State of art of mobile forensics

MOBILEVOl.2NO.4

Issue 03/2013 (8) April

ANDROIDFORENSICS

STEP BY STEP ANALYSIS OF FACEBOOKAND TWITTER DATA ON ANDROID DEVICES

EMULATION DETECTION TECHNIQUES FOR ANDROID

ANDROID FORENSICS A CASE STUDYOF THE NAXUS S VIRTUAL DEVICE

APPROACH TO EXTRACTING DATA USING HARDWAREAND SOFTWARE MECHANISMS

POTENTIAL IDENTITY THEFT OVER APPLE’S IOS DEVICES

CELLEBRITE A “STANDARD” IN MOBILE FORENSICS

HOW TO ADDRESS END USER RISK AGREEMENT FOR BYOD

22

STATE_OF_ART OF MOBIlE FORENSICSCOMPARATIVE RESEARCH OF TECHNIqUES ON

BlACKBERRY OS (INCl. PlAYBOOK) AND ANDROID OS

by Yury Chemerkin

At present, the BlackBerry holds the palm of insufficient security examination despite of existing approaches more than Android (because Android was not developed to be secured) but all security techniques implemented in these mobile devices are indecisive argument on security. It means its argument to the forensics. All security agencies are facing with dealing with mobiles forensics repeatedly.

Forensics tools may give incred-ible opportunity to gain all kind of data but there are too many

slight objections. Until companies go in only one of ways – classic foren-sics or live monitoring (DLP or else) – it fails, because of limited cases and therefore forensics field need more ef-fective synthesis of mechanism.

INTRODUCTIONMobile device forensics is relating to recovery of digital evidence or data from a mobile device. The memory type, custom interface and propri-etary nature of mobile devices re-quire a different forensic process compared to other forensics. Mo-bile extraction techniques tend to be unique less especially throughout logical acquisition. This level man-ages with known data types for any user and this data set rarely differs

among of iOS, Android or BlackBer-ry. Data set often contains the follow-ing items such as messages (SMS/MMS/Email/IM), social network da-ta, contacts, calendar, phone logs, wallet and other financial application data, media data (Audio/Photos/Vid-eos) and other data even file struc-ture, browser data (web history as a timeline and bookmarks), and shared folders.

Nowadays mobile devices provide amount of features to integrate all possible communications following aggregation with data on BlackBerry as well as Android. The native and third party applications often con-nect to the email, maps IM messen-ger and social statutes. They keep users connected and do far more. The BlackBerry apps environment is known is wide-bind and amazing than Android. On another hand, An-

What you will learn:• What’s the difference between simi-

lar mobile OS based on different kernels (BB OS, Playbook OS)

• How’s differ the Android forensics from BlackBerry

What you should know:• Basic knowledge on forensics

Android & BlackBerry• Basic knowledge on classic fo-

rensics techniques and live foren-sics (live monitoring) techniques

www.eForensicsMag.com 23

STATE_OF_ART OF MOBIlE FORENSICS

droid has enough not only third-party applications that is very different but also hundreds variations depend on manufacturer. As opposed to the Black-Berry PlayBook is on QNX OS offers implemented modern technologies take away from real develop-ment. All above brings in the zoo-world of mobile phones and highlights issues of misusing securi-ty techniques in development area. New special skills that forensics experts required rarely based on experience only.

Each year the classic forensics techniques face on a huge problem while live forensics (or live monitoring) gives new opportunities to manipu-late with data. Sometimes, company IT Policy or OS vision may be helpful to be sure that no trig-gers will break investigation. Physical approach is trust but nonoperability, while logical is more dangerous because of synchronization process via network, cellular, and OTA. There are too ma-ny cases when it cannot afford not to use pre-vent methods or tools to simplify the classic fo-rensics. This paper describes technical problems encountered by forensics as well as different live solutions maybe useful and those became “right” way with vendors’ development.

APPROACHThere are several techniques are pertaining to mo-bile forensic:

• Physical acquisition technique is a bit-by-bit copy of an entire physical stories, doing a full physical copy (i.e., all the bits in memory, not just the files) of the entire memory store on the device.

• Logical acquisition technique is a bit-by-bit co-py of logical storage objects (e.g., directories and files).

• Using commercially available forensic software tools (as extend previous) which, as time pass-es, are becoming increasingly more capable and sophisticated.

• Backup – this technique is relatively easy, and it allows a significant amount of user-created data (photographs, songs, and emails, texts) to be preserved.

