Bylock App Forensics
Further information on ByLock App Investigations
This kind of app features you can also find in apps like Eagle or WhatsApp. Many innocent people around the world use tools like Whatsapp or WeChat. Their intention is not to take control of the world. They just want to converse with friends around the world.
Nevertheless, ByLock is a different level of severity. Terrorist attacks, coups and criminal acitivities have been directed via ByLock. This fact makes it for security services in different countries a particular object of interest. The diversity of people voluntarily trying to gain fame by claiming they developed ByLock on there own are varied. Some of these pleople are sick and putting innocent people at risk by telling untrue stories to increase their exitement of being in the focus of the press.
What can ACATO offer with App Forensic Investigations?
When a person is accused of having used ByLock although he has never used such app, our forensic laboratory can investigate the persons devices. This is only possible by providing all the digital devices of a person. Hiding a device from our laboratory can result in a report not gaining the full strength. We expect proof of ownership so that we can reduce the risk that devices are handed over that never belonged to the accused.
Our investigations are conducted on an hourly rate and work is always done on a rolling budget. This is due to the fact that often at the beginning client and lab do not have all the necessary information available and sometimes devices or issues arise that were not known before starting the investigation.
In some cases it is the task to actually find traces of an application that was used and uninstalled to prove the guilt of an individual. This usually is then taken further as the communication threads are analyze to find operatives that are giving orders to the arrested suspect.
Criminal investigations relating to ByLock App
Modern chat applications are becoming a command and conquer tool for thieves, break-ins and terrorists. The choice of protected chat platforms is wide. From research and human think paths it is a known fact that people do not tend to move from one app to another all at once. Some people just keep to one app, even if in the press privacy and security level of an app is shown to be a potential risk. People often ignore it as they can not be bothered to change.
This is where criminal investigations into the usage of such apps like ByLock show that a suspect can still use an app that has no updates since 2014. This is the same situation with organisations in different countries who reliy on a locally developed tool as they do not trust apps like Whatsapp and Facebook messenger as they were developed within the USA. Hence, privacy sensative people believe that tools from other countries are safer. Even tools like Threema are not 100% safe.
Regarding the task to find criminals or operatives this can mislead security services by relying only on user names that were selected by people who definately are not going to use their real names. Hence, identification of humans needs to use a totally different approach. The NSA has shown how its meta data can amass knowledge that linked up will shop an individual. The key to success is linking up a variety of small data snippets and letting a profiling tool process it. This eventually delivers accurate data. This is the same concept behind our profiling tool AOC which can identify a person from a list of non person related information.
The trend in app profiling can be related also to other wide ranged investigations that have access to a large data source.
Examination Reports and Capability Reports
The examination of a device is usually used to prove whether a device was used for criminal acitvitis in connection with the bylock app. This may also require to evaluate and research whether the device was capable to be used with any of the bylock versions (i.e. iOS, android, ... ).
In some cases our experts can help to clarify whether a device would have been technically adjusted to bridge platforms using emulators or other tweeking tools, Emulators can simulate an environment even though the hardware is actually running on a non compatible plattform.
These capability reports can be very research intensive as some cases have the problem that a device is not accessable to the laboratory due to the device having been severly damaged (e.g. burnt in house fire, run over by tank, smashed). In accordance with forensic standards the authentizied report can help reduce the backlog at court and relieve police laboratories from cases which are waisting their resources. Our central reference device database stores many details on smartphones and their chipoff characteristics (e.g. chip, epoxy, OS, plattform, pcb, ...).
Our Laboratory can deal with following devices:
- iOS Apple Devices (iPhone, iPad, iPod) and MacOS (MacBooks, iMacs)
- Android smartphones (xPeria, Note, z520) and Tablets (e.g. Galaxy Tab)
- windows Smartphones
- Blackberry devices
- Bada Mobile OS Smartphones and Tizen Tablets
- Cellphones (Nokia, Motorola, ...)
- Computers (Windows, Linux, UBunu, ...)
Important notice to avoid misinterpretation:
We do not conduct investigations on behalf of the turkish government or its authorities. We have not been requested by turkish police to supply services to them. We do not offer services to MIT or General turkish police units! We operate in compliance with the current export regulations of the EU and Germany.