Being in the Diploma in Cyber Security and Forensics, we already learnt some of the basic theory on the basis, background, laws, practices, etc of forensics both in Year 2 and Year 3 modules.
However, for the practical aspects of forensics I only had little experience in Encase & FTK 6.0, and very little opportunity to explore in depth hardware/software tools from the well known forensic based company, Cellebrite, thus I really appreciate the opportunity to be exposed to such tools that are used in the actual forensic fields, during my FYP. Through researching and learning the hardware/software and how Cellebrite does their extractions, etc. I was able to both apply and further deepen both my theory and practical skills for forensics.
Through these 12 weeks I also had to self-learn how to use the Cellebrite Tools (including the built in tools of UFED Physical Analyzer), what the tools, namely the Cellebrite UFED TOUCH 2 and Cellebrite UFED Physical Analyzer, etc can do/extract through reading of their documentations and doing the actual extractions (extracting information from applications like whatsapp that claims to have end to end encryption to some extent even calls, notes and even account information). This process also included reading the documentation on drone extractions and UFED User Lock Code Recovery Tool that is unable to be done due to hardware restrictions, external tools to do further correlation of the information extracted & also Google Find My Device Portal, to reformat the phones remotely and also do tons of research to find out more about the Android and iOS OS, rooting and jailbreaking of different versions & OS and also to a certain extent how secured they were (including upcoming technologies that may affect password extractions). Along the way we faced some challenges like not being able to update the Cellebrite UFED TOUCH 2, and there were little documentation on how to do the update properly, and even following the steps on the documentation was not sufficient to do the update, after some time of experimenting and trying out different stuff we were able to update.
In addition, to do correlation of the information obtained from Cellebrite, I also had to find other tools to better represent the information (namely the latitude and longitude information) and also coded some applications in C# and ASP.NET to do the correlation of these information, so that we would be able to find out where the “suspect” went and at what time, which allowed me to apply my coding skills to this project as well and also learn the usage of other APIs (e.g. Bing Maps API) to apply to this project. That, coupled with helping my friends in their coding projects allowed me to deepen my coding skills and error solving skills.
Last but not least, I would like to extend my thanks to my project supervisor, Mr James Tey, who provided me with the tools to conduct my experiments & researches into the capabilities of Cellebrite. In addition, I would also like to thank my partner and friends that makes the Final Year Project all the more interesting and enjoyable.
2. DSF 164345P Lee Jia Huang, Kenneth
As a Year 3 Cyber Security and Forensics student, we’ve been taught the basics of forensics in modules like Cyber Forensic Technologies and Cyber Forensics Processes, however we’ve had only basic hands-on experience and barely scratched the surface of the whole cyber forensic world.
As stated above, our experiences in forensics from LAB lessons in our past 2 years in this course were really basic, only exposing us to the basics of what exactly forensics tool, so through this project it really widened my idea of what forensics actually can do, from retrieving deleted messages to another person, to recovering and carving out deleted media from files, it really showed us how “secure” our mobile devices actually are. Thankfully, we’ve been through theory lessons and practical lessons which equipped us with necessary knowledge to guide us through what we were supposed to do instead of being clueless as to where to start.
Through these 12 weeks, I’ve also learnt how to actually navigate and use this industry standard product called Cellebrite UFED touch2 and Cellebrite Physical analyzer which are not exactly available for public use and the last time I checked, costed a surprisingly huge sum of money, hence i’d like to thank our project supervisor for giving us this opportunity to experience and try out this product. Through reading the documentation and researching on the full capabilities of these products, I’ve found out that those can perform forensics from an extremely huge range of devices from mobile phones to even drones, and the data which they could extract spared no compromises as well, showing us that they could extract anything from SMS messages to deleted media from the phone/devices. Which really makes us wonder, is any device actually “secure” or is anything actually deleted from our devices?
In addition to all the correlating of data that was extracted, we tried to find a way to better represent data, such as the physical location journeys which the phone had gone through, which yes, cellebrite Physical analyzer or UFED touch 2 is able to extract, however available tools are paid or doesn’t exactly suit our needs, hence my partner and I developed a tool in both ASP.net and C# web form to better represent these information in the form of a map and plotted lines. To better understand where exactly the device had been and what took place in these checkpoints including the date and time and relevant media. These applications also opened the window to allow us to brush up on our much needed coding and problem solving skills.
Lastly, I’d like to thank my project supervisor, Mr James Tey, whom provided me with the tools and the opportunity to work on this project and widen my perspective on what exactly forensics can do and to what extent the tools available are able to retrieve. Additionally, I would like to thank my partner and friends that made the Final Year project experience so much better.