Not long ago, mobile device forensics was relatively straightforward, writes Lee Reiber, pictured, Vice President, Mobile Solutions, AccessData.
Contact lists, SMS messages and call logs were obtained and examined for evidence using specialised forensics technology. But with the blistering rate advances in mobile technology, the explosion of mobile data and devices, and all the ways in which they are used today—for working, engaging in social media, taking photos, making videos, conducting financial transactions and more—times have drastically changed. In addition, the digital world has become a breeding ground for new types of crimes, such as cyber stalking, cyber bullying, hacking and other offences. Can mobile device forensics keep up?
A survey of 1083 organisations carried out by The Ponemon Institute, discovered that 86 per cent find it difficult to investigate mobile devices, with 54 per cent reporting that that they are unable or unsure of how to locate sensitive data on mobile devices as part of an investigation.
Five challenges to mobile forensics
Law enforcement agencies and enterprises are struggling with too many devices, too many mobile apps, and too many data types. Mobile applications are updated at blinding speeds and mobile operating systems are continually refreshed. A massive amount of data is accruing on mobiles and this in increasingly being targeted by mobile malware. All these add up to five critical challenges confronting the field of mobile forensics.
1) The Increase in Mobile Devices
According to the Cisco VNI Global IP Traffic Forecast, 2012-2017
2) Changing Technology
Apple came out with seven minor updates and in March 2014 delivered a major update, iOS 7.1. Apple has since delivered two minor updates to fix a few bugs, and iOS 8 isn’t too far off. The Android OS has gone through similar rapid updates. Device investigators and examiners also have to keep up with new limited feature phones and disposable, sometimes counterfeit devices. Mobile technology is progressing at such a rapid rate; it’s difficult for mobile forensic solutions to keep up. Most forensics tools require regular updates so they can keep pace with the latest mobile technologies, but those updates frequently fall behind. Add to that the learning curve with successive updates and busy digital forensics investigators face yet another bottleneck.
3) Application usage
According to mobiThinking, analysts estimate that there could be 200 billion app downloads by 2017. Social media usage on mobile devices is exploding. Daily, there are 609 million active mobile Facebook users. On a typical day, people send out more than 500 million tweets
As a result, the number of criminal investigations involving data collected from social media applications is rising significantly.
4) Data
With the amount of digital evidence growing from gigabytes to terabytes in many cases, data visualisation and data analytics have become crucial in understanding evidence. Cisco estimates that traffic from wireless and mobile devices will exceed traffic from wired devices by 2016
Investigators need to be able to separate relevant data from the inconsequential, and then easily understand and explain the differences to themselves, colleagues, barristers and jurors. However, most mobile forensic tools on the market today are still not up to scratch in terms of parsing and displaying all the different data that might be available on a mobile device.
5) Mobile malware
Kaspersky Lab
Considering that a crime can be now be facilitated entirely by targeting a mobile device, it is imperative that law enforcement quickly adapts mobile device forensics to keep up with the constantly evolving world of mobility.
The rising tide of mobile malware is forcing forensics examiners to understand how to recognise and analyse it, alongside other digital evidence. At best, mobile malware causes delays to mobile investigations. In the worst case scenario, mobile malware can harm the integrity of digital evidence presented in a court of law, resulting in dismissal of charges or even the dismissal of the entire civil/criminal case.
Conclusion
Mobile device forensics has become an increasingly complex process, mainly because the tools available to examiners and investigators have not kept pace with mobile technology advances, the increase in mobile malware and crimes committed using mobile devices. Law enforcement agencies and enterprises are struggling with these rapid changes, all of which are threatening the efficacy of criminal and civil investigations. Investigators need a radically new approach to mobile device forensics: one that is adaptive, intuitive and capable of supporting every mobile device on the market, as well as multiple operating systems and data types. Selected mobile forensics solutions must also integrate with other digital forensics tools and address e-discovery requirements.
Digital investigators need to put a plan in place that enables them to quickly and effectively collect, identify and uncover information from mobile devices, which often yields the key data needed to crack a case.