DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

LABORATORY RECORD BOOK

B.E. DEGREE PRACTICAL EXAMINATION

Name : ……………………….……………………………………..

Reg. No. : ……………………………..…………………………….……………

Branch :

………………………………….………………….………. Semester/Year :

……………………………………………………….…..… Subject code/Subject

: …………………………………………………………........
 DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

B.E. DEGREE PRACTICAL EXAMINATION

BONAFIDE CERTIFICATE

This is to certify that Mr. /Ms. bearing the Register No:

have satisfactorily completed the course of practical examination of
CCS343 - DIGITAL AND MOBILE FORENSICS for SIXTH semester, B.E COMPUTER
SCIENCE AND ENGINEERING during the academic year 2023-2024.

STAFF-IN-CHARGE HEAD OF THE DEPARTMENT

Submitted for the University Practical Examination held

in……………………………..

INTERNAL EXAMINER EXTERNAL EXAMINER

 TABLE OF CONTENTS

PAG SIGNATURE
EX. DATE LIST OF EXPERIMENTS OF THE SAT
NO. E
STAFF
NO.

Installation of Sleuth Kit on Linux.

List all data blocks. Analyze
1 allocated as well as unallocated
blocks of a disk image.

2
Data extraction from call logs using
Sleuth Kit.

Data extraction from SMS and

3 contacts using Sleuth Kit.

Install Mobile Verification Toolkit

or MVT and decrypt encrypted iOS
4
backups.

Process and parse records from the

5 iOS system.

Extract installed applications from

6 Android devices.

Extract diagnostic information from

Android devices through the adb
7
protocol.

Generate a unified chronological

8 timeline of extracted records.
 Exp. No.: 01 Installation of Sleuth Kit on Linux. List all data blocks.
Analyze allocated as well as unallocated blocks of a disk
Date: image.

Aim:
To install Sleuth Kit on Linux and List all data blocks. Analyze allocated as
well as unallocated blocks of a disk image.

Procedure:

1. Install Sleuth Kit using the sudo apt command.

2. Create disk image.

(a) Use the command lsblk to list all the disk blocks.
 (b) Run the following command to create the disk image:
$ sudo dd if=/dev/sdb of=diskimage.dd bs=4M

3. Get image information - img_stat

4. List all data blocks (Allocated and Unallocated) - mmls

5. Analyze an allocated partition - fsstat and -fls.

(a) File system information of the partition
(b) Looking into the file system (Files and directories inside it)

(c) Looking into a directory inside the partition.

(d) Expand all the directories inside the partition.

 6. Analyzing an unallocated partition

7. Recover the files in the image file.

8. Check for the recovered files using ls command.

Result:
Thus Installation of Sleuth Kit on Linux. List all data blocks. Analyze
allocated as well as unallocated blocks of a disk image is successfully executed.
 Exp. No.: 02
Data extraction from call logs using Sleuth Kit
Date:

Aim:
To extract data from call logs using Sleuth Kit.

Procedure:
1. Open Sleuth Kit Autopsy tool and create a new case.

2. Create the case and select the base directory.

3. Enter the required details like Case number, Name, Phone and Email.

4. Click on ‘Finish’ and the case will be created.

5. Select the Host and Disk Image VM File.

6. Choose the location where the disk image of the phone is stored.
7. Choose the required modules like Directories, Files, Applications, Unallocated
Space, etc.
8. Select data artifacts.

9. Select ‘Phone’ to view all phone numbers.

10. Select ‘Save table as CSV’.

11. View the CSV File And view the calls and messages.

Result:
Thus the data extraction from call logs using Sleuth Kit is executed successfully.
 Exp. No.: 03
Data extraction from SMS and contacts using Sleuth Kit
Date:

Aim:
To extract data from sms and contacts using Sleuth Kit.

Procedure:
1. Open the terminal and open Autopsy tool.

2. Open the link as Local Host.

3. Choose the image file And enter the directory location.

4. Analyze the image file.

5. List the directory.

6. Export the SMS DB.

7. Use SQL Lite to open the database.

8. Export the SMS DB as CSV file.

Result:
Thus the data extraction from SMS and contacts using Sleuth Kit is
executed successfully.
 Exp. No.: 04 Install Mobile Verification Toolkit or MVT and decrypt
encrypted iOS backups
Date:

Aim:
To install Mobile Verification Toolkit or MVT and decrypt encrypted iOS backups.

Procedure:

1. First install some basic dependencies that will be necessary to build all required tools.

2. Add this to .bashrc or .zshrc file in order to add locally installed PyPI binaries to your
$PATH. Then install MVT directly from PyPI.
3. Decrypt encrypted iOS backups using mvt.

