Chromecast forensics Project Proposal C. Van Bockhaven, P. van Bolhuis April 11, 2014 1 Introduction Google’s Chromecast is a relatively new gadget that allows people to stream movies and other media content to an HDMI-capable device. At the time of writing, there is no known way of performing a forensic analysis on the Chromecast. 2 Research question The research question for this project is: What data can be extracted from Chromecast devices that can be used in forensic cases? In order to conclude this research question a few subquestions arise: • How does the Chromecast protect against access to the filesystem? In which cases are access to the filesystem possible? • What data can be gathered in a live environment without modifying the Chromecast in any way? • What data can be acquired with access to the NAND memory of the device? (Software/Physical) • Is access to the RAM possible? (Physical) 3 Related research No forensic methods have been published yet around the Chromecast. However, device internals are available [3]. The people from GTVHacker have published a method to replace the system image, but it doesn’t work on newer Chromecast devices [4]. Google locked down the device by blocking access to its Android OS. Its flash memory is supposedly encrypted with a per device key as well [1]. Downgrading using an OTA update is not possible because a check happens against the build.prop file build date, which is stored in the kernel’s initramfs [2]. 1 4 Scope The scope of this research project is limited to extracting information that reveals interesting details that could be used in forensic analyses. Both software and physical information extraction is in scope. 5 Approach First, normal usage patterns of the Chromecast will be researched. These patterns can indicate the way the information that is to be extracted can be used. Next the actual extraction will be attempted by trying both software and physical methods (if possible). The results will be documented and presented after the project. 6 Planning Week Week Week Week Week Week 1 2 3 4 5 Activities Research into Chromecast workings Software attack vectors Physical attack vectors Streaming KUD + overflow + documenting Report Presentation References [1] XDA - [Q] Read/Write the NAND of the Chromecast? - DeadlyFoez http://forum.xda-developers.com/showthread.php?t=2602402 [2] XDA - Idea on Rooting devices with BL newer than 12940 - ddggttff3 http://forum.xda-developers.com/showthread.php?t=2617100&page=2 [3] Google Chromecast (H2G2-42) - WikiDevi https://wikidevi.com/wiki/Google_Chromecast_(H2G2-42) [4] GTVHacker - Google Chromecast http://gtvhacker.com/index.php/Google_Chromecast 2
© Copyright 2024 ExpyDoc
