Read Chapters 9 & 10
For this assignment, you must reply to this post and address the questions below, prior to 11:59 p.m. ET on Thursday, February 18th. Continue to follow your classmates’ posts for the remainder of the week and post follow-up messages to at least two of your classmates’ posts prior to 11:59 p.m. ET on Sunday, February 21st. Your follow-up posts can add additional insight to a classmate’s opinions or can challenge their opinions. Use examples from the readings, or from your own research, to support your views, as appropriate. For your follow-up posts this week, you may wish to visit a couple of the web sites contributed by your classmates and share your opinion of these sites with the class. Be sure to read the follow-up posts to your own posts and reply to any questions or requests for clarification. You are encouraged to conduct research and use other sources to support your answers. Be sure to list your references at the end of your post. References must be in APA citation format. All posts must be a minimum of 250-300 words. All follow-up posts to your classmates must be a minimum of 150 words for each required post. Peer responses posted after 11:59 pm on Sunday evenings will not be accepted or calculated into the weekly forum grade.
Discussion Grading Rubric (100 Points)Synthesis of Concepts55Clear Citations using APA format10Writing Standards10Peer Reviews (minimum of 2) – Responses posted after the current week will not be accepted25Timeliness – 10% penalty per week for late work
1.Research the limitations to mobile forensics. (HINT: look at the new iPhone and Android). Please discuss the limitations to forensics investigators in regard to the new and old models. What will investigators need to do in order to retrieve information/evidence from the device?
Week 6 Discussion
Mobile forensics covers a wide array of products, not just mobile phones. This can make a mobile investigator’s job quite difficult at times, as there are a wide array of products to deal with. Not only this, but mobile products are actively upgraded and improved, especially in security and encryption capabilities. This can limit how much information a mobile investigator can pull from a mobile device. An article from MSAB summarizes the concept fairly well, “Extracting data from unlocked smartphones is a relatively straightforward task. But accessing locked devices can prove challenging. Manufacturers are developing password and encryption schemes that make it practically impossible for law enforcement agents to access the data” (Eichbaum, 2019). Eichbaum continues by explaining that almost as soon as a vulnerability is found, it is almost immediately patched. This means most new phone models can be tough to crack open. However, there are software and hardware tools that can assist in dumping raw data from the device, thus bypassing some security protocols (Eichbaum, 2019). This continual improvement and push to find vulnerabilities and alternative methods to accessing new phone data will ensure that law enforcement can continue to analyze seized phone data. On the other hand, some older phone models are still in use and are no longer actively updated. This means any vulnerabilities that are found may not be patched and therefore give law enforcement a way to extract information from these devices. With the use of these older devices comes the issue that less people are focusing on ways to extract data from them. Some of these phones, like feature phones, have unique ways of storing data. “In order to handle such phones, law enforcement members need proper training to ensure safe preservation of the extracted data” (Eichbaum, 2019). Overall, mobile forensic investigators will see many more limitations when compared to other digital forensic fields due to the large variety in devices and the active update capabilities that come with them.
Eichbaum, J. (2019, October 31). Five continual challenges with SMARTPHONE FORENSICS. Retrieved from https://www.msab.com/2019/09/09/five-continual-cha…
Reiber, L. (2016). Mobile forensic investigations: A guide to evidence collection, analysis, and presentation. New York, New York: McGraw-Hill Education.
Week 6 Discussion
Advancements in technology have become both beneficial and hurtful to mobile forensics. On one hand, the amount of data that can be recovered from devices now-a-days is massively more incriminating than that of old devices with less features. On the other hand, new obstacles have been created for investigators. “One of the biggest forensic challenges when it comes to the mobile platform is the fact that data can be accessed, stored, and synchronized across multiple devices. As the data is volatile and can be quickly transformed or deleted remotely, more effort is required for the preservation of this data. Mobile forensics is different from computer forensics and presents unique challenges to forensic examiners” (Mahalik & Tamma, 2016). New phones such as the new Samsung or the new iPhone are starting to use cloud storage as the primary storage location for certain files. This can be beneficial to users because they can access those files anywhere on many different devices, but for investigators it creates another layer that they have to gain access to so they can obtain the data.
Other limitations or obstacles include differences in hardware and software between devices, Mobile platform security features such as two factor authentication, and Anti-forensic technique possibilities on the devices. The differences in hardware and software makes it so investigators have to have a broad knowledge base on how to analyze all of the different hardware and software utilized in mobile technology. Two Factor Authentication can also be a burden to investigators because it creates an extra layer that investigators will have to get past. This could slow down an investigation or lead to investigators not getting the evidence all together. Lastly, “Anti-forensic techniques, such as data hiding, data obfuscation, data forgery, and secure wiping, make investigations on digital media more difficult” (Mahalik & Tamma, 2016).
