Name
Unsupported Apps. What Can Be Done? A Methodological Approach to Mobile App Forensics
Speakers
Alexis Brignoni | Digital Forensics Examiner | Federal Law Enforcement
Description
There are over 4 million mobile apps available between the two largest smartphone app stores. Our tools by themselves can only scratch the surface. What can be done? How can we best leverage our tools and grow our practice in order to obtain as much as we can from our examinations? In this presentation the practitioner will learn how to:
- Identify data stores of interest
- Use structure query language to extract and interpret the data
- Manage JSON formatted data inside and outside of SQLite databases
- Retain and reuse acquired knowledge by the generation of custom artifacts in Axiom
- Use apps as viewers and parsers of targeted data through the use of virtual environments
- Set up manual examination when extraction and parsing is not possible