From c8075ab02fe972fe63bb0497351587360f1438b6 Mon Sep 17 00:00:00 2001 From: Jan Vales Date: Fri, 20 Jun 2014 03:37:55 +0200 Subject: [PATCH] writing report4... --- report4/content.tex | 118 +++++++++++++++++++++++++++++++++++++++----- report4/main.tex | 2 +- 2 files changed, 108 insertions(+), 12 deletions(-) diff --git a/report4/content.tex b/report4/content.tex index b3d145d..28c0875 100644 --- a/report4/content.tex +++ b/report4/content.tex @@ -1,28 +1,71 @@ \newpage\section{Questions (12 points)} \subsection{How and when did Mr. Smith and Mr. Mayer communicate? (2 point)} +account lists +* IPHONE info: +.. FB found. -2012-12-06 14:35:38 Johannes Smith 06603169718 -2012-12-06 17:45:36 Johannes Smith +436605166042 - +* Android info: +.. \subsection{What information was exchanged between Mr. Smith and Mr. Mayer? (3 points)} +skype 27-11-2012 12:20:00 to:allegro.mayer from:johannes.m.smith Auth\_Request + +tun+vr +ph1 + +skype 06-12-2012 13:20:33 from:allegro.mayer to:johannes.m.smith Auth\_Granted + +call 2012-12-06 14:35:38 Johannes Smith 06603169718 (0:01:15 sec) + +skype 06-12-2012 16:33:53 to:allegro.mayer from:johannes.m.smith: "Hallo" + +ph2 + +sms +436603169718 Sent on: 2012-12-06 17:20:46 +Ich habe wichtige Informationen über unseren letzten deal für dich. Ruf dich später an, wenn ich ungestört bin. + +sms +436603169718 Sent on: 2012-12-06 17:30:43 +Sicherer kanal wär besser .... + +viber call 2012-12-06 17:31:57 Johannes Smith (71 sec) + +sms +436605166042 Received on: 2012-12-06 17:36:26 +Hallo, ich empfehle dir den WhatsApp Messenger für Android, iPhone, Nokia, BlackBerry und Windows Phone auf http://whatsapp.com/dl/ + +sms +436605166042 Sent on: 2012-12-06 17:42:50 +Viel zu unsicher, hab mir vor kurzem einen ganz tollen vortrag darüber angehört... + +sms +436605166042 Sent on: 2012-12-06 17:45:19 +Ich hab von einem kollegen wichtige informationen. Ruf dich an + +call 2012-12-06 17:45:36 Johannes Smith +436605166042 (0:00:21 sec; diensthandy? DumpBank We Sell Your Shit) + + + + \subsection{Can you find any evidence or hints that support the suspicion of insider trade? (3 points)} +No hard evidence was found.\\ +The fact that both parties looked up stock trading sites could hint at that.\\ +Also communication between Mayer and Smith does not give a definite proof that they really did anything. + \subsection{Was the person that the witness identified really Mr. Mayer? (2 points)} +As Mayer was in Paris on Friday, 7th of December 2012, late afternoon it seems unlikely that a witness saw them.\\ +Unless of course Mayer and Smith met in Paris which could be hinted at by the FILE in the dropbox-directory and the witness too was in Paris at that time. \subsection{Mr. Mayer seems to have more secrets than initially expected. What is his big secret? (2 points)} +By using MAYRS EMAIL address, we found out, that he is engaged with NAME.