We are pleased to announce that Luca Cadonici, one of our lecturers in Mobile Forensics and Web and Open Source Intelligence, will be a speaker at the Forensic Experts Forum on 7 December, with a presentation entitled Android Security Measures and Chipset-Based Acquisition: A Mobile Forensics challenge.
A brief abstract of the presentation:
Based on real technical experiences, the presentation aims to offer an overview of the ways of forensic acquisition of Android devices based on the exploitation of chipset vulnerabilities. The security measures on Android devices that impact on the possibilities of forensic acquisition will then be illustrated, starting from the encryption of the memory up to the integrity checks at start-up. The specificities of the most popular chipsets in the European and world market will be illustrated, indicating how these can be exploited to bypass Android security checks and acquire the encryption keys of the devices.
The specificities of the various American and Chinese manufacturers will be analyzed, such as the firehose protocol and the EDL boot mode for Qualcomm chipsets, the Download Agent and BootRom Mode of MediaTek chipsets, together with the possibilities of live extraction available via ADB connection for chipsets such as Exynos, Kirin, MediaTek, Qualcomm, Unisoc (Spreadtrum). The acquisition methods proposed by the main forensic suites will be compared, illustrating how they vary according to the encryption options, the versions of the operating system as well as the chipset models themselves.
About the event:
The Forensic Experts Forum, organized by Europol, brings together all relevant players within law enforcement, private industry and academia to exchange knowledge, expertise and experience, but also to identify new trends, developments and best practices in digital forensics.