Mobile Forensics
Mobile Forensics
Mobile Forensics
  • Introduction
  • Preparations
    • Knowledge
    • Safety
    • Trust
    • Backup
  • Methodology
  • Checking Windows Computers
    • Review Programs Launching at Startup
    • Review Running Processes
    • Review Network Connections
    • Extract Data for Further Analysis
  • Checking Mac Computers
    • Review Programs Launching at Startup
    • Review Running Processes
    • Review Kernel Extensions
    • Review Network Connections
    • Review XProtect Logs
    • Extract Data for Further Analysis
  • Checking Smartphones
    • Note: curriculum
    • Smartphone System Architecture
    • Check Devices Linked to Chat Applications
    • Check for Suspicious Messages
    • Monitor Network Traffic
    • Note: Monitoring Network Traffic on Linux
  • Checking Android Devices Basic
    • Review Installed Applications
    • Check Storage
    • Check if the Phone is under Android Device Policy
    • Check if the Phone is Rooted
    • Check if Developer Options is Enabled
    • Analyze Applications
    • Extract Data for Further Analysis
    • Optional : Check for Indicators of Stalkerware Installation
  • Checking Android Devices Advanced
    • Wireshark
    • MVT
    • Other Tools
  • Checking iOS Devices
    • Review iCloud Accounts
    • Review Installed Applications
    • Check for Mobile Device Management Profiles
    • Check for Shortcuts
    • Check for Jailbreaks
    • Enable and Check App Privacy Report
    • Extract Data for Further Analysis
    • Analyzing Extracted Data
    • About Lockdown Mode
  • Checking Devices Remotely
    • Mac Computers
    • Android
  • Concluding a Forensic Gathering
  • References and Further Learning
  • License and Credits
Powered by GitBook
On this page
  • Limitations of Remote Forensic
  • The Problem of Trust
  • The Problem of Needing Online Access
  • Some Information on the Process

Checking Devices Remotely

PreviousAbout Lockdown ModeNextMac Computers

Last updated 3 years ago

In this time of almost worldwide confinement, we are adding here a few steps that may help to check for potentially compromised devices remotely. It includes for now only solutions for Windows and Mac OS computers using and , as we do not have yet any satisfying solution for smartphones (any suggestion ).

Limitations of Remote Forensic

The Problem of Trust

With any remote desktop solution relying on a third party platform, there is an important question of trust. When you install such a remote desktop software, you have to know that the company developing the solution can use the software to access your computer but also can record any interaction you have through their solution. It is thus very important use a solution that you trust based on your threat model.

In this guide we use two software :

  • is a developed by TeamViewer AG, a German company based in Göppingen.

  • is developed by Google and is integrated in the Google ecosystem (which requires you to use Google accounts).

Teamviewer had several security issues in the past, the FireEye company claimed that it was breached by a . We tend to trust more Google for its security, but depending on your threat model, Teamviewer may be a better option. We are using Teamviewer for Windows here because Chrome Remote Desktop does not support well Mac OS yet (no file sharing).

The Problem of Needing Online Access

Another issue with checking devices remotely is that you need the device to have access to Internet. As , this can lead to some risks for the user. If the device is actually compromised and monitored remotely, the operators may identify that the user is receiving technical support and it may cause retaliation against the person you are trying to support.

You should make sure to address that risk before doing any remote support.

Some Information on the Process

In order to schedule the check of a device remotely, you need to exchange beforehand with the person to let them know that :

  • They will have to install a remote desktop software before

  • They will have to stay in front of the computer during the check to enter the admin password (a check often last between 30 minutes and an hour)

  • They will have to remove the remote desktop software after

Please keep in mind that is a key part of any security support, so you should make sure that the process is clear for the person you are supporting and that they consent to it.

Teamviewer
Chrome Remote Desktop
is welcome
Teamviewer
Chrome Remote Desktop
Chinese state-sponsored group in October 2019
explained before
trust