Sunday, January 5, 2014

Daily Blog #196: Sunday Funday 1/5/14

Hello Reader,
        It's Sunday Funday time again! Did you watch this weeks Forensic Lunch or read the blog this week? If you did then you've started to see some of the bigger picture that MTP and Android 3.0 and greater are bringing to bear. To make things even more interesting I ordered as a prize to give away a RiffBox mentioned in last weeks winning Sunday Funday winner. These are fun USB attached JTAG Flasher boxes that can allow you to do full physical images of many embedded systems, including many Android phone manufacturers.

The Prize:


The Rules:
  1. You must post your answer before Monday 1/6/14 2PM CST (GMT -5)
  2. The most complete answer wins
  3. You are allowed to edit your answer after posting
  4. If two answers are too similar for one to win, the one with the earlier posting time wins
  5. Be specific and be thoughtful 
  6. Anonymous entries are allowed, please email them to dcowen@g-cpartners.com
  7. In order for an anonymous winner to receive a prize they must give their name to me, but i will not release it in a blog post

The Challenge:
Your suspect was identified with a Samsung Galaxy S3 device attached to his work computer on the day of his departure. On a Windows 7 system what would you do to determine the following:
1. When the phone was first and last connected
2. What was being accessed from the phone
3. If data had been copied to the phone
4. The contents of files accessed from the phone

Good luck!