• Manual acquisition technique is user interface utilizing to get pictures of data from the screen, simply manipulating the phone (by navigating through the email, photographs, or contacts list, for example) while videotaping and/or pho-tographing the results.

As the manual acquisition has no difference among mobile devices, so it would be missed as well as physical acquisition aimed to gain deleted data without relying on the file system itself. Logi-cal techniques highlights easy and fast data ex-tracting, "simple" data type (format) or SQL-based type (format).

POTENTIAl DATA AS EVIDENCEPotential attack vector can be various, however, the most popular of them are:

Table 1. Extractable data

TypeOSBlackBerry Smarpthone

BlackBerry Playbook

Address Book + -

Calendar Events + -

Call History + -

Browser history and bookmarks

+ +

Process Management + -

Memos and Tasks + -

Screen-shots + +

Camera-shots + +

Videocamera-shots + +

Clipboard + +

Location tracking (cell, wifi, gps, bluetooth)

+ +

SMS/MMS/Emails/IM + -

Saved Messages + -

Pictures, Videos, Voice notes, and other files

+ +

File and Folder structure + +

IMs + -

Passwords + +

Clipboard + +

NETWORK ISOlANTIONOne of the main ongoing considerations for ana-lysts is preventing the device from any network changes that is achievable for PlayBook some-times, which has not cellular connection, but only a network connection (Wi-Fi, 4G). As men-tioned early it might bring in new data. Howev-er, any interaction with the devices like plugging and unplugging the device will modify them. The first idea is dismounting encryption or prevent-ing of blocking to examine the device while it is running. PlayBook as another else device is difficult to analyze forensically without negative affecting because of storage cannot be easily removed, storage is only internal and there no external storage like SD-card as it is for Black-Berry smartphone.

The worst case in forensics is remote wiping ini-tiated or data added/overwritten outside control from any triggers often SMS or incoming call is im-possible through BlackBerry Bridge even: SMS for

24

BlackBerry Bridge simply didn’t developed and in-coming call notification cannot be caught as well as all Bridge’s events throughout API. Neverthe-less, forensics experts still have to prevent a con-nection.

A powerful way “airplane mode” (or the same named in different way) helps. Android problem to stop network communications is awful GUI and fo-rensics officer should press and hold the Power off button and select Airplane mode at first (if this hot-key will work) or then press Menu (from the home screen), Settings, finally, the Wireless option which is generally near the top. It’s only to disable cel-lular network while to block wireless connection like Bluetooth or Wi-Fi he have to walk out home screen to the settings that have upset because time is counting and no one can be sure if setting GUI is the same among devices. BlackBerry al-lows do it very quickly by clicking on tray on home screen.

PUSH-TECHNOlOGYBlackBerry (smartphone) was primary engineered for email and come with a built-in mobile phone providing access to the email from anywhere. It is always on and participating in wireless push tech-nology and does not require any kind of desktop synchronization like the others.

BlackBerry PlayBook is an add-on for BlackBer-ry smartphone only, because BlackBerry Bridge accesses mail, calendaring and contacts direct-ly from a tethered BlackBerry phone. PlayBook does not have neither push technology for email/calendar/else (only IMAP4 and POP3 except MS Exchange link) nor BIS except BlackBerry Mo-bile Fusion that managed non-blackberry smart-phone devices and BES existed in company. In addition, email and social accounts may broke and ask user reenter his password that may help to discard pushing data. It means the PlayBook is not all always on there is rarely types of infor-mation can be pushed to it following overwriting or deletion.

Similar to the PlayBook, Android gives a time to change network state. For example, only main email box folders maybe changed via IMAP or Ex-change because PlayBook or Android need a time or manually “update”-button pressing to retrieve new data from Internet. As opposed to smart-phone, PlayBook and Android was made filled by stand-alone applications that might use inter-net connect in standby mode or when applica-tions swiped down; by default, PlayBook has op-tion to restrict activity in this state. The PlayBook address-book application has Facebook, Twitter and LinkedIn connections, but synchronizing has never happened before user runs application and waits until it is done. Sometimes it takes one min-ute even or more.

PASSWORD PROTECTIONBlackBerry devices come with password protec-tion and attempt limit (by defaults – five out ten, min – three out ten; PlayBook may differ from five to ten where “ten” is often for PlayBook device and “five” is for BlackBerry Desktop Software and plugged PlayBook). If it is exceed, device will wipe then (factory resetting). All data stored on external memory will keep because that’s not part of the factory configuration if talking about smartphone not PlayBook, which has not exter-nal storage.