In order to capture all of the evidence behind the obstacles mentioned above, investigators need to be prepared. They need to have knowledge of all of the different cloud location and how to access them in situation where they are unable to obtain the data from the mobile device. They also need to be aware of two factor authentication methods used. They will have to either gain access to the person’s authentication account or get a warrant to serve the company who handles the 2FA. Finally, they have to also be vigilant in looking for any anti-forensic techniques and preventing future issue like remote data wipe.
Mahalik, Heather & Tamma, Rohit (2016, April 25) Mobile Forensics and Its Challenges. Retrieved from https://hub.packtpub.com/mobile-forensics-and-its-…
6 attachmentsSlide 1 of 6
UNFORMATTED ATTACHMENT PREVIEW
Challenges in Mobile Phone Forensics Kyle D. Lutes Associate Professor, Mobile Computing Lab email@example.com Richard P. Mislan Assistant Professor, Cyber Forensics Lab firstname.lastname@example.org Computer & Information Technology Purdue University ABSTRACT As ubiquitous societal components, mobile (or cellular) telephones continue to become increasingly prevalent. With a shrinking footprint and a seemingly everincreasing storage capacitance, these devices can be warehouses of information about our daily lives. Just as mobile phones permeate our social fabric, they are also becoming more and more crucial as evidentiary devices in civil and criminal investigations. Thus, our law enforcement, intelligence and private investigation communities are grasping for ways to get evidence off each and every mobile device. Some tools and techniques exist for such investigative work; however, there is not yet one good solution. The various manufacturers, models, operating systems, protocols, and cables lend to a combinatorial explosion that leaves most criminal investigators grasping for a cohesive solution. During a recent project funded by a National Institute of Justice Electronic Crimes Research grant, we experienced these challenges first hand. In this paper, we summarize the issues facing both the criminal investigators hoping to recover evidence from these mobile phone devices as well as the challenges that must be overcome by the technology vendors who are working to develop automated tools to aid the investigators. Keywords: mobile phones, computer forensics, mobile forensics, pervasive computing 1. RELEVANCE Mobile phones became part of our world in the late 1990’s with the introduction of so-called “bag and brick” phones. The usage of mobile phones has since skyrocketed due to reduced cost, and with the introduction of text messaging features, which launched commercially in 1995. Several key factors that have made the mobile phone so pervasive include the introduction of the pre-paid phones from the second generation networks and the fact that there are over 243.4 million subscribers who can send and receive text messages . By June 2005, estimates of 7.2 billion text messages were exchanged in the US each month, and by 2007 the number has launched to 28.8 billion text messages per month . Other reasons for increased usage of mobile phones include custom ring tones, Internet connectivity, multimedia messaging services, music and video capabilities, games, cameras, and other features. 2. MOBILE PHONE FORENSICS As daily life and business moves at the speed of electrons through the air, most civil and criminal investigations involve some sort of digital element. As mobile phones become so ubiquitous and play such a large societal role , there is a high probability that these same devices will be part of those investigations. There are four ways in which a mobile phone can be tied to crime: It can be used as a communication tool in the process of committing a crime. It can be a storage device providing evidence of a crime. It can contain victim information. It can be a means of committing a crime. Today’s criminal investigators must be familiar with mobile phones and understand the intricacies of mobile phone forensics. In other words, acquiring and analyzing the data on the device, attached SIM cards, and inclusive memory cards. These procedures are well documented and should be adhered to in the forensics acquisition and analysis of mobile phone data [1, 2, 3, 4, 5, 10, 11, 12, 18]. However documented, it is well known that there is currently no one examination facilitation tool (hardware or software) that is universally used or recommended to remove the data from each and every mobile phone . Mobile phones can yield an abundance of information. The most obvious kinds of data that can be retrieved from a phone are call logs, contact lists, and text messages. However, in an investigation, other features of a modern mobile phone, such as ring tones, T9 dictionaries, canned responses, video files, still image files, calendar events, miscellaneous documents and data files, and location information can also provide valuable clues. Given the variety of types of information available, it is imperative to examine every single one with utmost precision, especially since it is entirely possible, with the use of specialized tools, to often recover deleted information. 