Advanced Smartphone Forensics

Explore advanced smartphone forensics techniques in this 54-minute conference talk from nullcon Goa 2014. Delve into modern forensic methods for iOS, BlackBerry, and Windows Phone devices. Learn about Apple iCloud forensics, including backup analysis, FindMyPhone protocol, and document storage. Discover techniques for decrypting BlackBerry backups for BB 10 and Olympia Service. Investigate Windows Phone 8 cloud backup systems. Gain insights into iOS forensics, including frequent locations, location services, and advanced logical acquisition. Understand iCloud Control Panel, reverse engineering of backups, and data encryption. Explore iCloud keychain components, retrieval methods, and decryption techniques. Examine Windows Phone backup structures and BlackBerry token services. Enhance your smartphone forensics skills with this comprehensive presentation by Vladimir Katalov from Elcomsoft.

Intro
Smartphone forensics methods
iOS forensics
Backups - what and when
Wait, there is more...
Frequent locations
Location services
Do you really trust your charger?
Pair-locking
Advanced logical acqusition
iCloud Control Panel
iCloud backups reverse engineering
Files in iCloud
iCloud backups - authentication, get token, get keys
Get snaphots, file auth. tokens, chunks URLS
iCloud backups - data encryption
iCloud backups - encryption, summary
Find My Phone protocol
iCloud documents
iCloud files: packages
iCloud keychain (cont'd)
iCloud keychain components
iCloud keychain retrieval
SMS challenge?
SMS challenge (cont'd)
Keychain decryption
Apple iCloud: conclusion
Windows Phone backups
Windows Phone: Live! SDK
Windows Phone: folder hierarchy
Windows Phone: find my phone
BlackBerry backups
BB 10 backups
BlackBerry token service