mobile forensics notes, Summaries of Family and Consumer Science

about mobiler crimes and tools used in forensics

Typology: Summaries

2025/2026

Uploaded on 05/31/2026

ram-kumar-enturi
ram-kumar-enturi 🇮🇳

1 document

1 / 4

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Phone phreaking is the illegal manipulation of telephone systems to gain unauthorized
access
,
usually to make free or unapproved calls
.[
web
:36][
web
:42]
In earlier
telecommunication systems
,
criminals studied the signaling tones and control methods used
by phone networks and tried to imitate them so that the system treated the attacker like a
legitimate operator or switching device
.[
web
:36]
Typical actions in phone phreaking include making free long
-
distance or international calls
,
abusing company PBX systems for personal calls
,
and breaking into voicemail and other
telecom services
.[
web
:36][
web
:39][
web
:45]
Modern phreaking focuses more on digital systems
such as PBX and VoIP
,
where attackers may exploit con
guration weaknesses
,
default
passwo rds
,
or signaling
aws to route calls at the victim
'
s expense
.[
web
:38][
web
:41]
From a forensic point of view
,
important evidence includes call detail records
,
PBX logs
,
VoIP
server logs
,
billing records
,
access logs for voicemail and admin panels
,
and IP
-
level logs that
show unusual routing or high
-
volume unauthorized calls
.[
web
:38]
Call tampering means interfering with the normal operation of a phone or VoIP call so that its
path
,
quality
,
or content is changed without permission
.[
web
:38][
web
:41]
In internet
-
based
calling
,
voice is carried as data packets
,
so an attacker can delay
,
drop
,
inject
,
or redirect these
packets to disturb the conversation or to help conduct further fraud
.[
web
:38]
Examples of call tampering include injecting noise or delays so the conversation becomes
unclear
,
redirecting calls through an attacker
-
controlled system to eavesdrop or record
,
and
manipulating caller identity or routing information in telecom and VoIP fraud schemes
.
[
web
:24][
web
:38][
web
:41]
The main impacts are poor call quality
,
dropped calls
,
interception
risk
,
incorrect records of who called whom
,
and
nancial lo ss if calls are silently redirected
.
[
web
:38]
Forensic indicato rs of call tampering can include unusual SIP or VoIP logs
,
packet captures
showing abnormal delay
,
replay or redirection behavior
,
mismatched call detail records
,
and
traces of unauthorized con
guration changes on telecom or VoIP servers
.[
web
:24][
web
:38]
Crimes Involving Mobile Phones and Tools Used in
Mobile Forensics
Crimes Using Mobile Phones
Phone Phreaking
Call Tampering
pf3
pf4

Partial preview of the text

Download mobile forensics notes and more Summaries Family and Consumer Science in PDF only on Docsity!

Phone phreaking is the illegal manipulation of telephone systems to gain unauthorized access, usually to make free or unapproved calls.[web:36][web:42] In earlier telecommunication systems, criminals studied the signaling tones and control methods used by phone networks and tried to imitate them so that the system treated the attacker like a legitimate operator or switching device.[web:36] Typical actions in phone phreaking include making free long-distance or international calls, abusing company PBX systems for personal calls, and breaking into voicemail and other telecom services.[web:36][web:39][web:45] Modern phreaking focuses more on digital systems such as PBX and VoIP, where attackers may exploit conguration weaknesses, default passwords, or signaling aws to route calls at the victim's expense.[web:38][web:41] From a forensic point of view, important evidence includes call detail records, PBX logs, VoIP server logs, billing records, access logs for voicemail and admin panels, and IP-level logs that show unusual routing or high-volume unauthorized calls.[web:38] Call tampering means interfering with the normal operation of a phone or VoIP call so that its path, quality, or content is changed without permission.[web:38][web:41] In internet-based calling, voice is carried as data packets, so an attacker can delay, drop, inject, or redirect these packets to disturb the conversation or to help conduct further fraud.[web:38] Examples of call tampering include injecting noise or delays so the conversation becomes unclear, redirecting calls through an attacker-controlled system to eavesdrop or record, and manipulating caller identity or routing information in telecom and VoIP fraud schemes. [web:24][web:38][web:41] The main impacts are poor call quality, dropped calls, interception risk, incorrect records of who called whom, and nancial loss if calls are silently redirected. [web:38] Forensic indicators of call tampering can include unusual SIP or VoIP logs, packet captures showing abnormal delay, replay or redirection behavior, mismatched call detail records, and traces of unauthorized conguration changes on telecom or VoIP servers.[web:24][web:38]

