Archive for June 2009

Blackberry Forensics with Arch

Hunting tools etc..  Here is what I have found.

OpenSync, Barry and then gathering the files from windows (IPD) and analyzing the files on linux.   A good paper is Mobile Device Forensics by Andrew Martin.    Still working.  I think I’m going to end up writing my own paper as analysis of intrusion on a Blackberry is limited.

Forensic Analysis of a Blackberry

Recently I had an investigation come up that was outside of what the Forensic community would consider the norm.  I am investigating a blackberry for malicious activity or software with no concern for illegal or immoral pictures, emails, videos etc..  Most software packages currently available are for locating the employ who is getting ready to get the pink slip.

With all that being said I could not use Paraben’s products or ABC Amber Blackberry Converter as they are just concerned with retrieving data and not with the activities of the software on the system.

Here is what I have found so far.

Blackberry Security: Ripe for the picking

Attack surface analysis of Blackberry

Guidelines on Cellphone forensics

PDA Forensics

Forensic Examination of a RIM device

After all that much of it had nothing to do with what I needed.  The first two were good Symantec papers.  The first being pulled by Symantec after one day of being online.  It was put up by Milw0rm a short time later.

Well that’s all for now.  I’ll post the some step-by-step shortly.

Mobile Phone Forensics & PDA Forensics Links

Virtual Box and Archlinux/C&A

For the sake of not being a post whore I am going to combine two blogs into one.  They are relatively simple, but not so short I can twitter them.

I had struggled with VMware for some time.  Probably way to long, before I decided to move on to virtualbox.  My only real reason being that I was familiar with VMware.

So using the instructions provided Here I had a difficult time installing using pacman.  The installation was successful, but on first run it would fail to start.  Hanging on the registration splash screen.  So I ran the pacman -R virtualbox-ose and followed the directions further down.  And WOOOHOOO I can haz windowz.

Umm, yes terrible lolcatz reference.  Almost as bad as the suggestion of putting windows on a linux system.  I have to have something to pentest though.  Why else would you install windows unless you deliberately wanted hole or to play games?  Now I can do both.

Moving on to post two or sub-post 1.

In the organization I work for we have to have everything Certified and Accrediated to be put on the network.  I agree with this 100%.  There are to many people out there that will load up anything without a care for what they put on the network.  With that being said the people who manage the C&A packages are morons.  They really only care about Windows.  They don’t care about BSD, Mac, or Linux.  They have approved Ubuntu and anything that is in the apt-get repository, but that is the only flavor that has been approved.  So they blanket approve anything in the repository without even bothering to look.   I don’t have a clue how many packages are available, but I know that there are some that should not be available to the average user on the network.  How many of them should be running port scans with NMap? Or wireshark? etc. etc.

[root@home]# pacman -Sy intelligence
:: Synchronizing package databases…
core is up to date
extra is up to date
community is up to date
intelligence package not found, searching for group…
error: ‘intelligence’: not found in sync db

It seems their repository does not contain that package.

Oh, and to top it all off.  One of the morons looked at my Arch box and said “Oh Ubuntu is approved you are OK”.  So they really don’t know the difference between flavors and kernels.

[root@home]# pacman -S clue
clue package not found, searching for group…
error: ‘clue’: not found in sync db

They don’t have that package either.

BING vs Google

Bing (But It’s Not Google) has been pushed by Microsoft as a replacement for Google, but I have not been impressed by the searches that I have attempted on it.

It doesn’t allow for the “hack” type uses that Google has.  At least in what I have found thus far and it does not provide anything more then Google.  It honestly looks as if BING uses Google to get their information.  Most searches done side by side return everything the same and in the exact same order.

So currently I don’t see any reason what so ever to start using BING over Google.  It doesn’t offer a single benefit other than it’s not Google, but I would much rather use Google then contribute to Micro$oft.