Home

Ebook PDA Forensic Tools: An Overview and Analysis

Submitted by antoq on Sun, 07/12/2009 - 04:07

Computer forensics involves the preservation, identification, extraction, documentation, and analysis of computer data. Computer forensic examiners follow clear, well-defined methodologies and procedures that can be adapted for specific situations.As digital devices and technology continue to evolve, forensic tools need to advance in a lockstep fashion. Forensic toolkits are intended to facilitate the work of examiners, allowing them to perform the above-mentioned steps in a timely and structured manner, and improve the quality of the results.

This paper discusses available forensic tools, highlighting the facilities offered and associated constraints on use. Most PDAs follow a similar basic design and offer comparable capabilities. While similar in principle, the various families of PDAs on the marketplace differ in such areas as interaction style, Operating System (OS), and hardware components.

This paper focuses on the Pocket PC and the Palm OS platforms, two of the most popular families of devices, with some additional discussion on Linux based PDAs. Together the three families comprise the majority of the pure PDA devices currently available and in use. The remainder of this paper provides an overview of PDAs, memory cards, and forensic toolkits; describes the scenarios used to analyze the toolkits; gives the findings from applying the scenarios; and summarizes the conclusions drawn.

Contents
INTRODUCTION
BACKGROUND
REMOVABLE MEDIA
PDA FORENSIC TOOLKITS
PDA S EIZURE
ENCASE
PALM DD (PDD)
PILOT -LINK
POSE
DUPLICATE DISK (DD)
MISCELLANEOUS TOOLS
SYNOPSIS OF PDA SEIZURE
POCKET PC
PALM OS
ACQUISITION STAGE
SEARCH FUNCTIONALITY
GRAPHICS LIBRARY
BOOKMARKING
ADDITIONAL TOOLS
REPORT GENERATION
PASSWORD CRACKING
SYNOPSIS OF ENCASE
ACQUISITION STAGE
SEARCH FUNCTIONALITY
SCRIPTS
GRAPHICS LIBRARY
ENSCRIPT & FILTERS
REPORT GENERATION
SYNOPSIS OF PDD
SYNOPSIS OF PILOT-LINK
SYNOPSIS OF DD
ANALYSIS OVERVIEW
SCENARIOS
DEVICES
PDA SEIZURE OUTCOME – POCKET PC
JORNADA 548
IPAQ 3875/3970/5455
PDA SEIZURE OUTCOME - PALM OS
PALM III/PALM VX
VISOR PLATINUM
TUNGSTEN C
ENCASE OUTCOME - PALM OS
PALM III
PALM VX
VISOR PLATINUM
TUNGSTEN C
REMOVABLE MEDIA
ENCASE OUTCOME - LINUX
ZAURUS SL-5000
DDOUTCOME - L INUX
ZAURUS SL-5000
IPAQ3970
SUMMARY
CONCLUSIONS

Downlaod
PDF Ebook PDA Forensic Tools: An Overview and Analysis

»

Posted in :