University of Maryland, Baltimore County CYBR 642 in 2006 Wireshark takes TCP UDP and ICMP network protocols into account and
University of Maryland Baltimore County
CYBR 642: Introduction to Digital Forensics
Lab 5 - Memory and Mobile Devices
Sydney Johns
Presented to:
Professor Gina Scaldaferri
22 October 2019
Introduction
The purpose of this laboratory is to learn how to analyze a
...[Show More]
University of Maryland, Baltimore County CYBR 642 in 2006 Wireshark takes TCP UDP and ICMP network protocols into account and
University of Maryland Baltimore County
CYBR 642: Introduction to Digital Forensics
Lab 5 - Memory and Mobile Devices
Sydney Johns
Presented to:
Professor Gina Scaldaferri
22 October 2019
Introduction
The purpose of this laboratory is to learn how to analyze a Linux based system which is useful in
mobile applications. For this laboratory students will analyze both a document and executable
file in order to determine if it poses a threat to the system.
Background
This lab uses the focuses on mobile device forensics. Mobile Forensics is a branch of Digital
Forensics that focuses on the analysis of mobile devices to recover digital evidences of
investigative interest. Software that will be used in lab are Volatility, Plist Editor Pro, SQLite
Spy, and Wireshark.
Volatility is an open-source memory forensics framework for incident response and malware
analysis. It is written in Python and supports Microsoft Windows
[Show Less]
-preview.png)