The ability to circumvent the pass code on an An-droid device is becoming more important as they are utilized frequently and do not allow data ex-traction in most cases as well as for BlackBerry. There are three types of pass codes on Android.

• pattern lock as default on the initial Android devices when users are accessing the device should draw a pattern on the locked phone.

• pass code is the simple personal identification number (PIN) which is commonly found on oth-er mobile devices.

• full alphanumeric code that’s more secure than PIN.

If the device screen is active, it should be checked to change existing short period (from less than a minute up to about 1 hour).

PASSWORD EXTRACTION AND BYSPASSINGBlACKBERRYAccessing encrypted information stored in pass-word-protected backups it possible via Elcomsoft products that offer to restore the original pass-word of backup and device. The toolkit allows eli-gible customers acquiring bit-to-bit images of de-vices’ file systems, extracting phone secrets (pass codes, passwords, and encryption keys) and de-crypting the file system dump. It also reads Black-Berry Wallet data and Password Keeper data. The recovery of BlackBerry password is possible only if the user-selectable Device Password security op-tion is enabled to encrypt media card data.

ANDROIDAs Android devices used the pattern lock for pass code protection instead of a numeric or alphanu-meric code, there’s an interesting option that a clean touch screen is primarily, but touch screen marked with fingerprint and fingerprint’s direct-ed a good solution to bypass pattern lock. There-fore, it is possible to determine the pattern lock of a device by enhancing photographs of the device’s screen [6].

Android has so-called Password and Pattern Lock Protection. Password Lock can contain char-acters, numbers, and special marks while the first



of them looks like a number set of gestures that must be performed to unlock device where is al-lowed to choose at least four of nine points in ten-digit set. Directions between them will be stored in file “/data/system/gesture.key” on internal storage as hashed sequence of byte via SHA-1. Password Lock’s file is stored in file “/data/system/pc.key” on internal storage as hashed sequence of byte via SHA-1 too. It works only if the device is already rooted and has USB Debugging mode ON.

lIVE TECHNIqUES (OR SPYWARE)Security researcher Thomas Cannon [6] devel-

oped a technique that allows a screen lock bypass by installing directly an app through the new web-based Android Market. The procedure is quite sim-ple really. Android sends out a number of broad-cast messages that an application can receive, such as SMS received. An application has to reg-ister its receiver to receive broadcast messages. Once application launched it is just calling the disableKeyguard() method in KeyguardManager. This is a legitimate API to enable applications to disable the screen lock e.g. an incoming phone call is detected.

Similar techniques for BlackBerry were dis-cussed [1], [4], [5]:

• default feature to show password without as-terisks that's a possible to screen-capture. If “screenshot” API isn’t disable it works (by de-faults it’s allowed)

• scaled preview for typed character through vir-tual keyboard. It works too and maybe screen-shooted. As further consideration agent may XOR two screenshots and extract preview of pressed key as well as typed text.

• stealing password during synchronization from BlackBerry Desktop Software. It works be-cause of security issues of Windows API. Moreover, it works not only to grab device password but backup password too.

• redrawing fake-window to catch typed pass-word on device. Some social engineering as-pect to announce “something is crashed and lock the device, please unlock by re-entering a password”

The last two techniques (stealing and redrawing) work on PlayBook as well. Moreover, developers must have a swipe-down event listeners else ap-plication will not be closed or minimized until bat-tery discharges.

ClASSIC FORENSICSGATHERING lOGS AND DUMPSThe main evidence procedure violates the forensic method by requiring to record logs kept and dump. It is possible to view some debug log on the device

pressing hotkeys on BlackBerry smartphone, while Android and Playbook did not provide the same feature, or throughout SDK Tools.

BlACKBERRY SMARTPHONEThe BlackBerry SDK tools or BBSAK Allow to ex-tract BlackBerry event logs to the text file via USB. Two tools named “javeloader.exe” and “loader.exe” allow to extract not only events logs but also dump of device, all executable modules (.cod file), with dependence modules, screenshots, device info. The first of them needs PIN and Password while the second does not [1].