\\ +Communication suggests that MAYR + Laura were on a romantic trip in Paris. -\subsection{How and when did Mr. Smith and Mr. Mayer communicate? (2 point)} -\newpage\section{Details} -\subsection{Sources} -\subsubsection{iPhone.tar.gz (IPHONE)} -iPhone backup image from Allegro Mayer's Phone. +\newpage\section{iPhone} +\subsection{Source: iPhone.tar.gz (IPBA)} +iPhone backup image from Allegro Mayer's Phone. The extracted files were analysed with iP Backup Analyzer2. \begin{quote} \textbf{size}: 6775181 byte\\ \textbf{''file''-output}: gzip compressed data, last modified: Fri Dec 14 11:42:54 2012, from Unix\\ @@ -31,8 +74,39 @@ ff746e574a0d668e1d82c3ff72501a75eabe642e1dee7f20d3d74b9fe72054f9\\ 9b9a91ded1b3f98067a63065423c620c73c42c65e13c3b110424854b3e7f6678} \end{quote} -\subsubsection{Android.tar.gz (ANDROID)} -Android image from 's phone. +\subsection{Contacts} +The contacts-db was extracted from \emph{\textbf{IPBA::Home Domain:Library/AddressBook:AddressBook.sqlitedb}} +\begin{quote} +\textbf{size}: 87040 byte\\ +\textbf{''file''-output}: SQLite 3.x database\\ +\textbf{sha512}\\\ttfamily{ +} +\end{quote} + +The following contacts were found inside. +\begin{center}\begin{tabular}{ | l | r | } + \hline Name & Phone \\ + \hline & +436603169718 \\ + \hline Laura Markovic & 0680 3303660 \\ + \hline Sabine Oberhuber & +436604413637 \\ + \hline Johannes Smith & +43 660 5166042 \\ + \hline Ernst Strasser & 0660 4394199 \\ + \hline +\end{tabular}\end{center} + +\subsection{Call-Log} +\subsection{SMS-Log} +\subsection{Media} +\subsection{eMail-App} +\subsection{Viber-App} +\subsection{Skype-App} +\subsection{Whatsapp-App} +\subsection{Dropbox-App} +\subsection{Facebook-App} + +\newpage\section{Android} +\subsection{Source: Android.tar.gz (ANDROID)} +Android image from Johannes Maskus Smith's phone. \begin{quote} \textbf{size}: 270397822 byte\\ \textbf{''file''-output}: gzip compressed data, last modified: Fri Dec 14 12:06:37 2012, from Unix\\ @@ -41,18 +115,40 @@ Android image from 's phone. ab18c6a2b5b9f8a0e1539474612a4a7ceae627255a2169565f0dddf3409ef67d} \end{quote} +\subsection{Contacts} +\subsection{Call-Log} +\subsection{SMS-Log} +\subsection{Media} +\subsection{eMail-App} +\subsection{Viber-App} +\subsection{Skype-App} +\subsection{Whatsapp-App} +\subsection{Dropbox-App} +\subsection{Facebook-App} + + +\newpage\section{Details} +\subsection{Used tools on GuestVM} +Tools that were used for analysis (-{}-version): +\begin{itemize} +\item IP Backup Aanalyzer 2.0 build 20130319 (mar 2013) +\end{itemize} \subsection{Used tools on Host} Tools that were used for analysis (-{}-version): \begin{itemize} +\item sqlite3 3.8.5 2014-06-04 14:06:34 b1ed4f2a34ba66c29b130f8d13e9092758019212 \item sha512sum (GNU coreutils) 8.22 \item ls (GNU coreutils) 8.22 \item file 5.18 +\item tar tar (GNU tar) 1.27.1 \end{itemize} - \subsection{Machines} \begin{itemize} +\item \textbf{Virtual machine}\\ +Windows XP Version5.1 (Build2600.xpsp\_sp3\_qfe.130704-0421 : Service Pack3) +\item \textbf{Oracle VirtualBox} 4.3.10 \item \textbf{Host machine}\\ Linux rebx 3.14.0-gentoo-somenet.org \#1 SMP Sun Apr 6 01:00:17 CEST 2014 x86\_64 Intel(R) Core(TM)2 Duo CPU T9300 \@ 2.50GHz GenuineIntel GNU/Linux \end{itemize} diff --git a/report4/main.tex b/report4/main.tex index 14efc9d..809a927 100644 --- a/report4/main.tex +++ b/report4/main.tex @@ -123,7 +123,7 @@ \textbf{0726236\\\url{mailto:jan@jvales.net}}\\\\ \textbf{Still want an official \LaTeX{} template!}\\ -\vspace{50pt} +\vspace{40pt} \section*{Table of Contents}\begin{footnotesize}\tableofcontents\end{footnotesize} \subsection*{Version}\begin{footnotesize}\url{http://git.somenet.org/?p=priv/jan/digfor.git}\\ -- 2.43.0