DFRWS EU 2020 Workshop: Frida

Title: Dynamic Instrumentation for forensic research using Frida

Presenter: Or Begam, Cellebrite

Time: 14:00-17:00

GitHub: https://github.com/dfrws/dfrws2020-EU-workshops-Frida

Abstract:

Dynamic instrumentation is a method for monitoring specific components of a program, that can greatly simplify forensic research tasks involving reverse engineering. When dealing with problems related to encryption or hashing, using instrumentation can reveal the “bottom line” a researcher is looking for without the need for complex analysis of an application’s code. In this workshop, we will give an overview of how to use Frida, an easy-to-use yet very powerful open source instrumentation framework, in a mobile environment; We will demonstrate how to quickly solve mobile forensics problems like identifying the connection between attachments with hashed filenames and the database records that describe the instant messages that contains them, using a generic method of hooking hash functions in different mobile environments; And we will present a generic method for finding the passphrases to SQLCipher encrypted databases without any
knowledge of the key generation process.