BlACKBERRY PlAYBOOKAll SDK provided by RIM, e.g. Adobe Air SDK has a tool “blackberry-connect” is just a wrapper for “Con-nect.jar”. But before connect RSA key-pair should be generated by “ssh-keygen -t rsa -b 4096” and “Dev Mode” option enabled. Then should be typed target ip (often 169.254.0.1 for USB), device pass-word and ssh key as parameters. This tools extracts device information (like os, fingerprint, hardware id, vendors id, debug mode tokens, etc.), applica-tion list information (like module, version, icon ID, name, vendor, source, etc.) and more. Also, Wi-Fi logs stored ip, dns, subnet mask, information about (un-)successful attempts may only be analysed by manual acquisition.

ANDROIDSome kind of data storage mechanism provid-ing the low-level interaction with the network, web servers, etc. is available to the developers to store and retrieve via packages named as java.net and android.net. Such log-files store actions with date and time stamps, error/warning/successful authen-ticate events, logins, some data as email address-es, access keys, private keys or application id keys as well as SQL db files may store all upload, down-loaded and transferred data via an application of-ten without ciphering. They might contain as much more data than BlackBerry if only developers hear and use them.

Similar to the BlackBerry, Android has an SDK tool “adb” to gather information too that as a dae-mon running on the device and proxies the recur-sive copy only runs with shell permissions. Suc-cessful accessing aims to extracting (copying) the entire “/data” partition to the local directory and such useful files such as unencrypted apps, most of the tmpfs file systems that can include user data such as browser history, and system information found in “/proc,” “/sys,” and other readable directories.

BACKUPBlACKBERRY SMARTPHONE AND TABlETManaging with backup starts with BlackBerry Desktop Manager that results “.ipd” (early, now it is

26

.bbb file is just compress with tar) in a destination folder. This file stores

• on BlackBerry smartphone very granulated da-ta (incl. settings) like Address Book, Alarm, At-tachment, AutoText, BlackBerry Bridge, Black-Berry Wallet, Bluetooth, Browser, Calendar, Camera, Certificate, etc.

• on BlackBerry tablet only Application Data, Media and Settings. As PlayBook does not provide native Password Wallet, many third party applications often save data in shared\documents folder in .db format easy analysed if no encryption.

BlACKBERRY SIMUlATIONThis feature unfortunately unavailable for Android and PlayBook, despite of that’s very useful and valuable. The BlackBerry Simulator built for simu-lating a backup copy of the physical device. This is helpful if the device is low on battery, needs to be turned off, or else not to alter the data on the physi-cal device.

ANDROIDAndroid did not provide a mechanism for users to backup their personal data despite of that the backup API is now available the synchronization provide outlook linking. Instead, a large number of backup applications were developed and distrib-uted on the Android Market, often with “Save to SD Card” feature as well as putting into cloud.

Anyway, backup area is covered by following items:

• Application installers (if phone has root access, this includes APK Data and Market Links)

• Contacts, Call log, Calendars• Browser bookmarks• SMS (text messages), MMS (attachments in

messages)• System settings• Home screens (including HTC Sense UI)• Alarms, Dictionary, Music playlists• Integrated third-party applications

lIVE FORENSICS (INClUDE FIlES ON STORAGE)There some situations that is not desirable to shut down, seize the digital device, and perform the fo-rensic analysis at the lab. For example, if there is an indication that an encryption mechanism is used on the digital device that was discovered, then the investigator should not shutdown this dig-ital device. Otherwise, after shutdown all the infor-mation (potential evidence) that was encrypted will be unintelligible. By performing Live Analysis, the investigators attempt to extract the encryption key from the running system.

An up-to-date BlackBerry has many data, such as several mobile or home phone number, faxes, emails, work and home addresses, web-pages or dates; IM data and social data, private data such as tracking info, habits, time marked a free, time when user’s possible sleeping, time when user’s at home/company can come to light and many else. However, all those can be extracted only with API or Backup file. Android’s data set stores on internal storage and on external, but only in-ternal storage keeps a strong folder structure because Android API controls it. Typically inter-nal place to store any kind of data is “/data/data/” where cache and databases stored in “Package-Name” folder. Android data stored on internal and external storage as binary (or simply text) files as well as packed into xml or SQLlite database for-mats. XML format allows including Boolean, in-teger, float or string data types provide develop-ers to create, load, and save configuration values that power their application. Internal files allow developers to store very complicated data types and saved them in several places on the internal storage that by default, can only be read by the application and even the device owner is prevent-ed from viewing the files unless they have root access. While files stored on the internal device’s storage have strict security and location param-eters, files on the various external storage devic-es have far fewer constraints. SQLite is one of the most popular database formats appearing in many mobile systems for many reasons such as high quality, open source, tend to be very com-pact, cross-platform file, and finally, cause of the Android SDK provides API to use SQLite data-bases in their applications. The SQLite files are generally stored on the internal storage under /data/data/<packageName>/databases without any restrictions on creating databases elsewhere.

