BlackBerry PlayBook Backup Forensic Analysis

  • Mohamed Al Marzougy
  • Ibrahim Baggili
  • Andrew Marrington
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 114)

Abstract

Due to the numerous complicating factors in the field of small scale digital device forensics, physical acquisition of the storage of such devices is often not possible (at least not without destroying the device). As an alternative, forensic examiners often gather digital evidence from small scale digital devices through logical acquisition. This paper focuses on analyzing the backup file generated for the BlackBerry PlayBook device, using the BlackBerry Desktop Management software to perform the logical acquisition. Our work involved analyzing the generated “.bbb” file looking for traces and artifacts of user activity on the device. Our results identified key files that can assist in creating a profile of the device’s usage. Information about BlackBerry smart phone devices connected to the tablet was also recovered.

Keywords

BlackBerry Forensics PlayBook Backup 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Gartner Research. Gartner Says Worldwide Media Tablets Sales to Reach 119 Million Units in 2012 (2012), http://www.gartner.com/it/page.jsp?id=1980115 (retrieved)
  2. 2.
    BlackBerry PlayBook cleared for government use, http://www.cbc.ca/news/technology/story/2011/07/22/technology-BlackBerry-PlayBook-rim.html (retrieved)
  3. 3.
    Ali, S., AlHosani, S., AlZarooni, F., Baggili, I.: iPad2 logical acquisition: Automated or manual examination? In: Proceedings of the 2012 ADFSL Conference on Digital Forensics, Security and Law, Richmond, VA (2012)Google Scholar
  4. 4.
    Garfinkel, S.L.: Digital forensics research: The next 10 years. In: Proceedings of the 2010 Digital Forensics Workshop published in Digital Investigation, vol. 7, pp. S64-S73 (2010), doi:10.1016/j.diin.2010.05.009Google Scholar
  5. 5.
    Bader, M., Baggili, I.: iPhone 3GS Forensics: Logical analysis using Apple iTunes Backup Utility. Small Scale Digital Device Forensics Journal 4(1) (2010)Google Scholar
  6. 6.
    Gómez-Miralles, L., Arnedo-Moreno, J.: Universal, Fast Method for iPad Forensics Imaging via USB Adapter. In: Fifth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), Valencia, pp. 200–207 (2011)Google Scholar
  7. 7.
    Iqbal, B., Iqbal, A., Al Obaidli, H.: A Novel Method of iDevice (iPhone, iPad, iPod) Forensics without Jailbreaking. In: 2012 International Conference on Innovations in Information Technology (IIT), Al Ain (2012)Google Scholar
  8. 8.
    Lessard, J., Kessler, G.C.: Android Forensics: Simplifying Cell Phone Examinations. Small Scale Digital Device Forensics Journal 4(1) (2010)Google Scholar
  9. 9.
    Vidas, T., Zhang, C., Christin, N.: Toward a general collection methodology for Android devices. In: Proceedings of the 2011 Digital Forensics Workshop published in Digital Investigation, vol. 8, pp. S14-S24 (2011)Google Scholar
  10. 10.
    Valli, C., Jones, A.: A Study into the Forensic Recoverability of Data from 2nd Hand BlackBerry Devices: World-Class Security, Foiled by Humans. In: Proceedings of World Congress in Computer Science, Computer Engineering and Applied Computing, Las Vegas, pp. 604–607 (2008)Google Scholar
  11. 11.
    Hoog, A., Strzempka, K.: Independent Research and Reviews of iPhone Forensic Tools (2010), https://viaforensics.com/resources/white-papers/iphone-forensics/ (retrieved)
  12. 12.
    National Institute of Standards and Technology, Test Results for Mobile Device Acquisition Tool: Zdziarski’s Method (2010), http://www.nij.gov/pubs-sum/232383.htm
  13. 13.
    Gómez-Miralles, L., Arnedo-Moreno, J.: Versatile iPad forensic acquisition using the Apple Connection Kit. Computers & Mathematics with Applications 63(2), 544–553 (2012)CrossRefGoogle Scholar
  14. 14.
    Golubev, N.: Android Forensics Study of Password and Pattern Lock Protection (October 28, 2011), http://android-forensics.com/android-forensics-study-of-password-and-pattern-lock-protection/143 (retrieved)
  15. 15.
    Thing, V.L.L., Ng, K.-Y., Chang, E.-C.: Live memory forensics of mobile phones. In: 2010 Digital Forensics Research Workshop Published in Digital Investigation, vol. 7, pp. S74-S82 (2010)Google Scholar
  16. 16.
    Sylve, J., Case, A., Marziale, L., Richard, G.G.: Acquisition and analysis of volatile memory from Android devices. Digital Investigation 8(3-4), 175–184 (2012)CrossRefGoogle Scholar
  17. 17.
    Wade, C.: (2012), http://www.dingleberry.it/ (visited July 5, 2012)

Copyright information

© ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering 2013

Authors and Affiliations

  • Mohamed Al Marzougy
    • 1
  • Ibrahim Baggili
    • 2
  • Andrew Marrington
    • 1
  1. 1.Advanced Cyber Forensics Research Laboratory, College of Technological InnovationZayed UniversityAbu DhabiUAE
  2. 2.Tagliatela College of Engineering, Department of Electrical and Computer Engineering and Computer ScienceUniversity of New HavenUSA

Personalised recommendations