HOME LAB

Cyber Forensics: Mobile

COMPUTER FORENSICS : MOBILE 

DISCLAIMER:

  • This document contains unedited notes and has not been formally proofread.
  • The information provided in this document is intended to provide a basic understanding of certain technologies.
  • Please exercise caution when visiting or downloading from websites mentioned in this document and verify the safety of the website and software.
  • Some websites and software may be flagged as malware by antivirus programs.
  • The document is not intended to be a comprehensive guide and should not be relied upon as the sole source of information.
  • The document is not a substitute for professional advice or expert analysis and should not be used as such.
  • The document does not constitute an endorsement or recommendation of any particular technology, product, or service.
  • The reader assumes all responsibility for their use of the information contained in this document and any consequences that may arise.
  • The author disclaim any liability for any damages or losses that may result from the use of this document or the information contained therein.
  • The author reserve the right to update or change the information contained in this document at any time without prior notice.

  • Any attempts to perform penetration testing or ethical hacking on systems or networks should be done with the explicit permission of the system/network owner. Unauthorized access is illegal and can result in serious legal consequences.
  • It is important to fully understand the scope of the testing and to only test within that scope. Testing outside the agreed upon scope is considered unauthorized and may result in legal action.
  • Any findings or vulnerabilities discovered during testing should be reported to the system/network owner immediately and kept confidential until a fix can be implemented.
  • It is recommended to use a separate, dedicated testing environment rather than testing on a live production system to minimize the risk of accidentally causing damage or downtime.
  • It is important to take steps to protect your own identity and prevent accidental data leaks or exposure of sensitive information during testing.
  • It is also recommended to follow a standard code of ethics for ethical hacking and penetration testing.

ACKNOWLEDGEMENT

I express my sincere gratitude to Dr. John Kingston, my module leader, for offering continuous guidance and support during the development of this paper. The invaluable expertise and insights shared by Dr. Kingston played a pivotal role in enhancing my comprehension of Forensics Investigation and its methodologies.

Table of Contents

  • ACKNOWLEDGEMENT 2
  • Table of Contents 3
  • Table Of Figures 4
  • List Of Tables 5
  • 1. INTRODUCTION 6
  • 2. ANALYSIS 6
  • 2.1. TOOLS USED 7
  • 2.1. EVIDENCE: CHAT MEDIUM TIMELINES 8
  • 2.2. EVIDENCE: STAGE 1: EMAIL MESSAGES 9
  • 2.3. Evidence Part 2: Chats (Facebook) 10
  • 2.4. Evidence Part 3: Chats (SMS) 11
  • 2.5. Evidence Part 4: Chats (Email with PIXELKNOT app) 12
  • 2.5.1. Evidence Part 4: Pixelknot: 01: Tree- Email & JPG 13
  • 2.5.2. Evidence Part 4: Pixelknot: 02: Email Outbox: jpg 14
  • 2.5.3. Evidence Part 4: Pixelknot: 03: Wall - Email & JPG 15
  • 2.6. Evidence Part 5: Google Drive 17
  • 2.7. Evidence Part 6: Choosing (PIXELKNOT app & Google Drive) 18
  • 2.8. Evidence Part 7: Cipher, Place and Payment 19
  • 3. EVIDENCE PART 8: MEDIA ANALYSIS 21
  • 3.1. LOCATION ANALYSIS 21
  • 3.2. GALLERY ANALYSIS 21
  • SCREENSHOT FOLDER: 21
  • FACES FOLDER: 21
  • Invoices Folder 21
  • OTHER ANALYSIS 21
  • PLAY STORE SEARCH 21
  • 3.3. INTERNET BROWSING HISTORY 22
  • Searched History: 22
  • Browsing History 22
  • Download History: 23
  • 4. LAWS TO CONSIDER: 24
  • The Sexual Offences Act 2003: 24
  • Policing and Crime Act 2009: 24
  • Street Offences Act 1959 24
  • Modern Slavery Act 2015 24
  • Legality: 24
  • Age factor: 24
  • 5. CONCLUSION 25
  • Appendix Table: A 27
  • LOCATION: DATA SCREENSHOT 27
  • Appendix Table: B 27
  • SCREENSHOT FOLDER 27
  • Appendix Table: C 29
  • Gallery: Faces Folder 29
  • Appendix Table: D 30
  • PIXELKNOT decoded Image’s 30
  • REFERENCES 33