The Android contact (address book) data is stored in file “/data/data/com.android.providers.contacts” on internal storage. This stores the call logs for the device in the calls table. There are over 30 tables in contacts2.db contains additional values about contacts and additional data about some extending by different accounts – Gmail, Exchange, Facebook, Twitter, etc. If pictures of the contacts are available, they are stored in the files directory and named thumbnail_pho-to_[NNNNN].jpg. Additionally, a Facebook data stores in file “/data/data/com.facebook/fb.db” and contains nearly all of the information includes al-bums, info_contacts, notifications, chatconversa-tions, mailbox_messages, photos, chatmessag-es, search results, default user images, mailbox profiles, stream photos, events, mailbox threads, friends and others. Gmail data is located in “/data/data/com.google.android.gm” which stores each configured Gmail account via separate SQLite



database filled by the entire e-mail content. GMaps data located on “/data/data/com.google.android.apps.maps” stores amount of information about maps, tiles, searches, and more in the files directory often provide by “search_history.db” or actual spoken directions stored as map data on the SD card in .wav files; the time stamps on the file prefaced with a “._speech” simplify movement timeline. In addition, Android provide a file-fold-er storage located “/data/data/com.android.pro-viders.telephony” filled by the MMS attachments (images, video, or any other supported data), sms message as database table with all messages. A bit more information filepath “/data/data/com.an-droid.mms” provides with cached data or data is outcoming.

Clipboard is breakable too because user have to see a password to retype in another application that can easily be screen-captured or to copy into clip-board that not protected, because user still have to put data (password) into non-protected text-box, sometimes in plaintext even. In other words, end-point object is vulnerable. As Clipboard API exists like getClipboard() on BlackBerry, getData() on PlayBook, getText() on Android.

To access to the Pictures, Videos, Voice notes, and other files, some of them may be videocap-tured or audiocaptured, forensics expert rarely need to intercept API events or break root rights; all needs is listen file events of creating and de-leting files or grab these files from internal/exter-nal storage. Pictures are more inquisitive as cam-era-snapshots since it has EXIF-header. Metadata is, quite simply, data about data. EXIF header is stored in an “application segment” of a JPEG file, or as privately defined tags in a TIFF file. Not only basic cameras have these headers, but both mo-bile devices provide the “Camera Make” as RIM/BlackBerry/Android/HTC data as well as “Camera Model” may often be device model. GPS or date tag often renames filename by placing into begin-ning city name except Android and PlayBook. They place GPS and date tag in EXIF only.

Instant messaging is a well-established means of fast and effective communication. IM forensic were to answer the two questions as identifying an author of an IM conversation based strictly on author behaviour and classifying behaviour char-acteristics. For example, BlackBerry smartphone stores all chats (from Google, Yahoo, Windows Live, BlackBerry Messenger, AIM(AOL)) in plain-text mode in .csv file. File paths are often easy to find too [1].

On Playbook each application has access to its own working directory in the file system, and might access to the shared folder (sandbox) because of the access to the files and folders governed by UNIX-style groups and permissions. It means applications cannot create new directories in the

working directory; they can only access the folders listed below.

Table 2. Playbook shared folders structure

Folder What data contains Access type

app The installed application’s files.

read-only

data The application’s private data.

read and write access

temp The application’s temporary working files.


logs System logs for an application (stderr and stdout)


shared Subfolders that contain shared data grouped by type.

no access

shared/bookmarks

Web browser bookmarks that can be shared among applications.


shared/books

eBook files that can be shared among applications.


shared/clipboard

Data copied or cut from another application (txt, html, uri format).


shared/documents

Documents that can be shared among applications.


shared/downloads

Web browser downloads. read and write access

shared/misc Miscellaneous data that can be shared among applications.


shared/music

Music files that can be shared among applications.


shared/photos

Photos that can be shared among applications.


shared/videos

Videos that can be shared among applications.


shared/voice

Audio recordings that can be shared among applications.


Despite of mentioned folders there is ability to recreate folder structure partially and have read-only access to files [7].

