Introduction to Windows Mobile Forensics

被引:19
作者
Casey, Eoghan [1 ]
Bann, Michael [2 ]
Doyle, John [2 ]
机构
[1] cmdLabs, Baltimore, MD 21218 USA
[2] Johns Hopkins Univ, Informat Secur Inst, Baltimore, MD 21218 USA
基金
美国国家科学基金会;
关键词
Windows Mobile Forensics; Windows CE forensics; Mobile device forensics; Cell phone forensics; CEDB database; Transaction-safe FAT; TFAT; Mobile spyware; MobileSpy;
D O I
10.1016/j.diin.2010.01.004
中图分类号
TP [自动化技术、计算机技术];
学科分类号
080201 [机械制造及其自动化];
摘要
Windows Mobile devices are becoming more widely used and can be a valuable source of evidence in a variety of investigations. These portable devices can contain details about an individual's communications, contacts, calendar, online activities, and whereabouts at specific times. Although forensic analysts can apply their knowledge of other Microsoft operating systems to Windows Mobile devices, there are sufficient differences that require specialized knowledge and tools to locate and interpret digital evidence on these systems. This paper provides an overview of Windows Mobile Forensics, describing various methods of acquiring and examining data on Windows Mobile devices. The locations and data formats of useful information on these systems are described, including text messages, multimedia, e-mail, Web browsing artifacts, and Registry entries. This paper concludes with an illustrative scenario involving MobileSpy monitoring software. (C) 2010 Elsevier Ltd. All rights reserved.
引用
收藏
页码:136 / 146
页数:11
相关论文
共 10 条
[1]
CASEY, 2009, RECOVERING DELETED T
[2]
CASEY, 2005, ENCY FORENSIC LEGAL
[3]
FOGIE S, 2007, INSIDE MOBILE SPY SP
[4]
Klaver C., 2010, J DIGITAL INVESTIGAT
[5]
*MICR, 2005, EMB DAT SYST TECHN
[6]
*MICR, 2008, FIL SYST BOOT PROC
[7]
*MICR, 2010, EDB DAT TYP SIZ LIM
[8]
*MICR, 2008, MESS CONT PROP
[9]
VANDERKNIJFF R, 2009, EMBEDDED SYSTEMS ANA
[10]
*XDA, 2006, BACK REST YOUR CEM V