Table Of Figures

  • Figure 1 Problem statement 6
  • Figure 2 Cellebrite Physical Analyzer Extraction Summary 7
  • Figure 3 Evidence: Email step01: registration 9
  • Figure 4 Evidence Email Step 02 - Setup Custom Search 9
  • Figure 5 FB Chat 01: Initial contact. 10
  • Figure 6 FB Chat 02: Continue. 10
  • Figure 7 SMS Chat 03: Specialized dating 11
  • Figure 8 SMS Chat 04: Secure method info 11
  • Figure 9 SMS Chat 05: PIXELKNOT & Stephanie APPs 12
  • Figure 10 Email chat to install Pixelknot. 12
  • Figure 11 Pixelknot:01: Tree – JPG -Decoded 13
  • Figure 12 Pixelknot:01: Tree - Email 13
  • Figure 13 Pixelknot:02: Decoded: girl-7172340_1280.jpg 14
  • Figure 14 Pixelknot:02: Email Outbox: girl-7172340_1280.jpg 14
  • Figure 15 Pixelknot:03: Wall - decoded 15
  • Figure 16 Pixelknot:03: Wall - Email & JPG 15
  • Figure 17 Stephanie Not working SMS. 16
  • Figure 18 Stephanie App Step 01 16
  • Figure 19 Stephanie App Step 02 16
  • Figure 20 Stephanie App Step: Error Message 16
  • Figure 21 Google Drive Share Emails 17
  • Figure 22 Email- Google Drive Folder: KT 17
  • Figure 23 Screenshot Google Drive: KT 17
  • Figure 24 Pixelknot:04: Choice-Decoded 18
  • Figure 25 Pixelknot:04: Choice-Email 18
  • Figure 26 Google Drive: Choice- Seven.jpg 18
  • Figure 27  Pixelknot: Place and Payment -Decoded 19
  • Figure 28 Pixelknot: Place and Payment - Email 19
  • Figure 29 Deciphered Text 20
  • Figure 30 Tom Biddle personal details 21
  • Figure 31PLAY STORE SEARCH 22
  • Figure 32 Searched History 22
  • Figure 33 Browsing History 23
  • Figure 34 Internet: Downloads 23

List Of Tables

  • Table 1 Communication Medium Timelines 8
  • Table 2 Evidence Stage 1 Email 9
  • Table 3 Evidence: FB- initial startup 10
  • Table 4 Evidence SMS Chat 11
  • Table 5 Evidence Pixelknot & Stephanie APPs 12
  • Table 6 Pixelknot:01: Tree: Email & JPG 13
  • Table 7 Pixelknot:02: Email Outbox: girl-7172340_1280.jpg 14
  • Table 8 Install Stephanie App Decoded 15
  • Table 9 Stephanie App Steps & error message 16
  • Table 10 Google Drive: KT - Email & Screenshot 17
  • Table 11 Evidence: Place and Payment 19
  • Table 12 Cipher: Message & Screenshot 20
  • Table 13 Tom's Offences 25
  • Table 14 Katie’s Offences 25

1. INTRODUCTION

The problem statement for the subsequent investigation is depicted in the below image [Figure Problem statement], followed by an elucidation of the procedures employed to collect information, evidence and followed by conclusion. 

Figure 1 Problem statement

2. ANALYSIS 

The forensic images generated by specialized tool CELLEBRITE PHYSICAL ANALYZER, encompassing sophisticated logical and physical representations extracted from the mobile device of the individuals under investigation, are employed for subsequent analysis to acquire relevant information. The Cellebrite reader provides the phase where the reports are shared along with analyzed data classifications. 
The investigation process is categorized as:
Evidence: CHAT MEDIUM TIMELINES
Evidence Part 1: Emails
Evidence Part 2: Chats (Facebook)
Evidence Part 3: Chats (SMS)
Evidence Part 4: Chats (Email with PIXELKNOT app)
Evidence Part 5: Google Drive
Evidence Part 6: Choosing (PIXELKNOT app & Google Drive)
Evidence Part 7: Place and Payment 
Evidence Part 8: MEDIA ANALYSIS
Appendix.

2.1. TOOLS USED 


CELLEBRITE PHYSICAL ANALYZER V7.63.0.126 
o [Figure Cellebrite Physical Analyzer Extraction Summary] & 
CELLEBRITE Reader V7.63.0.126 
o (CELLEBRITE PHYSICAL ANALYZER, 2023).
PIXELKNOT: Hidden Messages – Android App 
o (PixelKnot: Hidden Messages, 2023).
STEPHANIE - Steganography app - Android App 
o (Stephanie - Steganography app, 2023).
VIGENERE-CIPHER – Online Decrypt tool 
o (VIGENERE-CIPHER, 2023).

Figure 2 Cellebrite Physical Analyzer Extraction Summary


2.1. EVIDENCE: CHAT MEDIUM TIMELINES


The Conversation between Tom Biddle and Kaite started from Facebook messenger chat on 14-09-2023 10:39:02(UTC+1) and transitioned to text messages on cell phones at 14-09-2023 11:34:12(UTC+1). The subsequent phase involved communication through the sharing of images generated by the PIXELKNOT app via email.
The table below, titled “Table Communication Medium Timelines,” outlines the sequential progression of plot events taking place. For images refer to [Appendix Table: D].

Table 1 Communication Medium Timelines

COMMUNICATION MEDIUM

TIMELINE

Facebook Messenger Chat

14-09-2023 10:39:02(UTC+1)

Text Messages - SMS

14-09-2023 11:34:12(UTC+1)

Email – Install APK

14-09-2023 16:53:03(UTC+1)

Email - PIXELKNOT: tree

15-09-2023 16:28:05(UTC+1)

Email PIXELKNOT: girl-7172340_1280.jpg

15-09-2023 16:35:53(UTC+1)

Email PIXELKNOT: Wall IMG_20230915_144729.jpg

15-09-2023 17:24:30(UTC+1)

Email: Folder shared with you: ‘KT’

26-09-2023 12:53:24(UTC+1)

Email: PIXELKNOT: Choice - 0_one.jpg

26-09-2023 13:18:27(UTC+1)

Email: PIXELKNOT: IMG_20230915_152522.jpg

26-09-2023 13:27:18(UTC+1)

Cipher: 181_task_thumbnail.png

26-09-2023 13:35:30(UTC+1)



2.2. EVIDENCE: STAGE 1: EMAIL MESSAGES

In the quest for the initial plot key, it was found that, Tom Biddle initiated registrations on MATCH.COM and INTERNATIONALCUPID.COM sites, as evidenced in [Figure Evidence: Email step01: registration]. 


Figure 3 Evidence: Email step01: registration

Figure 4 Evidence Email Step 02 - Setup Custom Search

Evidence Email Step 02 - Setup Custom Search


Additionally, he configured custom filter alerts, as illustrated in [Figure Evidence Email Step 02 - Setup Custom Search], featuring for teenage women. 

2.3. Evidence Part 2: Chats (Facebook)

Tom Biddle initiated the first contact through Facebook chat, as depicted in [Figure FB Chat 01: Initial contact.] The conversation then continued with further exchanges, during which their phone numbers were shared, as observed in [Figure FB Chat 02: Continue.].

Table 3 Evidence: FB- initial startup


Figure 5 FB Chat 01: Initial contact


Figure 6 FB Chat 02: Continue.


2.4. Evidence Part 3: Chats (SMS)

Tom Biddle and Katie continued their conversation through SMS. The key takeaway from this is that Katie initiated sharing information about a specialized dating service [“Can supply women, girls or boys”] and provided instructions via email to progress to further stages using secure methods refer the below [Figure SMS Chat 04: Secure method info].  

Table 4 Evidence SMS Chat
Figure 7 SMS Chat 03: Specialized dating

Figure 8 SMS Chat 04: Secure method info

2.5. Evidence Part 4: Chats (Email with PIXELKNOT app)

Katie instructed Tom to install the Pixelknot app and shared the password "Katie" for opening the images received from her through the Pixelknot app refer the below [Figure Email chat to install Pixelknot.]. 
The image below, labeled [Figure SMS Chat 05: PIXELKNOT & Stephanie APPs], displays the message "that didn’t work." This issue arose because the Stephanie app did not function as expected. Further reference images can be observed in subsequent analyses [Table 9 Stephanie App Steps & error message].

Table 5 Evidence Pixelknot & Stephanie APPs

Figure 9 SMS Chat 05: PIXELKNOT & Stephanie APPs

Figure 10 Email chat to install Pixelknot.


2.5.1. Evidence Part 4: Pixelknot: 01: Tree- Email & JPG

Currently, all conversations are occurring through the Pixelknot app. The official definition, stated as (Pixelknot: Hidden Messages), “DISGUISE YOUR MESSAGES: Pictures are public, the text is hidden inside. Even a trained eye will think the image is unedited. It’s security through obscurity.”
The decoded message from the image file “IMG_20230915_144429.jpg,” received via email with subject head “Tree,” is visible in the image [Figure 11 Pixelknot:01: Tree – JPG -Decoded].
Table 6 Pixelknot:01: Tree: Email & JPG

Figure 11 Pixelknot:01: Tree – JPG -Decoded

Figure 12 Pixelknot:01: Tree - Email

2.5.2. Evidence Part 4: Pixelknot: 02: Email Outbox: jpg

Tom has responded to Katie, and the content of the message is revealed in the image labeled [Figure 13 Pixelknot:02: Decoded: girl-7172340_1280.jpg]. Tom's expressed interest in learning more about "girls" is evident in the message. 

Table 7 Pixelknot:02: Email Outbox: girl-7172340_1280.jpg

Figure 13 Pixelknot:02: Decoded: girl-7172340_1280.jpg


Figure 14 Pixelknot:02: Email Outbox: girl-7172340_1280.jpg



2.5.3. Evidence Part 4: Pixelknot: 03: Wall - Email & JPG

Katie has provided instructions to install another app, Stephanie – steganography, for continued conversations, as depicted in the image [Figure 15 Pixelknot:03: Wall - decoded].
Figure 15 Pixelknot:03: Wall - decoded

Figure 16 Pixelknot:03: Wall - Email & JPG


Tom attempted to follow the instructions to install the Stephanie app and decode the messages. However, the app did not function as intended, and he was trying to communicate this issue to Katie. Details of these attempts and the encountered error messages are documented in the following table titled [Table 9 Stephanie App Steps & error message].

Table 9 Stephanie App Steps & error message

Figure 17 Stephanie Not working SMS

Figure 18 Stephanie App Step 01

Figure 19 Stephanie App Step 02
Figure 20 Stephanie App Step: Error Message


2.6. Evidence Part 5: Google Drive

Kaite started to share some more images using google drive, more evidenced in the [Figure Google Drive Share Emails]. The emails with subjects "One," "Two," and "Item shared with you: one.jpg" indicate that these files are currently inaccessible. 
However, the email message with the subject "Folder shared with you: KT" is accessible and is displayed in the [Table Google Drive: KT - Email & Screenshot].

Figure 21 Google Drive Share Emails

Table 10 Google Drive: KT - Email & Screenshot
Figure 22 Email- Google Drive Folder: KT

Figure 23 Screenshot Google Drive: KT


2.7. Evidence Part 6: Choosing (PIXELKNOT app & Google Drive)

Tom accessed the Google Drive folder "KT" and sent the encoded message to Katie, labeled as Choice Seven, as depicted in Figure 24 Pixelknot:04: Choice-Decoded. The content of Seven.jpg from [Figure Google Drive: Choice- Seven.jpg] discloses the girl chosen. 

Figure 24 Pixelknot:04: Choice-Decoded

Figure 25 Pixelknot:04: Choice-Email


Figure 26 Google Drive: Choice- Seven.jpg


2.8. Evidence Part 7: Cipher, Place and Payment

Katie, upon receiving the Pixelknot encoded email from Tom, confirmed the content of seven.jpg and shared the address "Canal Street in Manchester at 10 am tomorrow and instructing to bring a credit card", can referred from the [Figure Pixelknot: Place and Payment -Decoded]. 
Refer the [Figure Pixelknot: Place and Payment - Email] This message was encoded as part of the Pixelknot image received via email on 26-09-2023 at 13:27:18 (UTC+1). The actual image was found under path: “USERDATA (ExtX)/Root/media/0/ Download/IMG_20230915_152522.jpg”.


Table 11 Evidence: Place and Payment

Figure 27  Pixelknot: Place and Payment -Decoded

Figure 28 Pixelknot: Place and Payment - Email


A cipher screenshot taken on 26-09-2023 at 13:35:30 (UTC+1), when deciphered (VIGENERE-CIPHER, 2023), reveals the message "Katie – Canal Street 10 am. Bring credit card". Please refer to [Figure 29 Deciphered Text] and [Table 12 Cipher: Message & Screenshot].

Table 12 Cipher: Message & Screenshot
 Screenshot


Cipher: Message


Figure 29 Deciphered Text

3. EVIDENCE PART 8: MEDIA ANALYSIS
3.1. LOCATION ANALYSIS 

There was no available data to provide location access from any of the sources, such as images, cell phones, or GPS coordinates. The three data points available include a Wi-Fi point and two Facebook check-in posts, as referenced in [Appendix Table: A]. 

3.2. GALLERY ANALYSIS

SCREENSHOT FOLDER: 

The Screenshot folder includes images of the Google Drive folder "KT," the Cipher message, Katie's chat, and call log. Please refer to [Appendix Table: B].

FACES FOLDER:

The cache memory contains lots of girl images which were part of the physical memory database [Appendix Table: C] for more details.
Invoices Folder
The Images from the folder did not yield any meaningful details. 

OTHER ANALYSIS

Tom Biddle personal details, retrieved from autofill analysis.
Figure 30 Tom Biddle personal details

PLAY STORE SEARCH

The search keywords from play store highlights the apps used by Tom

Figure 31 PLAY STORE SEARCH

3.3. INTERNET BROWSING HISTORY

Searched History:

The search keywords used were related to VIGENERE CIPHER, FILE MANAGER, STEPHANIE, PIXELKNOT, FACEBOOK, and OKCUPID. These keywords led to the discovery of additional evidence, building upon the earlier analysis mentioned in the list above. 

Figure 32 Searched History

Browsing History

The image below illustrates the webpages that TOM visited, suggesting a heightened interest in teenage girls and active engagement with Katie. 

Figure 33 Browsing History


Download History:

Tom's internet browsing history offers comprehensive details about the downloaded data, including photos of teenage girls.

Figure 34 Internet: Downloads


4. LAWS TO CONSIDER:

The Sexual Offences Act 2003: 
51A Soliciting, 
52 Causing or inciting prostitution for gain, 
53Controlling prostitution for gain, 
53APaying for sexual services of a prostitute subjected to force etc., 
10 Causing or inciting a child to engage in sexual activity.
14 Arranging or facilitating commission of a child sex offence.
Policing and Crime Act 2009: 
Sec 14: Paying for sexual services of a prostitute subjected to force.
Street Offences Act 1959
Sec 1: Loitering or soliciting for purposes of prostitution.
Modern Slavery Act 2015
Sec 1: Slavery, servitude and forced or compulsory labour. 
Sec 3: Meaning of exploitation (3) Sexual exploitation
Legality:
Prostitution itself is legal: Engaging in sex work and exchanging sexual services for money is not illegal in England.
It’s legal to be a sex worker in the UK, but working together and virtually anything you need to do to contact a client, is illegal (ECOP, 2023),  
However, many related activities are illegal: This includes:
Soliciting in public places: Approaching someone in a street, park, or other public space to offer sexual services is illegal.
Running a brothel: Operating or managing a premises where two or more people exchange sexual services for money is illegal.
Controlling prostitution for gain: Pimping, trafficking, or controlling someone's prostitution for personal profit is illegal.
Paying for sex with someone forced or coerced: This is illegal even if you were unaware of the coercion.
Age factor:
Prostitution is illegal for anyone under 18: Engaging in any sexual activity for money under the age of 18 is considered child sexual exploitation and is a serious offence.
It is also illegal to pay for sex with someone under 18, even if they appear older: This is considered child sexual abuse and carries severe penalties.

5. CONCLUSION

The analysis of the forensics images retrieved from Tom Biddle’s phone revealed the following conversations.
These are the conversations that have taken place between Tom Biddle and Katie. 
“Katie - I can supply girls. Minimum rental is for 3 days.”
“Tom - I am interested What do you have available.”
“Katie - Shared the girl’s images.”
“Tom - Seven, as soon as possible”
“Katie- Seven it is, Be at the east end of the canal street in Manchester at 10 am tomorrow. A man will arrive with her. You will walk down canal street and he will run your credit card. 180 pounds per day. Contact us when you are done for return arrangements.” 
Based on these the possibility of breaking the England Law, thus, by concluding the scenario with following statements. 
Table 13 Tom's Offences

Acts

Tom - commits this offense

The Sexual Offences Act 2003:

·         Tom's agreement to pay for sexual services constitutes facilitation of a child sex offense. If any of the girls are under 16, - Facilitating the commission of a child sex offence.

·         Sharing images of girls with the intent of sexual exploitation could be considered grooming (Katie) and meeting them in person (Tom) would fulfill the offense, - Meeting a child following grooming.

Policing and Crime Act 2009

·         Agreement under the Policing and Crime Act 2009: potential implications of Tom's payment for sexual services.

Street Offences Act 1959

·         The messages exchanged suggest Tom's potential intention to seek out prostitution in a public space, where his phone was seized.

Modern Slavery Act 2015

·         Tom's potential action may fall under Section 2 of the Modern Slavery Act 2015, which criminalizes arranging or facilitating travel of another person with the view to them being exploited, including for sexual purposes.


Table 14 Katie’s Offences

Acts

Katie - commits this offense

The Sexual Offences Act 2003:

·         Katie is offering to provide girls for sexual activity in exchange for money, fulfilling the criteria of controlling prostitution for personal gain.

·         If any of the girls involved are under 18, Katie commits this offense by arranging for their sexual exploitation, - Causing or inciting prostitution of a child.

·         Sharing images of girls with the intent of sexual exploitation could be considered grooming (Katie), - Meeting a child following grooming.

Policing and Crime Act 2009

·         Kaite is suspected of utilizing various methods, including coercion, deception, and potentially non-violent force, to influence the girls he provides

Street Offences Act 1959

·         Kaite's actions of arranging for individuals to meet in public spaces for the exchange of money raise concerns about potential violations of the Street Offences Act 1959, specifically regarding loitering or soliciting for prostitution.

Modern Slavery Act 2015

·         The situation surrounding Kaite and the girls raises questions about their living and working conditions, with concerns about potential violations of the Modern Slavery Act 2015 due to suspected forced or compulsory labor.



In conclusion, this examination of mobile forensics commenced with the acquisition of Tom's phone forensic image. Subsequently, the Cellebrite tool was employed to conduct a comprehensive analysis, extracting meaningful insights and potential evidence from the forensic images. The process culminated in identifying the applicable laws that were violated and determining the individuals responsible for the breaches. 

Appendix Table: A

LOCATION: DATA SCREENSHOT

Appendix Table: B


SCREENSHOT FOLDER

SCREENSHOT FOLDER

Appendix Table: C



Gallery: Faces Folder


Appendix Table: D

PIXELKNOT decoded Image’s 

COMMUNICATION MEDIUM

TIMELINE

Email - PIXELKNOT: tree


Timestamp: 15-09-2023 16:28:05(UTC+1)
Subject: Tree

Folder: Inbox, Personal

From: katiecam211@gmail.com

To: tombiddle029@gmail.com

 

Attachment: IMG_20230915_144429.jpg

Email PIXELKNOT: Outbox


Timestamp: 15-09-2023 16:35:53(UTC+1)

Folder: Outbox

From: tombiddle029@gmail.com

To: katiecam211@gmail.com

Attachment: girl-7172340_1280.jpg

Email PIXELKNOT: Wall


Timestamp: 15-09-2023 17:24:30(UTC+1)
Folder: Outbox

Folder: Inbox, Personal

From: katiecam211@gmail.com

To: tombiddle029@gmail.com

Attachment: IMG_20230915_144729.jpg

Email: Folder shared with you: ‘KT’


Timestamp: 26-09-2023 12:53:24(UTC+1)
Folder: Outbox

From: tombiddle029@gmail.com

To: katiecam211@gmail.com

Attachment:

Email: PIXELKNOT: Choice



Timestamp: 26-09-2023 13:18:27(UTC+1)
Folder: Outbox

From: tombiddle029@gmail.com

To: katiecam211@gmail.com

Attachment: 0_one.jpg

Email: PIXELKNOT:



Timestamp: 26-09-2023 13:27:18(UTC+1)
Folder: Outbox

From: tombiddle029@gmail.com

To: katiecam211@gmail.com

Attachment: IMG_20230915_152522.jpg

Actual image found path:
USERDATA (ExtX)/Root/media/0/ Download/IMG_20230915_152522.jpg

Cipher: 181_task_thumbnail.png




Timestamp: 26-09-2023 13:35:30(UTC+1)
Folder:  USERDATA (ExtX) /Root /system_ce/0/ recent_images/ 181_task_thumbnail.png


REFERENCES 


1. (CELLEBRITE PHYSICAL ANALYZER, 2023), “https://cellebrite.com/en/physical-analyzer/.”
2. (PixelKnot: Hidden Messages, 2023), “DISGUISE YOUR MESSAGES: Pictures are public, the text is hidden inside. Even a trained eye will think the image is unedited. It’s security through obscurity!”, “https://play.google.com/store/apps/details?id=info.guardianproject.pixelknot&hl=en_IN&pli=1”.
3. (Stephanie - Steganography app, 2023), “Stephanie is a mobile application that hides a file (.jpg, .png .mp3) in a photo, and allows you to get a previously sewn file in the image. Experience steganography on your mobile device,” “https://play.google.com/store/apps/details?id=com.piekarskipiotr.stephanie&hl=en_IN.”
4. (England ACT 2003), “The Sexual Offences Act 2003: “https://www.legislation.gov.uk/ukpga/2003/42/contents”.
5. (ECOP, 2023), “The English Collective of Prostitutes”, “https://prostitutescollective.net/know-your-rights/”.
6. (VIGENERE-CIPHER, 2023), https://www.dcode.fr/vigenere-cipher

**************************************************************************************************************
Cyber Forensics, Mobile , #Forensics, #Mobile, #CyberForensics

Comments

Popular Posts

Chennai :MTC complaint cell Customer Care No.:+91-9445030516 /Toll Free : 18005991500

Marriage Registration Online steps [Tamil Nadu]

HOME LAB