par Leclef, Thomas 
Promoteur Debatty, Thibault
Co-Promoteur Croix, Alexandre
Publication Non publié, 2024-06-18
Promoteur Debatty, Thibault
Co-Promoteur Croix, Alexandre
Publication Non publié, 2024-06-18
Mémoire
| Résumé : | During military operations, the need to extract critical intelligence from mobile devices is of paramount importance. The use of this information can be made to determine if an allied soldier's phone has been infected with malware or to extract the maximum amount of information from an enemy soldier's phone. However, traditional forensics techniques are not appropriate for the dynamic and resource-constrained environment of military field. It is therefore necessary to develop an innovative solution to meet the unique challenges of the military environment. The aim of this master thesis is to provide a digital investigative solution for teams in the field. To achieve this, three main objectives are identified: rapid isolation of mobile devices, portable intrusion detection system and information discovery from a locked phone. In order to meet these objectives, it is first necessary to have a research method. This method begins with a state of the art that provides a comprehensive summary of mobile device security. Then, in order to meet the various objectives of the project, the idea is to use the content of the state of the art as a basis. In this way, it is possible to combine several existing and widely used tools to meet our objectives. In order to assess the effectiveness of this solution, simulated usage scenarios will be studied in Chapter 5 of this thesis. These scenarios are designed to simulate real situations in the field. The results of the different scenarios are discussed in Chapter 5. These findings highlight that determining whether a mobile device is free from malware is challenging if the malware only modifies the device locally without engaging with the network. In addition, some very advanced malware are very difficult to detect. However, this master thesis manages to detect most fairly basic malware despite the constraints of the military environment. As far as extracting information from locked phones is concerned, probe requests can be captured easily. In short, the vast majority of malware can be detected by our solution. As always, a category of very advanced malware cannot always be detected and will require a more in-depth analysis. Despite this, by providing a significant advantage to teams in the field, the result of this thesis is not just a piece of research but a product in its own right. |