3. CURRENT CHALLENGES Knowing the importance of the forensics of mobile phone devices, it is essential to understand the current known challenges facing investigators. Using funding from the National Institute of Justice Electronic Crimes Research grant, a survey of the current mobile phone landscape produced six general categories of challenges: 1) carriers and manufacturers, 2) data preservation, 3) power and data connectors, 4) operating systems and communication protocols, 5) security mechanisms, and 6) unique data formats. The following is a realization of these challenges. Carriers and Manufacturers In an investigation of a mobile phone, the first action must be the identification of the phone. Given that there are multiple network carriers (at least seventeen in the US alone) and device manufacturers (over thirty in the US), identifying a phone by sight alone is extremely difficult even for trained investigators . A given model from a single hardware manufacturer may be marketed using many different names from the various carriers. A good example of this is the recently popular Motorola RAZR which is marketed under at least 24 different product names. It is not until an investigator removes the device’s battery that the true hardware model can be determined, but removing batteries can cause the phone to lose the information stored in volatile memory, or even worse, force a handset lock code on power up. Data Preservation For a mobile phone investigation, it is important to prevent the device from receiving any further data or voice communication. As text messages are stored in a “First In, First Out” order, any new incoming text messages could delete older stored text messages. Likewise, incoming calls could erase call history logs, and some devices (such as the RIM Blackberry) can be wiped of all data remotely if not protected from incoming communications. Therefore, upon initial acquisition, these mobile phones must be placed in some sort of wireless preservation container. Multiple technologies can be used for this with various levels of success. These tools range from three layers of common aluminum foil, to a tri-weave mesh material shield of nickel, silver, and copper , to an anodized aluminum shielded enclosure made to withstand wireless devices from radio frequencies . Power and Data Connectors Another challenge facing investigators is how to preserve power to the phone. If left unplugged for a long enough period of time, a phone’s battery will eventually lose all power. Because many mobile phones store information in volatile memory, a complete loss of power may mean a loss of information, thus a loss of crucial evidence. Therefore, it is desirable to keep a phone in a charging state. Frustratingly, there currently is no standard for power requirements for mobile phones. This lack of power standards is compounded by the fact that there is also no standard for cable connectors. There are literally hundreds of different mobile phone power connectors currently in use. So even if two phones require the same voltage to remain charged, they likely will not have compatible power connectors. One group, the OMTP (Open Mobile Terminal Platform) hopes to reduce the number of connectors by recommending the micro-USB standard be adopted across the mobile industry . Even though criminal investigators, and end consumers for that matter, would benefit from such a standard, it is unlikely to happen any time soon as hardware manufacturers are constantly changing designs and will employ whichever connector type helps them achieve their design goals. Operating Systems and Communication Protocols Another challenge impeding the development of forensics tools is the various operating systems used on mobile phones. Mobile phones have evolved into fullfledged computing platforms requiring vendors to use sophisticated operating systems so that various software applications can be run on them. Several of the common operating systems in include RIM’s Blackberry, iDEN, Palm, Symbian, Windows Mobile, Macintosh OS X, and various versions of the Linux open-source operating system. Some operating systems are also proprietary to the hardware manufacturer. For example, Nokia has the ISA platform for the Series 30 and 40 phones. The challenge of having all these operating systems is knowing which protocols to use for communication between the evidentiary mobile phone and the forensic investigator’s computer. Some of the more well-known data communication protocols currently in use are AT, BREW, FBUS, IrMC, MBUS, OBEX, and SyncML [4, 13] and are highly dependent on the operating system and restrictions imposed by each carrier. Often proprietary, sometimes very cryptic, and hardly ever documented , these protocols can be used to retrieve information from a mobile phone such as its make and model, telephone number, software revisions, serial number, call logs, contacts, text messages, ring tones, videos, images, and other important pieces of data. Unfortunately, almost every phone implements a different flavor of each of these protocols, seeming never to respond to the same commands the same way. Worse still, several operating systems require the examiner to first copy program files directly to the device in order to open a communications channel so that critical evidence can be retrieved. However, the mere act of copying data to a mobile phone has the potential to erase evidence. One more note should be made about how protocols may sometimes change data. For example, in some phones, using the built-in protocols to access messages in the message store will mark the message as read even if the user has never seen the message. This necessity to access information on the phone, even if it changes the state of the phone should be seriously considered. In some cases, evidence retrieved from a phone that required changing information on the phone can not be used in a court of law . Security Mechanisms There are several security mechanisms used on mobile phones to protect data. These securing mechanisms range from manufacturer or user handset locks, to SIM card PINs and PUKs . Whichever type of security is employed, the implications differ depending on the make and model of the device. Many mobile phones have a handset lock code that is either set by the manufacturer (Motorola – 000000, Nokia – 1234), the last four digits of the current phone number, or set by the user which is even more problematic. The handset lock is normally
Do you similar assignment and would want someone to complete it for you? Click on the ORDER NOW option to get instant services at essayloop.com
Do you have a similar assignment and would want someone to complete it for you? Click on the ORDER NOW option to get instant services at essayloop.com. We assure you of a well written and plagiarism free papers delivered within your specified deadline.