content directly quoted from Internet or other sources is allowed.
    1. Include your results in your Laboratory Report
  2. Assignment Objectives:
    1. Become familiar with AccessData Mobile Phone Examiner Plus (MPE+) by analyzing Android and iPhone images.
    1. Analyze SQLite database data from one or more files found in mobile phone images.
    1. Analyze the WiFi personal network list configuration file found in a mobile phone image.
    1. Utilize open source tools to identify the geo location of WiFi access point information found in the mobile phone image.
  3. Competencies: Mobile Forensics
  4. Lab Overview: As you perform this lab, you will reinforce the concepts learned in the steps of your ELM classroom. The purpose of this lab is to have hands-on experience analyzing a mobile phone image. During this lab you will use MPE+ to view and analyze a mobile phone image that has been provided with this project.

You will use the UMUC Virtual lab environment to access the vulnerability assessment tools you need for this lab (i.e. MPE+). These tools are already installed in the UMUC Virtual Lab VM WINFOR01.

  • Important Lab Information:
    • Appendix A contains all the detailed Lab Instructions. After reading all the information in this section, use Appendix A to perform the lab exercises.
    • Familiarize yourself with the resources provided in the Lab Resources section of this document. You will find helpful open source links that help you understand the tools you will use in this lab.
    • Connect to the lab environment following the connect instructions provided in your classroom (let your instructor know if you cannot locate the connect instructions). Contact lab support if you need general technical support related to your virtual lab environment and associated lab exercises. After you have successfully connected to the lab environment, proceed to next step in order to run the tools associated with this project.
    • Run MPE+.

Follow the instructions provided in the MPE+ section I of Appendix A . Review the open source links for MPE+ available in the Lab Resources in order to understand this tool and interpret its results.

  • Compile your findings and incorporate it in your deliverables for this project.

II. Lab Resources

Lab Credentials:

User: StudentFirst
Pass: Cyb3rl@b

Application websites

  • MPE+
    • http://accessdata.com/solutions/digital-forensics/mpe
  • Wigle.net
    • http://www.wigle.net
  • wpa_supplicant.conf
    • https://linux.die.net/man/5/wpa_supplicant.conf

Application documentation

Application videos online

APPENDIX A (Lab Instructions)

Return to Important Lab Information

  1. Mobile Phone Examiner Plus (MPE+), SQLite Data and Wigle.net,

What is MPE+? MPE+ is a stand-alone mobile device investigation solution that includes enhanced smart device acquisition and analysis capabilities.

What is SQLite? SQLite is popular database manages data for applications on Android, iOS and many other operating systems such as Linux. SQLite database files (.db) are frequently found on mobile devices images.

What is Wigle.net? wigle.net is a free web site that provides a database of known WiFi hotspots, there names (SSID), geo locations, MAC addresses, and more.

For this lab, use the MPE+ software tool installed in the WINFOR01 Windows VM. Familiarize yourself with the open source links provided in the Lab Resources in order to learn more about these tools. Wigle.net is accessed via an Internet browser on your local computer.

Overview: For this lab, you will become familiar with MPE+, SQLite database files, and WiFi personal access list data analysis. You will analyze a mobile phone image (provided to you) as well some specific files found within the mobile phone image. You will load the mobile phone image file in to MPE+ from the desktop of WINFOR01 → Lab Resources → Project 4 → Module 1

→ Module 1. Double Click Mobile Phone Examiner Plus 5.6.0 to start the MPE+ software

MPE+ iPhone Image Analysis

  1. Start the Access Data MPE+ software found on your lab machine and then open the iPhone image file.
  2. Open the iPhone image file and explore the information found within the iPhone image.
    1. Click the Import Image File link found under Quick Links
    1. The iPhone image file is found in Lab Resources -> Project 4 -> Module 1 -> Module 1 -> iPhone3g_…
  • Click on the Data Views menu and then answer the following questions for both the iPhone image:
    • How many SMS messages are there in the image?
    • How many contacts are in the image?
    • How many emails are in the image?
    • How many Notes are in the image?
    • How many Contacts are in the image?
  • Click the Data Views menu then the Files menu. Navigate the file system to iphone3g/private/var/mobile/Media/DCIM/Exif
    • View the Exif data for file 00336CE7.jpg. the Exif data will appear in a tab to the right when you click the 00336CE7.jpg file.
    • What is the GPSLatitude and GPSLogintude where the picture was taken?
  • Highlight the thumbnail image for 0036CE7.jpg, right click on the 0036cE7.jpg file, and then select Export to export the file from the iPhone image. Save the file to your default location.
  • From the Data Views menu click the Call History menu item.
    • Sort the call data by duration by double clicking the header of the duration column. Which calls had the longest duration?
  • Select the Data Views menu and then the Browser History menu item. Sort the information by the No. of Visits column by double clicking the column header. Which web site URL was visited the most number of times?

MPE + Android Image and SQLite

  1. Open the Android image file and explore the information found within the Android image.
    1. Click the Import Image File link found under Quick Links
    1. The iPhone image file is found in Lab Resources -> Project 4 -> Module 1 -> Module 1 -> userdata.dd2.yaffs2
  • Click the Data Views menu and then click the Files menu item.
  • Navigate the file system to root/data/com.android.providers.contacts/contacts.db.

Right click the contacts.db SQLite database file and select “SQLite Explorer” from the popup menu to view the database structure and data.

