Find out files transfered via Bluetooth

The case was about business secret and forensic guy did a physical acquisition from a smart phone. He‘d like to find out files relates to sensitive data by examining the image file.

A file named "top-secret.docx" draw forensic guy‘s attention. Bingo there‘s lots of classified data inside this document.

Where did this files come from? In which way? Who sent this file?  Take a look at the path and you‘ll know what‘s going on. This file was transfered via Bluetooth! All three timestamp including the creation time, accessed time and modified time are "2016/05/11 11:01:20 UTC". That means this file "top-secret.docx" was transfered to this volume on the smart phone at local time "2016/05/11 19:01:20". Also we could know the create date/time and the last person who modified this document. The "path" of a file is usually a useful hint to forensic guys.

时间: 2024-12-23 04:52:27

Find out files transfered via Bluetooth的相关文章

Analyze network packet files very carefully

As a professional forensic guy, you can not be too careful to anlyze the evidence. Especially when the case is about malware or hacker. Protect your workstation is your responsibility. You are a professional forensic examiner, so don't get infected w

How to Implement Bluetooth Low Energy (BLE) in Ice Cream Sandwich

ShareThis - By Vikas Verma Bluetooth low energy (BLE) is a feature of Bluetooth 4.0 wireless radio technology, aimed at new, principally low-power and low-latency, applications for wireless devices within a short range. As I discussed in my previous

[daily][device][bluetooth] 蓝牙怎么办!

去年地摊买的破蓝牙鼠坏掉了.看上微软的Designer Mouse蓝牙鼠,但是买之前我要确认我能不能驱起来. 这款鼠标只支持蓝牙4.0.系统支持windows8以上,不支持xp和windows7. 其他系统支持mac和android,没写linux. 由于之前也没搞过蓝牙设备,所以需要了解一下linux下的蓝牙设备.然后在解决鼠标的问题. 需要解决的问题: 1. archlinux下蓝牙设备的使用与配置 2. 确定T450的蓝牙版本. 3. 驱鼠标. 首先,按照惯例还是读一下万事万灵的archl

【分享】iTOP4412开发板-Bluetooth移植文档

最近须要把Bluetooth移植到iTOP-4412 开发平台.查阅了相关资料,经过一段时间的研究.调试,最终成功的将蓝牙功能移植到了开发板上面.这里笔者记录移植过程及注意事项,方便以后工作须要. iTOP-4412开发板的Bletooth模块与板卡之间的连接採用UART接口.Bletooth硬件模块使用的是MTK的MT6620芯片,MTK提供了Android4.0及Android4.4的driver, Porting Guid,有了这些就为我们的移植工作做了整体性的指导. 可是唯独MTK提供的

Android Bluetooth Stack: Bluedroid(五岁以下儿童):The analysis of A2DP Source

1. A2DP Introduction The Advanced Audio Distribution Profile (A2DP) defines the protocols and procedures that realize distribution of audio content of high-quality in mono or stereo on ACL channels. As indicated in the diagram of 'Protocol Model', A2

Android Bluetooth How To--Based on Android L Bluedroid

Android Bluetooth How To(Based on Android L Bluedroid) 持续更新中… 1.How to enable btsnoop log? a) UI Settings--> b)  Developer Options--> c)  reboot Tablet, then snoop log will locate in /sdcard/btsnoop_hci.log(this path can be configured in /etc/blueto

Android Bluetooth Stack: Bluedroid(五):The analysis of A2DP Source

1. A2DP Introduction The Advanced Audio Distribution Profile (A2DP) defines the protocols and procedures that realize distribution of audio content of high-quality in mono or stereo on ACL channels. As indicated in the diagram of 'Protocol Model', A2

Bluetooth in Android 4.2 and 4.3(一):综述

从Android 4.2开始,Bluetooth stack发生了重大改变:从Bluez换成了由Google和Broadcom联合开发的Bluedroid(当然,核心的部分还是Broadcom 的,Google主要是做了和上层Framework相关的部分).通过http://source.android.com/devices/bluetooth.html可以大概了解新的Bluetooth stack的架构,总的来说相关文档很少,主要靠阅读代码进行深入了解.    Bluedroid和Bluez

[quote] debugging android Bluetooth (Broadcom Bluetooth and low-power mode)

URL:  http://www.phonesdevelopers.com/1695137/ First the combination of grasping this part of the project from a whole: The Bluetooth module core file is bluetooth.c on electricity, I will call this file bt_enable () function, first call this functio