A carregar...
2 resultados
Resultados da pesquisa
A mostrar 1 - 2 de 2
- Microsoft's Your Phone environment from a digital forensic perspectivePublication . Domingues, Patricio; Andrade, Luis Miguel; Frade, MiguelYour Phone is a Microsoft dual mobile/desktop application that links a Windows 10 environment to a smartphone. The Android version provides the smartphone's user with the ability to control the mobile device from Windows 10, allowing to place/receive calls, send/receive text messages such as SMS, MMS and RCS, access up to the last 2000 photos/screenshots of the device and to receive notifications from applications, all through the Windows 10 Your Phone application and, if configured to do so, within Windows 10 notification center. This work analyzes the Your Phone environment, that is, Your Phone Companion for Android and Your Phone for Windows 10. The paper studies the digital forensic artifacts that can be found in a post mortem analysis, focusing on the SQLite3 databases used by both the Android and Windows 10 applications. We also compare the examined version with a previous version of Your Phone, showing that Your Phone newest functionalities bring new valuable artifacts for forensic examiners. The study shows that Your Phone data left on a Windows 10 device can be useful to access a copy of messages, photos, and document interactions, especially when the Android device is inaccessible or even physically unavailable. To ease the task for digital forensic examiners, we have updated our open-source YPA software that collects and analyzes Your Phone data from a Windows 10 system. YPA runs as a module within the digital forensic Autopsy software.
- Keeping track of UWP application changes for digital forensic purposesPublication . Andrade, Luis Miguel; Domingues, Patricio; Frade, MiguelDigital forensics aims to collect and interpret artifacts that can help in the understanding of the action performed by a given individual or organization. The forensic artifacts are highly dependent on the inner working of the operating system (OS) and applications. This is the case for applications of the Universal Windows Platform (UWP), with digital forensic practitioners often depending on the data kept in the private database(s) of the application. However, some of these applications evolve rapidly, with new versions bringing changes that sometimes involve their inner databases and thus might impact digital forensic artifacts. In this paper, we present UWPscanner, an open source system that we have developed. The UWPscanner system allows to track the changes of internal databases used by UWP applications, aiming to ease the task of not only digital practitioners, but also of digital forensic tool developers. The paper is complemented with the case-study of tracking Microsoft Skype (SkypeApp) and Your Phone evolution with UWPscanner.