Crimes Involving Mobile Phones and Tools Used in

Mobile Forensics

Crimes Using Mobile Phones

Phone Phreaking

Call Tampering

A fake hotspot, also called an evil twin, is a rogue Wi-Fi access point set up to look like a legitimate wireless network so that victims connect to it by mistake.[web:37][web:40] The attacker usually copies the network name of a genuine hotspot and may create a fake login page that closely resembles the real portal in a café, airport, college, or public space.[web:37] [web:43] Once a victim connects to the fake hotspot, the attacker can monitor network trac, capture usernames and passwords, steal personal details, inject malicious content, or launch further attacks such as man-in-the-middle or session hijacking.[web:37][web:40] The danger is that users often cannot visually distinguish a real access point from a fake one, especially in crowded or unsecured environments.[web:37][web:43] Forensically, investigators may examine the suspect's laptop or phone used as the hotspot, Wi-Fi adapter conguration, SSIDs and MAC addresses, logs from genuine access points, captured network trac, phishing web pages, and artifacts on victim devices that show connections to suspicious networks.[web:34][web:40] Wireless hacking refers to attacking wireless communication systems such as Wi-Fi to obtain unauthorized access, steal data, or disrupt network services.[web:32][web:35] In practice, an attacker scans for nearby wireless networks, identies weak or miscongured targets, and uses technical tools and methods to break in or impersonate trusted access points.[web:32] [web:35] A typical wireless attack ow involves scanning and reconnaissance, selecting a vulnerable network, performing the actual attack such as cracking weak encryption, setting up a rogue access point, or forcing clients to reconnect, then using the gained access to intercept trac, steal les, plant malware, or impersonate users.[web:32][web:35][web:37] The attacker may then try to cover tracks by deleting logs, changing device names or MAC addresses, or limiting the time of connection.[web:32] Common wireless crimes include breaking weak Wi-Fi passwords, sning unencrypted trac, creating evil twin access points, hijacking active sessions, and using public Wi-Fi to launch anonymous attacks.[web:35][web:37][web:40] Forensic evidence in such cases can include router and access point logs, DHCP and ARP tables, captured packets, unusual MAC addresses, deauthentication traces, browser artifacts, and malicious tools or scripts found on the suspect's device.[web:32][web:34][web:35]

Fake Hotspots (Evil Twin Attacks)

Wireless Hacking Walkthrough

Tools Used in Mobile Forensics

Important features include social graph analysis, timeline analysis, keyword search, media recognition, and cross-case comparison.[web:56][web:60] In forensic work, it is especially useful in complex investigations where investigators must understand relationships, movement, and behavior across multiple devices or accounts.[web:56][web:60] Magnet AXIOM is a comprehensive digital forensic platform that supports evidence analysis from mobile devices, computers, cloud services, and some vehicle and IoT sources in one case environment.[web:53][web:57] It is widely used for both cybercrime and general digital investigations.[web:57] The main purpose of AXIOM is to collect or import digital evidence, parse it into meaningful artifacts, and help investigators examine the results through timelines, searches, and visual analysis.[web:53][web:57] It can analyze calls, messages, chats, social media data, emails, browser histories, media les, and app-specic artifacts.[web:53][web:57] Important features include an artifact-rst approach, cross-source timelines, relationship views, keyword searching, hash matching, and clear reporting formats.[web:53][web:57] In practical forensic work, AXIOM is valuable because it combines evidence from many devices and platforms to show the full picture of a case.[web:53][web:57]

Magnet AXIOM