Presentation is loading. Please wait.

Presentation is loading. Please wait.

Obstacles & Opportunities in Mobile Forensic Collections October 2, 2014 Evidence Collection in the Mobile Age.

Published byWalter Owen Modified over 9 years ago

Similar presentations

Presentation on theme: "Obstacles & Opportunities in Mobile Forensic Collections October 2, 2014 Evidence Collection in the Mobile Age."— Presentation transcript:

1 Obstacles & Opportunities in Mobile Forensic Collections October 2, 2014 Evidence Collection in the Mobile Age

2 Trend: Mobile Device Ownership is Rising © Elysium Digital 2014 2 Source: Pew Research Center (Internet & American Life Project)

3 Trend: Increasing Use of Smartphones © Elysium Digital 2014 3 Source: Pew Research Center (Internet & American Life Project)

4 Trend: BYOD Popularity Increasing © Elysium Digital 2014 4 Bring Your Own Device (BYOD) Support Source: Good Technology Corporation. Good Technology’s 2 nd Annual State of BYOD Report. (n=100)

5 Mobile: It is the Wild, Wild West of Tech © Elysium Digital 2014 5 Similar to early PC landscape –More Devices –More Varieties –More Connectivity –More Users Results in –Lack of Standards –Unsettled Marketplace Image sources: www.securitypronews.com, www.gospotcheck.com

6 Types of Devices © Elysium Digital 2014 6 Cellphones Smartphones Tablets

7 Agenda © Elysium Digital 2014 7 Traditional Computer Forensics Mobile Collections Obstacles Mobile Collections Opportunities Other Issues Quick Takeaways

8 © Elysium Digital 2014 8 Traditional Computer Forensics

9 Traditional Computer Forensics: Non-volatile Storage © Elysium Digital 2014 9 Disk Drive & Solid State Drive (SSD) –“File” Abstraction –Blocks under the abstraction

10 Traditional Computer Forensics: Files © Elysium Digital 2014 10 Files File-level operations Internal metadata

11 Traditional Computer Forensics: Filesystems © Elysium Digital 2014 11 Filesystem –Organizational system –Implemented in both storage structure & process –Examples: FAT, inodes Filesystem metadata –Creation time –Modification time –Access time

12 Traditional Computer Forensics: “Hidden” Data © Elysium Digital 2014 12 Block Reuse Principles –Conserve cycles –Conserve I/O traffic Breaking through the Abstraction –File slack –Deleted files

13 © Elysium Digital 2014 13 Mobile Forensics: Obstacles

14 © Elysium Digital 2014 14 Designed for Loss / Theft Modified by Carriers Analysis software is less mature Deleted data & metadata Truncated email

15 © Elysium Digital 2014 15 Mobile Forensics: Opportunities

16 Mobile Evidence Collection: Opportunities (1/3) © Elysium Digital 2014 16 Opportunities from Common Practices –Devices not centrally managed –Data policies not implemented –Data remains on old devices –Data is maintained in backups

17 Mobile Evidence Collection: Opportunities (2/3) © Elysium Digital 2014 17 Opportunities from Types of Data –Locational data available –Network connection information available

18 Mobile Evidence Collection: Opportunities (3/3) © Elysium Digital 2014 18 Opportunities yielded by the process –Broadening scope of discovery –Helping to find the “digital packrat”

19 Mobile Evidence Collection: Spoliation © Elysium Digital 2014 19 Devices viewed as a private, personal accessory Spoliation 10x increase over laptops Can yield obstacles and opportunities

20 Mobile Evidence Collection: Other Issues © Elysium Digital 2014 20 Cloud backups Encrypted backups Commingled personal data

21 Mobile Evidence Collection: Quick Takeaways (1/4) © Elysium Digital 2014 21 Trends: –Mobile device usage increasing –Mobile evidence issues multiplying –Mobile evidence collection increasingly complex Source: Pew Research Center (Internet & American Life Project) Source: Good Technology Corp. 2 nd Annual State of BYOD Report. (n=100)

22 Mobile Evidence Collection: Quick Takeaways (2/4) © Elysium Digital 2014 22 Checklist: Collecting a Smartphone –Get the smartphone –Get it fast –Turn on airplane mode ASAP –Obtain charging device –Keep battery charged –Obtain password / unlock code –If Blackberry, have company/owner unlock it –Send device & charger to mobile forensics expert

23 Mobile Evidence Collection: Quick Takeaways (3/4) © Elysium Digital 2014 23 Secure Confidential & Proprietary Data –Strong & enforced IT policy –Password protection or encryption –Watermarks, print banners, or hidden identifiers –Usage restrictions (print, copy, etc.)

24 Mobile Evidence Collection: Quick Takeaways (4/4) © Elysium Digital 2014 24 Geographic information not limited to Carriers –XIF data records geographic location of pictures –Pictures themselves can document location –Network connections are tracked and can be mapped back to geographic locations

25 © Elysium Digital 2014 25 Q&A / Discussion Have a matter involving mobile evidence collection? Ask. Didn’t understand that? Ask. Want more info? Ask. Christian Hicks President, Elysium Digital cbhicks@elys.com 617-621-3100 x100

Download ppt "Obstacles & Opportunities in Mobile Forensic Collections October 2, 2014 Evidence Collection in the Mobile Age."

Similar presentations

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
 What Is Desktop Virtualization?  How Does Application Virtualization Help?  How does V3 Systems help?  Getting Started AGENDA.

 What Is Desktop Virtualization?  How Does Application Virtualization Help?  How does V3 Systems help?  Getting Started AGENDA.
© 2009 VMware Inc. All rights reserved VMware Horizon Mobile Intro - NetHope Deepak Puri Director Mobile Business Development +1 (415) 606-4416

© 2009 VMware Inc. All rights reserved VMware Horizon Mobile Intro - NetHope Deepak Puri Director Mobile Business Development +1 (415)
Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.

Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
Data Storage and Security Best Practices for storing and securing your data The goal of data storage is to ensure that your research data are in a safe.

Data Storage and Security Best Practices for storing and securing your data The goal of data storage is to ensure that your research data are in a safe.
Effective Discovery Techniques In Computer Crime Cases.

Effective Discovery Techniques In Computer Crime Cases.
Computer Forensics By: Stephanie DeRoche Benjamin K. Ertley.

Computer Forensics By: Stephanie DeRoche Benjamin K. Ertley.
© 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. Emerging Risks in a Mobile.

© 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. Emerging Risks in a Mobile.
An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.

An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.
File System Interface CSCI 444/544 Operating Systems Fall 2008.

File System Interface CSCI 444/544 Operating Systems Fall 2008.
Page 1 of 29 Net-Scale Technologies, Inc. Network Based Personal Information and Messaging Services Urs Muller Beat Flepp

Page 1 of 29 Net-Scale Technologies, Inc. Network Based Personal Information and Messaging Services Urs Muller Beat Flepp
Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,

Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
Silberschatz, Galvin and Gagne  2002 3.1 Operating System Concepts Common System Components Process Management Main Memory Management File Management.

Silberschatz, Galvin and Gagne  Operating System Concepts Common System Components Process Management Main Memory Management File Management.
SAM for Mobile Device Management Presenter Name. of employees spend at least some portion of their time working outside their office. Mobility is the.

SAM for Mobile Device Management Presenter Name. of employees spend at least some portion of their time working outside their office. Mobility is the.
Complete Data Protection from [INSERT SOFTWARE NAME] Insert logo.

Complete Data Protection from [INSERT SOFTWARE NAME] Insert logo.
Managing BYOD Legal IT’s Next Great Challenge. Agenda  The BYOD Trend – benefits and risks  Best practices for managing mobile device usage  Overview.

Managing BYOD Legal IT’s Next Great Challenge. Agenda  The BYOD Trend – benefits and risks  Best practices for managing mobile device usage  Overview.
C AMBRIDGE N ATIONALS - BP2 How Information and data can be stored on portable devices.

C AMBRIDGE N ATIONALS - BP2 How Information and data can be stored on portable devices.

Similar presentations

Ads by Google