mobile forensics a path forward
TRANSCRIPT
-
8/14/2019 Mobile Forensics a Path Forward
1/24
MobileForensics:
May 28, 2009
Unclassified/FOUO
-
8/14/2019 Mobile Forensics a Path Forward
2/24
Outline Trends & challenges in mobile
forensics
that will change mobile forensics
Responses & suggestions for movingforward
Questions & comments
-
8/14/2019 Mobile Forensics a Path Forward
3/24
A Plethora of Devices
-
8/14/2019 Mobile Forensics a Path Forward
4/24
Dozens of Tools
-
8/14/2019 Mobile Forensics a Path Forward
5/24
Demand for Services Is Up
-
8/14/2019 Mobile Forensics a Path Forward
6/24
Storage Capacity is
Increasing
-
8/14/2019 Mobile Forensics a Path Forward
7/24
Increased Security+ More data stored
as plain text
- Increases in
and memory
- Easier to
implement goodsecurity
-
8/14/2019 Mobile Forensics a Path Forward
8/24
Traditional Access Methods
Becoming More Difficult
Bootloaders
Manufacturersimplementingsecurity in boot ROM
JTAG Ports
Manufacturers notconnecting JTAGpins to accessibletest pads
Chip Removal Increased use of
custom/proprietaryIC processor andmemory chips
-
8/14/2019 Mobile Forensics a Path Forward
9/24
Significant Developments
in Digital Evidence
Investigative
Based Model Non-forensic
Non-examiner
Timel ra id
Laboratory Based
Model Forensic
Highly skilled
Methodical
On-scene Live capture
Preview/triage
Low cost/COTS
Further theinvestigation
Comprehensive Static
Robust QA Program
High cost
Fair, impartial &scientific
-
8/14/2019 Mobile Forensics a Path Forward
10/24
Significant Developments
in Digital Evidence
The Perfect Storm
DNA becomes newstandard
West Virginia StatePolice Crime Lab
Houston Crime Lab Baltimore County
Circuit Court Judgerules against latentprints
FBI Madrid TrainBombing
The InnocenceProject
-
8/14/2019 Mobile Forensics a Path Forward
11/24
Significant Developments
in Digital Evidence
13 Recommendations,
including:
NIFS
law enforcement Mandatory accreditation
Mandatory certification
Licensing??
Mandatory QA
National Code of Ethics
-
8/14/2019 Mobile Forensics a Path Forward
12/24
A Path Forward Minimum Quality Assurance
Standards Leveraging off of Non-Examiners
More robust tools
Increased sharing of resources
Increased standardization for mobiledevices
Increased participation
-
8/14/2019 Mobile Forensics a Path Forward
13/24
Minimum Quality
Assurance Standards?
Write protection OR copy
Chain of custody
Known tools
Contemporaneous notes
Written report
???
-
8/14/2019 Mobile Forensics a Path Forward
14/24
Leverage off of Non-
examiners
-
8/14/2019 Mobile Forensics a Path Forward
15/24
Example: CPIK Making available
two easy to use cellphone tools tospecial agents andinvesti ators for
previewing at leasta portion of data.
Cell PhoneInvestigativeKiosks are beingset up at FBI FieldOffices and
Regional ComputerForensic
-
8/14/2019 Mobile Forensics a Path Forward
16/24
Aggressive Use of
Previews
New Zealand Police Model
80 percent reduction in submittedmatters
100 percent of resources on 20 percentof cases
-
8/14/2019 Mobile Forensics a Path Forward
17/24
-
8/14/2019 Mobile Forensics a Path Forward
18/24
Example: Increased
Sharing of ResourcesScientific Working Group on Digital Evidence
(SWGDE)
Sceintific Working Group on ImagingTechnology (SWGIT)
American Academy of Forensic Sciences
High Tech Crime Investigators Association(HTCIA)
International Association of ComputerInvestigative Specialists (IACIS)
International Association of Chiefs of Police,Sub-committees on Public Private Liaisonand Cyber Crime-Digital Evidence
Others
-
8/14/2019 Mobile Forensics a Path Forward
19/24
Example: Increased
Sharing of Resources www.cftt.nist.gov/mobile_devices.htm
-
8/14/2019 Mobile Forensics a Path Forward
20/24
Increased Standardization
of Devices
Open Mobile
Terminal Platform(OMTP)
announced MicroUSB is futurecommon connector
BONDI Initiativeaddressing the
Mobile PlatformFragmentation
Problem
-
8/14/2019 Mobile Forensics a Path Forward
21/24
Increased Participation
Get involved in the policy side not
just the technical side.
Take a osition on the NAS Re ort and
its recommendations. Take a position on PI licenses for
forensic examiners.
Write letters, e-mails, and articles.
E.g. Forensic Magazine; InternationalJournal of Digital Evidence, etc.
-
8/14/2019 Mobile Forensics a Path Forward
22/24
54 68 61 6e 6b 20 59 6f75
-
8/14/2019 Mobile Forensics a Path Forward
23/24
Thank You
-
8/14/2019 Mobile Forensics a Path Forward
24/24
Questions & Comments