verifying malware scanning utilizing linux (ubuntu)
DESCRIPTION
Linux Ubuntu’s free built-in capability can natively mount Android phone images so that they can be examined and scanned for malware utilizing common anti-virus software such as AVG. However, mounting the Android image and scanning it for malware requires a certain number of steps that may not be intuitive to all users. This demonstration will provide a step by step process that all users can comfortably use in future examinations, including as a supplement to verify commercial mobile forensic tools’ malware scanning utilities.TRANSCRIPT
BRIDGING TRADITIONAL INVESTIGATIONS WITH TECHNOLOGY INNOVATIONS
MEET THE TEAM
Desiree McGovern – President and Co-Founder
Pete McGovern – Chief Executive Officer and Co-Founder
Carlos Cajigas – Training Director and Senior Forensic Analyst
WHAT WE DO
EPYX Forensics assist clients with investigations
where electronically stored information (ESI) or
monetary issues are relevant.
• Digital Forensics
• Forensic Accounting
• Expert Testimony
• Training
Objectives
• Mount an Android Image using Linux
• Compare AVG, Clam and BitDefender scans
Android Market Share
• Android has 75 percent of the
smartphone market
Source: ZDNet.com
Mobile Malware
• In 2012 malware increased by 580%
• Over 30,000 pieces of malware so far.
Source: TrustGo
Top 3 Most Dangerous Apps
• Talking Tom Cat Free – 50,000,000 Downloads
• Sends phone # & device ID to 3rd party
• Guitar: Solo Lite – 10,000,000 Downloads
• Captures phone number to be sold.
• Brightest Flashlight Free – 10,000,000 Downloads
• Modify homepage & bookmarks, create shortcuts
Source: TrustGo
Permissions
• Talking Santa – 10,000,000 Downloads
• Sends phone # & device ID to 3rd party
Source: play.google.com
Talking Santa
Source: play.google.com
Google’s play Top 500
• 175,000,000 downloads of
High Risk apps
Source: TrustGo
Infected? How do you know?
• Scan with CelleBrite
• CelleBrite uses BitDefender
Scan with CelleBrite
• Results: 331 Infected files
Enter Torrent
• www.virushare.com
• A repository of malware samples
• 6.24GB torrent (May 2013): http://t.co/oklyE1SRHV
• 11,080 apk’s deemed to be malware
Scan with AVG
• 11,080 files scanned
• 456 infections found
Scan with Clam
• 11,080 files scanned
• 5716 infections found
Scan with BitDefender
• 856610 files scanned
• 16748 infections found
Enter Linux
• Can mount Android Images with
an Ext3/4 file system natively
using Linux
• Physical acquisitions from
Cellebrite and MPE+.
• DMG images from LanternLite
(HFSX)
Mounting Android Images
Carlos Cajigas - Contact Information
www.epyxforensics.com
(800) 996-9420
@Carlos_Cajigas
LET’S STAY CONNECTED