Within the contacts.db, review the data in the calls table. How many call rows are there?

  • Review the people table data. How many people rows are there? How does this data relate to the Contacts information founder under the Data View menu Contacts menu item?
  • Click the Data Views menu and then click the Call History menu item. Note the same two calls are displayed that were displayed in the calls table of the contact.db database.
  • Right click on the contacts.db and select “Export” from pop-up menu to export the contacts.db database file to the file system.
  • Select the Data Views menu and then the Browser History menu item. Sort the information by the No. of Visits column by double clicking the column header. Which web site URL was visited the most number of times?

Android Image – WiFi Personal Network List Analysis

  1. Select the Data Views menu and then the Files menu item. Locate the file root/data/misc/wifi/wpa_supplicant.conf. View the contents of this file.
  • What is the overall purpose of the wpa_supplicant.conf file on an Android device? Research this using the resources found in the Lab Resources section of this document.
  • What is the purpose of the ssid, key_mgmt, and psk attributes found in the wpa_supplicant.conf file? Provide a brief definition for each attribute. Research this using the resources found in the Lab Resources section of this document.
  • The wpa_supplicant.conf file data can be used by an investigator to determine geo locations the subject has visited. https://www.wigle.net can be used to lookup the geo location of known WiFi access points by SSID name.
    • Using your local computer and an Internet Browser, go to the web site https://www.wigle.net, register as a new user, and then login.
    • Click on the red “View” icon in the upper left corner as seen in the screenshot on the following page.
    • Open the wpa_supplicant.conf file that is found under the Lab Resources / Project Resources / Project 4 folder not the file found in the Android image.
    • Within wigle.net on Network Search page enter the name of the first SSID that was found in the wpa_supplicant.conf file and then click the Query button. See the example screenshot on the following page.
    • A list of known WiFi access points with a matching SSID name are listed. Click the map button next one of the items in the list to view the geo location of the SSID. Zoom the map in and out using the + and – symbols. See the example screenshot on the following page.
  • Using the wigle.net query results and map, identify the MAC address, latitude, and longitude values for each SSID found in wpa_supplicant.conf.
    • There may be more than one SSID found within wigle.net for each SSID name query, focus your search on the geography of the Mar-a- Lago resort in Miami, Dulles airport Washington DC, McCarran Airport Las Vegas, the Mandalay Bay Hotel Las Vegas, and Chapel of the Bells Las Vegas.

www.wigle.net

View / Search Page

Search Results of SSID value

Map Selection

Step by Step Instructions:

  1. On the desktop of the VM WINFOR01 → Lab Resource → Applications
    → locate and launch Mobile Phone Examination Plus 5.6.0 (MPE+)
  2. Load the image files provided to you (as explained in the Overview).
  3. Analyze the image files by using MPE+ to browse the information in the image file, SQLite Browser, and www.wigle.net.
  4. Answer all questions found in the Overview.
  5. Make note of your findings in the Laboratory Report.
Research Paper 101
Calculate your paper price
Pages (550 words)
Approximate price: -

Reasons to trust Research Paper 101

On Time Delivery

We pride ourselves in meeting the deadlines of our customers. We take your order, assign a writer but allow some more time for ourselves to edit the paper before delivering to you. You are guaranteed a flawless paper on a timely manner...

24x7 Customer Live Support

Our team at Research Paper 101 is committed to handling your paper according to the specfications and are available 24*7 for communication. Whenever you need a quick help, you can talk to our writers via the system messaging or contact support via live chat and we will deliver your message instantly.

Experienced Subject Experts

Online Experts from Research Paper 101 are qualified both academically and in their experiences. Many are Masters and Phd holders and therefore, are qualified to handle complex assignments that require critical thinking and analyses...

Customer Satisfaction

We offer dissertation papers as per students’ wishes. We also help craft out the best topics and design concept papers. By ordering with us, you are guaranteed of defending and making through those hard faced professors in the defense panel!

100% Plagiarism Free

We at Research Paper 101 take plagiarism as a serious offence. From the start, we train our writers to write all their papers from scratch. We also check if the papers have been cited appropriately. Our website also has a tool designed to check for plagiarism that has been made erroniusly. In essense, the paper you get will be 100% legit...

Affordable Prices

We understand that being a student is very challenging, some students balance between work and studies in order to survive. We therefore offer pocket friendly rates that are very competitive in the market.

Try it now!

Calculate the price of your order

Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

No need to work on your paper at night. Sleep tight, we will cover your back. We offer all kinds of writing services.

Essays

Essay Writing Service

No matter what kind of academic paper you need and how urgent you need it, you are welcome to choose your academic level and the type of your paper at an affordable price. We take care of all your paper needs and give a 24/7 customer care support system.

Admissions

Admission Essays & Business Writing Help

An admission essay is an essay or other written statement by a candidate, often a potential student enrolling in a college, university, or graduate school. You can be rest assurred that through our service we will write the best admission essay for you.

Reviews

Editing Support

Our academic writers and editors make the necessary changes to your paper so that it is polished. We also format your document by correctly quoting the sources and creating reference lists in the formats APA, Harvard, MLA, Chicago / Turabian.

Reviews

Revision Support

If you think your paper could be improved, you can request a review. In this case, your paper will be checked by the writer or assigned to an editor. You can use this option as many times as you see fit. This is free because we want you to be completely satisfied with the service offered.

error: