Digital Forensics | The Bug Bounty Balance

Digital Forensics applications like Encase or Oxygen Forensics, rely on security exploits to fulfil their mobile / computer data acquisition functions. Prior to the boom in CyberSecurity, they were highly reliable pieces of software. Nowerdays, their usefulness can be either circumvented or patched with the right expertise. Much like any security implementation, after a few uses, understanding how they work would not take long, for a seasoned professional.

Hence different procedures must be taken when analysing a machine belonging to a DFIR specialist. As preventative software methods could be present on the device.

A seasoned engineer/developer would not require a digital forensics platform and will be able to build and run their own scripts should a situation arise to do so. Script kiddies or end users, generally cannot code and rely on these tools to complete their tasks.

Bug bounty hunters, looking for new bugs? Download a forensic data acquisition tool, used in CyberCrime investigations or by DFIR professionals to take a look to see how or what pieces of information it can acquire or retrieve. For example the Oxygen Forensics tool relies on Android users, that have an outdated security patch.

Phones that no longer receive Android updates, are susceptible to these kind of privacy intrusions.

Criminals often use burner phones, these phones often are built with easier data retrieval methods, due to the lack of security software included. Modern Android phones, will have the latest Android Security patch, they also feature things like onboard encryption (especially Samsung phones). Certain Android phones are also used by military and law enforcement, hence the extended feature set or data security modules. Software exploits aren’t the only a way to retrieve data. Memory chips can be removed from the board of the phone and analysed seperately, even if the data has been encrypted, similar to ransomware, with the right tool kit and outdated software, this can be breached.

If security is your main concern, then having the latest phone would be your best option. The Samsung Note’s or Ultra models would suffice.

Extreme measures can be taken, for example, certain units may choose to short the pins on the handset, any attempt to connect the device to a computer, would sent a feedback charge back through the USB board, damaging the computer or rendering it unusable. Worse case scenario, you fry the phone as well. It’s not a recommended procedure to someone unskilled in electronics engineering. Data connections and charging would have to be done wirelessly.

AckerWorx used to offer handset modification services, however, due to the pandemic. We only provide software and no longer provide or modify hardware.

** This information was often requested…