Ing. Marián Svetlík

Ing. Marián Svetlík

Mgr. Dominik Novák

Department of Information Security

This thesis contains research about methods of mobile forensics, specifically dealing with mobile phones running Android and iOS operating systems. It describes the architecture of said operating systems and the methods they offer for managing application data. It also presents some relevant topics such as file encryption, backup systems, and privilege escalation. Next, it provides an analysis of mobile phone storage, methods of accessing it, and locations where application data is stored. The result of this is a description of the standard file system structure that is accessible to every application for storing its data. The next part of this thesis is dedicated to methods of mobile forensic analysis, specifically the methods of acquiring data from the devices, since this part is the most distinct from classic digital forensics. The methods are divided into groups according to the difficulty and the effect they have on the device. The stage of analyzing the data then consists of identifying relevant files and exploring their contents. Previous findings are then demonstrated using the WhatsApp application. This application was chosen because its data is a rich source of information and is also well-described in many other papers. This part serves as a basis for the next chapter, which involves manual analysis of a different application. For that, the chosen application is Vinted. Results of the analysis are a description of found data and a script that creates a PDF document with the most relevant information.

Thesis on DSpace

Ing. Marián Svetlík

Ing. Josef Kokeš, Ph.D.

Department of Information Security

This thesis focuses on the analysis of methods for working with encrypted files and volumes within the field of digital forensic analysis. It examines encrypted files and volumes commonly used across various applications and operating systems. The thesis describes different encryption methods and analyses their implementation in file formats such as ZIP, PDF, and OOXML, as well as in encrypted volumes using technologies like BitLocker, LUKS, and VeraCrypt. It also evaluates the use of these methods in both open-source and commercial forensic tools. Furthermore, the described methods are implemented in a module for the Autopsy tool, extending its capabilities to support the analysis of encrypted files and volumes. The module primarily focuses on metadata extraction and the subsequent generation of decryption keys. The thesis also outlines methods for verifying password correctness and the potential for decrypting encrypted content.