mobile forensics a path forward

8/14/2019 Mobile Forensics a Path Forward

1/24

MobileForensics:

May 28, 2009

Unclassified/FOUO


2/24

Outline Trends & challenges in mobile

forensics

that will change mobile forensics

Responses & suggestions for movingforward

Questions & comments


3/24

A Plethora of Devices


4/24

Dozens of Tools


5/24

Demand for Services Is Up


6/24

Storage Capacity is

Increasing


7/24

Increased Security+ More data stored

as plain text

- Increases in

and memory

- Easier to

implement goodsecurity


8/24

Traditional Access Methods

Becoming More Difficult

Bootloaders

Manufacturersimplementingsecurity in boot ROM

JTAG Ports

Manufacturers notconnecting JTAGpins to accessibletest pads

Chip Removal Increased use of

custom/proprietaryIC processor andmemory chips


9/24

Significant Developments

in Digital Evidence

Investigative

Based Model Non-forensic

Non-examiner

Timel ra id

Laboratory Based

Model Forensic

Highly skilled

Methodical

On-scene Live capture

Preview/triage

Low cost/COTS

Further theinvestigation

Comprehensive Static

Robust QA Program

High cost

Fair, impartial &scientific


10/24


in Digital Evidence

The Perfect Storm

DNA becomes newstandard

West Virginia StatePolice Crime Lab

Houston Crime Lab Baltimore County

Circuit Court Judgerules against latentprints

FBI Madrid TrainBombing

The InnocenceProject


11/24


in Digital Evidence

13 Recommendations,

including:

NIFS

law enforcement Mandatory accreditation

Mandatory certification

Licensing??

Mandatory QA

National Code of Ethics


12/24

A Path Forward Minimum Quality Assurance

Standards Leveraging off of Non-Examiners

More robust tools

Increased sharing of resources

Increased standardization for mobiledevices

Increased participation


13/24

Minimum Quality

Assurance Standards?

Write protection OR copy

Chain of custody

Known tools

Contemporaneous notes

Written report

???


14/24

Leverage off of Non-

examiners


15/24

Example: CPIK Making available

two easy to use cellphone tools tospecial agents andinvesti ators for

previewing at leasta portion of data.

Cell PhoneInvestigativeKiosks are beingset up at FBI FieldOffices and

Regional ComputerForensic


16/24

Aggressive Use of

Previews

New Zealand Police Model

80 percent reduction in submittedmatters

100 percent of resources on 20 percentof cases


17/24


18/24

Example: Increased

Sharing of ResourcesScientific Working Group on Digital Evidence

(SWGDE)

Sceintific Working Group on ImagingTechnology (SWGIT)

American Academy of Forensic Sciences

High Tech Crime Investigators Association(HTCIA)

International Association of ComputerInvestigative Specialists (IACIS)

International Association of Chiefs of Police,Sub-committees on Public Private Liaisonand Cyber Crime-Digital Evidence

Others


19/24

Example: Increased

Sharing of Resources www.cftt.nist.gov/mobile_devices.htm


20/24

Increased Standardization

of Devices

Open Mobile

Terminal Platform(OMTP)

announced MicroUSB is futurecommon connector

BONDI Initiativeaddressing the

Mobile PlatformFragmentation

Problem


21/24

Increased Participation

Get involved in the policy side not

just the technical side.

Take a osition on the NAS Re ort and

its recommendations. Take a position on PI licenses for

forensic examiners.

Write letters, e-mails, and articles.

E.g. Forensic Magazine; InternationalJournal of Digital Evidence, etc.


22/24

54 68 61 6e 6b 20 59 6f75


23/24

Thank You


24/24

Questions & Comments

mobile forensics a path forward

Documents