Mobile Forensics
Mobile Forensics
Mobile Forensics
  • Introduction
  • Preparations
    • Knowledge
    • Safety
    • Trust
    • Backup
  • Methodology
  • Checking Windows Computers
    • Review Programs Launching at Startup
    • Review Running Processes
    • Review Network Connections
    • Extract Data for Further Analysis
  • Checking Mac Computers
    • Review Programs Launching at Startup
    • Review Running Processes
    • Review Kernel Extensions
    • Review Network Connections
    • Review XProtect Logs
    • Extract Data for Further Analysis
  • Checking Smartphones
    • Note: curriculum
    • Smartphone System Architecture
    • Check Devices Linked to Chat Applications
    • Check for Suspicious Messages
    • Monitor Network Traffic
    • Note: Monitoring Network Traffic on Linux
  • Checking Android Devices Basic
    • Review Installed Applications
    • Check Storage
    • Check if the Phone is under Android Device Policy
    • Check if the Phone is Rooted
    • Check if Developer Options is Enabled
    • Analyze Applications
    • Extract Data for Further Analysis
    • Optional : Check for Indicators of Stalkerware Installation
  • Checking Android Devices Advanced
    • Wireshark
    • MVT
    • Other Tools
  • Checking iOS Devices
    • Review iCloud Accounts
    • Review Installed Applications
    • Check for Mobile Device Management Profiles
    • Check for Shortcuts
    • Check for Jailbreaks
    • Enable and Check App Privacy Report
    • Extract Data for Further Analysis
    • Analyzing Extracted Data
    • About Lockdown Mode
  • Checking Devices Remotely
    • Mac Computers
    • Android
  • Concluding a Forensic Gathering
  • References and Further Learning
  • License and Credits
Powered by GitBook
On this page
  • Saving messages
  • Checking links
  1. Checking Smartphones

Check for Suspicious Messages

PreviousCheck Devices Linked to Chat ApplicationsNextMonitor Network Traffic

Last updated 4 months ago

Messages containing links are a common attack vector.

A screenshot of an online translation service, showing a message in Arabic and a translation into English. The translation says 'Turkey asks the Egyptian opposition channels to stop criticizing Egypt, and Cairo comments on the move...'

Links could be sent from any instant messaging apps or SMS. There are a few kinds of malicious links:

Link target
Attacker goal
Sophistication
Mitigation

Phishing website, such as a webpage that looks like Google's login page

Trick user into entering personal data or passwords

Low

Check webpage domain names and SSL certificates

App download

Convince user to download and install the app

Low

Don't install apps outside of app stores

Webpage containing web exploits, such as XSS (Cross Site Scripting)

Steal online session cookies, or operate the currently open session

Medium

Don't click on links sent by unknown people

Webpage containing a browser exploit

Exploit browser or app vulnerability

High

Don't click on links sent by unknown people

Saving messages

  1. Copy the entire message including the link to clipboard

  2. Alternatively, save a screenshot containing the full text

Checking links

Simply Google search the link, or paste the link to sites like VirusTotal.

If you can, archive the link using the

Wayback Machine