ICICS 2012: Information and Communications Security pp 240-251 | Cite as
Symbian Smartphone Forensics and Security: Recovery of Privacy-Protected Deleted Data
Abstract
In this paper, we discuss our proposed method to acquire privacy-protected data from Symbian smartphones running the latest OS version 9.4, S60 5th Edition, and smartphones running the prior OS version 9.3, S60 3rd Edition. We then present our reverse-engineering analysis work on the active and deleted Short Message Service (SMS) message recovery from the on-phone memory in the Symbian smartphones. We describe the encoding and format of the raw data of the SMS messages so as to achieve an automated parsing and recovery of the messages. Our experiments on various sent, received, draft and deleted messages showed that we were able to recover both the active (in its entirety) and deleted SMS messages (partially) correctly and automatically.
Keywords
Symbian forensics security memory analysis mobile phones smartphones data acquisition deleted SMS message recoveryPreview
Unable to display preview. Download preview PDF.
References
- 1.Willassen, S.: Forensics and the GSM mobile telephone system. International Journal of Digital Evidence 2(1), 1–17 (2003)Google Scholar
- 2.Casadei, F., Savoldi, A., Gubian, P.: Forensics and SIM cards: an overview. International Journal of Digital Evidence 5(1), 1–21 (2006)Google Scholar
- 3.Kim, K., Hong, D., Chung, K., Ryou, J.-C.: Data acquisition from cell phone using logical approach. In: Proceedings of World Academy of Science, Engineering and Technology, vol. 26 (December 2007)Google Scholar
- 4.Mokhonoana, P.M., Olivier, M.S.: Acquisition of a Symbian smart phone’s content with an on-phone forensic tool. Department of Computer Science. University of Pretoria (2007)Google Scholar
- 5.Distefano, A., Me, G.: An overall assessment of mobile internal acquisition tool. In: Proceedings of the 8th Digital Forensics Research Conference (DFRWS), Digital Investigation, vol. 5(1), pp. S121–S127 (September 2008)Google Scholar
- 6.Jansen, W., Delaitre, A., Moenner, L.: Overcoming impediments to cell phone forensics. In: Proceedings of the 41st Hawaii International Conference on System Sciences (2008)Google Scholar
- 7.Hoog, A.: Android forensics, Presented at Mobile Forensics World 2009 (May 2009)Google Scholar
- 8.Dekart, Sim manager (February 2012), http://www.dekart.com
- 9.Jansen, W., Ayers, R.: Forensic software tools for cell phone subscriber identity modules. In: Conference on Digital Forensics, Association of Digital Forensics, Security, and Law (ADFSL) (April 2006)Google Scholar
- 10.Bhadsavle, N., Wang, J.A.: Validating tools for cell phone forensics, Southern Polytechnic State University, Technical Report CISE-CSE-08-05 (2008)Google Scholar
- 11.Williamson, B., Apeldoorn, P., Cheam, B., McDonald, M.: Forensic analysis of the contents of Nokia mobile phones. In: Proceedings of the 4th Australian Digital Forensics Conference (December 2006)Google Scholar
- 12.Ayers, R., Jansen, W., Moenner, L., Delaitre, A.: Cell phone forensic tools: An overview and analysis update, National Institute of Standards and Technology, Technical Report 7387 (March 2007)Google Scholar
- 13.Muller, B.: From 0 to 0 day on symbian - finding low level vulnerabilities on symbian smartphones. SEC Consult Vulnerability Lab Whitepaper (June 2009)Google Scholar
- 14.Nokia, Symbian signed developer certificate, http://www.developer.nokia.com/Community/Wiki/Developer_Certificate_Symbian_Signed
- 15.HelloOX2 Team, Helloox2 (April 2012), http://helloox2.com
- 16.Nokia, Symbian timestamp storage and manipulation (April 2012), http://library.developer.nokia.com/index.jsp?topic=/S60_5th_Edition_Cpp_Developers_Library/GUID-35228542-8C95-4849-A73F-2B4F082F0C44/sdk/doc_source/reference/reference-cpp/Kernel_Architecture_2/TTimeClass.html