Beauty of Open Source in Cyber Forensics

Kunal K. KananiM.Tech CSE – 3rd Sem01FM15ECS016

Professor :Dr. Sanchika Gupta

Department of Computer Science and Engineering

Linux ‘dd’ Command• Data Dump command also referred as Data Destroyer. • dd is free.• It provides the capability to move data from one device to another.• It works with hard disks, floppy disks, CD and tapes of any format.• dd already installed in all linux distributions.

Note: Don’t’ play around with ‘dd’ when you have important data in your drives.-Kunal

• dcfldd (Defence Computer Forensics Labs)– sudo apt-get install dcfldd– fork of dd

• dc3dd (Defense Cyber Crime Center)– sudo apt-get install dc3ss– uses dd, adds capabilities

• Required Options– if=“device/image”• Example: if=/dev/sda

– of=“device/image”• Example: of=/home/user/copy.img

Data Carving

• foremost is a forensics application to recover files based on their headers, footers, and internal data structures.

• Foremost can work on image files, such as dd, iso, dmg, etc.

• foremost– sudo apt-get install foremost– Example : foremost –t jpeg –i /dev/sda1

Mobile Forensic Data Acquisition in Firefox OS

• Mozilla released Linux bases OS called firefox OS.

• It does not support existing mobile forensic tools.

• Internal data was acquisition was lacking.

• Generally three methods to acquire data– Physical • Directly deals with physical storage medium.• Efficient to retrieve deleted files.

– Logical• To get bitwise copy of logical storage.• Efficient to get user data.

– Manual• Deals with direct interaction with mobile device.

• Firefox OS Layer Architecture– 1st layer -> application layer (UI)– 2nd layer -> web interface supports HTML5, JS and

CSS– 3rd layer -> kernel

Anroid Debug Bridge is used to connect mobile with host system.Than phone image is created using UNIX dd command as firefox os is build using linux kernel.

Thank You!