28

CONClUSIONThe BlackBerry devices as well as Android devic-es share the same evidentiary value as any other Personal Digital Assistant (mobile device). As the investigator may suspect of most file systems, a delete is by no means a total removal of data on the device. However, the BlackBerry smartphone is always-on, wireless push technology adds a unique dimension to forensic examination. Android and Playbook instead tends to be more offline and wake up by user actions. Moreover, the trend of app world installation only is coming that means complication only.

All mentioned above highlights value and up-to-date techniques on forensics area, some of them based on issues misunderstanding development concepts or else. Similar to the BlackBerry, Push-technology allows information be pushed through its radio antenna at any time, potentially overwrit-ing previously “deleted” data. Classic Forensics techniques or DLP system is ineffective to stop it because of time, applications that exchanged data in real-time. In addition, the password has a long-term problem. Some techniques very impactful but limited special cases. It’s obvious Android should be rooted, BlackBerry smartphone should have a backup or correspond to the forensics methods and tools, while Playbook limits with shared folder only and there’s no way to root it or mirror all data to the PlayBook simulator as it was for BlackBerry smartphone. The files store on external or internal storage might be useful to obtain some data stored in backup or available to API. It means forensics needs more practical and preventive techniques to extract data. Simply using developer’s API helps to grab data like password for social networks or mail inbox in blackberry smartphone cases that do not stored anywhere. In addition, IM chats do not store else external/internal storage and can only be ac-cessible in way data extracting but if password is known and storage does not encrypted. It means

live techniques through API make sense only. Moreover, there is technique preventing success-ful USB or Bluetooth connection as a live-agent performing DDoS to the event-listener [8].

Finally, all security holes or vendor vision about security on their OS are very astounding to use, it reduces the risks for loss of valuable data and im-prove existing solutions. In addition, forensics ex-pert protected from almost all objectives capable break and stop forensics investigation.

Author bioCurrently in the postgraduate program at RSUH on the Cloud Security thesis. Expe-rience in Reverse Engineering, Software Programming, Cyber & Mobile Security Research, Documentation, and as a con-tributing Security Writer. Also, research-ing Cloud Security and Social Privacy. The

last several years, worked on mobile & social security, foren-sics, cloud security & compliance & [email protected]

References[1] Y. Chemerkin, “To get round to the heart of fortress,” Hakin9 Extra Magazine, Software Press Sp. z o.o. Sp. Koman-

dytowa 02-682 Warszawa, vol. 1 №3 Issue 03/2011 (03) ISSN 1733-7186, pp. 20–37, August 2011[2] Y. Chemerkin, “Comparison of Android and BlackBerry Forensic Techniques,” Hakin9 Extra Magazine, Software

Press Sp. z o.o. Sp. Komandytowa 02-682 Warszawa, vol. 11 №4 Issue 04/2012 (11) ISSN 1733-7186, pp. 28–36, April 2012

[3] Y. Chemerkin, “When Developer’s API Simplify User-Mode Rootkits Developing,” Hakin9 Mobile Magazine, Soft-ware Press Sp. z o.o. Sp. Komandytowa 02-682 Warszawa, vol. 2 №2 Issue 02/2012 (3) ISSN 1733-7186, pp. 16–21, February 2012

[4] Y. Chemerkin, “When Developers API Simplify User-Mode Rootkits Development – Part II,” Hakin9 OnDemand Magazine, Software Press Sp. z o.o. Sp. Komandytowa 02-682 Warszawa, vol. 1 №4 Issue 04/2012 (4) ISSN 1733-7186, pp. 56–81, July 2012

[5] A. Hoog, Android Forensics: Investigation, Analysis and Mobile Security for Google Android. Syngress, 2011.[6] D. M. Gomez, A. Davis, BlackBerry PlayBook Security: Part one. NGS Secure, 2011.[7] Y. Chemerkin “Insecurity of blackberry solutions: Vulnerability on the edge of the technologies,” vol. 6, pp. 20-21,

December 2011 [Annual InfoSecurity Russia Conf., 2011][8] Y. Chemerkin, “BlackBerry Playbook – New Challenges” Hakin9 E-Book Magazine, Software Press Sp. z o.o. Sp. Ko-

mandytowa 02-682 Warszawa, vol. 1 №3 Issue 03/2012 (3) ISSN 1733-7186, pp. 1–34, September 2012

Technology

State of art of mobile forensics