Presentation is loading. Please wait.

Presentation is loading. Please wait.

Obstacles & Opportunities in Mobile Forensic Collections October 2, 2014 Evidence Collection in the Mobile Age.

Similar presentations


Presentation on theme: "Obstacles & Opportunities in Mobile Forensic Collections October 2, 2014 Evidence Collection in the Mobile Age."— Presentation transcript:

1 Obstacles & Opportunities in Mobile Forensic Collections October 2, 2014 Evidence Collection in the Mobile Age

2 Trend: Mobile Device Ownership is Rising © Elysium Digital 2014 2 Source: Pew Research Center (Internet & American Life Project)

3 Trend: Increasing Use of Smartphones © Elysium Digital 2014 3 Source: Pew Research Center (Internet & American Life Project)

4 Trend: BYOD Popularity Increasing © Elysium Digital 2014 4 Bring Your Own Device (BYOD) Support Source: Good Technology Corporation. Good Technology’s 2 nd Annual State of BYOD Report. (n=100)

5 Mobile: It is the Wild, Wild West of Tech © Elysium Digital 2014 5 Similar to early PC landscape –More Devices –More Varieties –More Connectivity –More Users Results in –Lack of Standards –Unsettled Marketplace Image sources: www.securitypronews.com, www.gospotcheck.com

6 Types of Devices © Elysium Digital 2014 6 Cellphones Smartphones Tablets

7 Agenda © Elysium Digital 2014 7 Traditional Computer Forensics Mobile Collections Obstacles Mobile Collections Opportunities Other Issues Quick Takeaways

8 © Elysium Digital 2014 8 Traditional Computer Forensics

9 Traditional Computer Forensics: Non-volatile Storage © Elysium Digital 2014 9 Disk Drive & Solid State Drive (SSD) –“File” Abstraction –Blocks under the abstraction

10 Traditional Computer Forensics: Files © Elysium Digital 2014 10 Files File-level operations Internal metadata

11 Traditional Computer Forensics: Filesystems © Elysium Digital 2014 11 Filesystem –Organizational system –Implemented in both storage structure & process –Examples: FAT, inodes Filesystem metadata –Creation time –Modification time –Access time

12 Traditional Computer Forensics: “Hidden” Data © Elysium Digital 2014 12 Block Reuse Principles –Conserve cycles –Conserve I/O traffic Breaking through the Abstraction –File slack –Deleted files

13 © Elysium Digital 2014 13 Mobile Forensics: Obstacles

14 © Elysium Digital 2014 14 Designed for Loss / Theft Modified by Carriers Analysis software is less mature Deleted data & metadata Truncated email

15 © Elysium Digital 2014 15 Mobile Forensics: Opportunities

16 Mobile Evidence Collection: Opportunities (1/3) © Elysium Digital 2014 16 Opportunities from Common Practices –Devices not centrally managed –Data policies not implemented –Data remains on old devices –Data is maintained in backups

17 Mobile Evidence Collection: Opportunities (2/3) © Elysium Digital 2014 17 Opportunities from Types of Data –Locational data available –Network connection information available

18 Mobile Evidence Collection: Opportunities (3/3) © Elysium Digital 2014 18 Opportunities yielded by the process –Broadening scope of discovery –Helping to find the “digital packrat”

19 Mobile Evidence Collection: Spoliation © Elysium Digital 2014 19 Devices viewed as a private, personal accessory Spoliation 10x increase over laptops Can yield obstacles and opportunities

20 Mobile Evidence Collection: Other Issues © Elysium Digital 2014 20 Cloud backups Encrypted backups Commingled personal data

21 Mobile Evidence Collection: Quick Takeaways (1/4) © Elysium Digital 2014 21 Trends: –Mobile device usage increasing –Mobile evidence issues multiplying –Mobile evidence collection increasingly complex Source: Pew Research Center (Internet & American Life Project) Source: Good Technology Corp. 2 nd Annual State of BYOD Report. (n=100)

22 Mobile Evidence Collection: Quick Takeaways (2/4) © Elysium Digital 2014 22 Checklist: Collecting a Smartphone –Get the smartphone –Get it fast –Turn on airplane mode ASAP –Obtain charging device –Keep battery charged –Obtain password / unlock code –If Blackberry, have company/owner unlock it –Send device & charger to mobile forensics expert

23 Mobile Evidence Collection: Quick Takeaways (3/4) © Elysium Digital 2014 23 Secure Confidential & Proprietary Data –Strong & enforced IT policy –Password protection or encryption –Watermarks, print banners, or hidden identifiers –Usage restrictions (print, copy, etc.)

24 Mobile Evidence Collection: Quick Takeaways (4/4) © Elysium Digital 2014 24 Geographic information not limited to Carriers –XIF data records geographic location of pictures –Pictures themselves can document location –Network connections are tracked and can be mapped back to geographic locations

25 © Elysium Digital 2014 25 Q&A / Discussion Have a matter involving mobile evidence collection? Ask. Didn’t understand that? Ask. Want more info? Ask. Christian Hicks President, Elysium Digital cbhicks@elys.com 617-621-3100 x100


Download ppt "Obstacles & Opportunities in Mobile Forensic Collections October 2, 2014 Evidence Collection in the Mobile Age."

Similar presentations


Ads by Google