4. Check the decrypted backup.

5. Encrypted Backup.

6. Decrypted Backup.

Result:
Thus the installation of Mobile Verification Toolkit or MVT and decrypt encrypted
iOS backups were executed successfully.
 Exp. No.: 05
Process and parse records from the iOS system
Date:

Aim:
To process and parse records from the iOS system.

Procedure:

1. Identify the Data of Interest:

Determine which types of data you want to parse (e.g., messages, contacts, call
logs, etc.).

2. Choose a Parsing Tool:

Select a tool that can parse the specific data types you're interested in.
(a) SQLite Browser:
Use it for parsing SQLite database files that store various types of iOS data (e.g.,
messages, contacts).

(b) Plist Editor:

For parsing property list (plist) files that store application settings and preferences.

(c) Hex Editors:

Use it to manually inspect and extract data from binary files.

3. Parse the Data:

Use the chosen tool to parse the data from the extracted backup files.

Querying the database using SQLite:

View the plist files in XCode:

Inspecting binary data using Hex Editor:

4. Export and Analyze:
Once you have parsed the data, export it in a readable format (e.g., CSV, JSON)
for further analysis or reporting.

Result:
Thus the processing and parsing of record from the iOS system have been successfully
completed.
 Exp. No.: 06
Extract installed applications from Android devices
Date:

Aim:
To extract installed applications from Android devices.

Procedure:

1. Install ADB:
Make sure you have ADB (Android Debug Bridge) installed on your PC. You can
download it as part of the Android SDK Platform Tools from the Android
Developers website.

2. Enable USB Debugging:

On your Android device, enable USB debugging in Developer Options. Connect
your Android device to your PC using a USB cable.

3. Navigate to ADB Directory:

Navigate to the directory where ADB is installed. This is typically the platform-tools
directory inside the Android SDK installation directory.

4. Access Device via ADB:

In the Command Prompt or Terminal, verify that your device is connected and
recognized by ADB.

5. List Installed Packages with APK Paths:

To find the package name and APK path of installed applications, use the following
command:

6. Identify Package Name and APK Path:

Look through the list of packages to find the package name of the app for which you
want to extract the APK.
7. Extract APK to PC:
Use the following cofummand to extract the APK file to a directory on your PC.
Replace package_name with the actual package name of the app, and path_on_pc
with the desired directory path on your PC where you want to save the APK file

8. Verify APK Extraction:

After executing the command, ADB will pull the APK file from your Android
device to the specified directory on your PC. Check the destination directory to
verify that the APK file has been successfully extracted.

Result:
Thus the extraction of installed applications from an android device has
been successfully completed.
 Exp. No.: 07
Extract diagnostic information from Android devices through the
Date: adb protocol

Aim:
To extract diagnostic information from Android devices through the adb protocol.

Procedure:
1. Enable USB Debugging:
On your Android device, go to Settings > About phone and tap on the "Build number"
7 times to enable Developer Options. Then, go to Developer Options and enable USB
debugging.

2. Connect Device to Computer:

Connect your Android device to your computer using a USB cable.

3. Install ADB:
If you haven't already, install ADB on your computer. You can download the
Android SDK Platform Tools, which includes ADB, from the Android
Developers website: https://developer.android.com/studio/releases/platform-tools

4. Open Command Prompt or Terminal:

Open a command prompt on Windows or a terminal on macOS/Linux.

5. Verify Connection:
Enter the command adb devices to verify that your device is connected and recognized
by ADB.

6. Extract Diagnostic Information:

● Bugreport:
Use the command ‘adb bugreport’ to generate a comprehensive report
containing information about the device's state, including system logs, dumpsys
information, network status, and more.
● Dumpsys:
You can use various ‘dumpsys’ commands to get detailed information about
different system services. For example, adb shell dumpsys battery for battery
information, adb shell dumpsys meminfo for memory information, etc.
7. Save Output:
You can save the output of these commands to a file for further analysis. For example:

- adb logcat > logcat.txt to save logcat output to a file named logcat.txt.
- adb bugreport > bugreport.txt to save bugreport output to a file named bugreport.txt.

8. Analyze Data:
Once you have extracted the diagnostic information , you can analyze it for
troubleshooting purposes or to gather information about the device's state.

Result:
Thus the extraction of diagnostic information from Android devices through the adb
protocol is executed successfully and the output is verified.
 Exp. No.: 08
Generate a unified chronological timeline of extracted
Date: records

Aim:
To generate a unified chronological timeline of extracted records.

Procedure:

1. Targeted Extraction:
Use the below adb command to target specific data sources that provide timestamps:
adb logcat: Captures system logs containing timestamps.

2. Logcat:
Use the command ‘adb logcat’ to extract system logs, including debug messages from
applications and the operating system.
 Result:
Thus the unified chronological timeline of extracted records is generated successfully.