YCSC

Mobile Forensics – Answers

Part 1: Android Forensics Analysis using ALEAPP 

1. Copy the folder “Mobile Forensics” into the virtual machine desktop.

2. Unzip the “Android Logical Image” folder.

3. Create a new folder called “Android”. This folder will be selected as the output folder to store the parsed files.

4. Open the kali linux terminal and navigate to the directory where ALEAPP was installed as shown below.

5. Run the below command to execute the GUI interface of ALEAPP.

             

6. You should be able to see the ALEAPP GUI interface.

7. Click the “Browse Folder” tab and select the “Android Logical Image” folder as shown below and click “OK” tab.

8. Click the “Browse Folder” tab and select the new folder created in step 3 above. Once done, click “OK” tab. Subsequently, click the “Process” below marked in red.

9. Once the process is completed, you will be prompted with the following window. Click the “OK” tab.

10. Subsequently, the report of the analysis will open on browser automatically.

11. Analyse the information within the report and answer the following questions.

              Questions:      

    • State the email address that was logged into the google account of the android device.

      – Answer: tlouis@kurvalis.com  

      – Walkthrough:

    • Was there any twitter account information? If yes, please provide the account name. 

      – Answer: LTina1900
      – Walkthrough:

    • Where can we find information related to app launch? (Provide the file path) 

      – Answer: data/data/com.google.android.as/databases/SimpleStorage 

    • How many apps were launched via the home screen?

      – Answer: 9

      – Walkthrough:

    • What is the MAC address of the Bluetooth adapter?

      – Answer: 58:cb:52:4e:67:55
      -Walkthrough:
       
    • Where there any bluetooth device connected to the android device?

      -Answer: No

      -Walkthrough:
    • What software did the user download into the android device? 

      – Answer: Magisk manager
      -Walkthrough:

    • When was “fun flag games” was searched? (Answer should be in the format YYYY- MM – DD_HH: MM: SS Timestamp in UTC) 

      – Answer: 2022-12-06 09:28:24 and 2022-12-10 18:11:54
      – Walkthrough:

    • Does the login data information reveal password details? If yes, list the password disclosed. 

      – Answer: Yes, Got2Sell and Suam6is3eik.
      – Walkthrough:

    • From where was boot.img downloaded?

      -Answer: Google Drive
      – Walkthrough:

    • Who was Tina Louis chating with via Google Chat?

      – Answer: Michael Borchardt and Shawn Garza 

       – Walkthrough:

    • What is the SSID of the following Wifi Mac Address 00:00:5e:00:01:03?

      – Answer: Dublin Airport Free WiFi– Walkthrough:


    • It seems that Tina intended to spawn some office romance as she searched for its legality. What was the article’s title that answered her question? (Hint: dating)

      – Answer: Can an Employer Prohibit Workplace Dating? – Rocket Lawyer

      – Walkthrough:

      Part 2: iOS Forensics Analysis using iLEAPP

      1. Copy the folder “Mobile Forensics” into the virtual machine desktop.
      2. Unzip the “iOS Logical Image” folder.
      3. Create a new folder called “iphone”. This folder will be selected as the output folder to store the parsed files.
      4. Open the kali linux terminal and navigate to the directory where iLEAPP was installed as shown below.
      5. Run the below command to execute the GUI interface of ALEAPP.
      6. You should be able to see the iLEAPP GUI interface.
      7. Click the “Browse Folder” tab and select the “iOS Logical Image” folder as shown below and click “OK” tab.
      8. Click the “Browse Folder” tab and select the new folder created in step 3 above. Once done, click “OK” tab. Subsequently, click the “Process” below marked in red.
      9. Once the process is completed, you will be prompted with the following window. Click the “OK” tab.
      10. Subsequently, the report of the analysis will open on browser automatically.
      11.  Analyse the information within the report and answer the following questions.

        Questions:      

          1. What is the username of the AppleID of the iOS device?

            – Answer: pbentley0107@gmail.com– Walkthrough:

          2. What username was used for AllTrails?

            -Answer: patrick-bentley-9 

            -Walkthrough: 

          3. Did Patrick receive any incoming call? If yes, please state the number he received call from.

            -Answer:             Yes, +19734468551. 

             -Walkthrough:

          4. Patrick’s iphone was connected to which device?

            -Answer:  Macbook Air M1 

            – Walkthrough:


          5. What version of iphone was on the system?
            -Answer: iOS 15.0.2
          6. What time zone was used on the system?

            -Answer: America/New_York 

             -Walkthrough:

          7. When was the last mobile backup done? (Answer should be in the format YYYY- MM – DD_HH: MM: SS)

            -Answer: 2022-01-21 22:23:31

            -Walkthrough:

          8. When was “Grocery List” notes created? (Answer should be in the format YYYY- MM – DD_HH: MM: SS) Answer: 2022-01-16 14:04:04


            -Walkthrough: 

          9. What is the name of the GIF sent to Patrick via Bumble message? (Hint: The answer is three words)Answer: Thirsty Steve Martin

            – Walkthrough:

             Opening the link highlighted in yellow leads you the GIF image shown below which says “Thirsty Steve Martin”


          10. It seems that Patrick’s computer has been hacked. What was the search term he used to get guidance on what action to take?

            -Answer: what to do if you get hacked 

            – Walkthrough:


          11. Which app was uninstalled from the device?

            -Answer: WeChat 

            -Walkthrough: