Mobile Phone Forensics Paper
Introduction
Mobile phones and electronic devices are dispersed all over the world assisting in our everyday life. These mobile devices are occasionally involved in crime incidents and assist in building cases against cyber criminals. Mobile phones have various challenges when attempting to extract data from them and limitations that could hinder an investigation. This paper will identify some of these limitations and challenges that cyber forensic teams have when conducting analysis on these devices.
Flash Memory Processes Flash drives are a common type of drive found in mobile devices and are different from common memory processes. Flash drives only have a limited number of memories and can they are rewritten
…show more content…
These devices have several hard pieces of evidence that can be extracted such as subscriber Identity Module (SIM), memory cards, and internal/external memory. A lot of these items need to be carefully analyzed for data contacts or text messages. When data is deleted from a memory cards it needs to accessed directly so that it can gain access to those deleted files. Other evidence can be found from external sources such as call data records. However, inside the sim a location area identity (LAI) or Integrated Circuit Card Identifier (ICCID) can be found. If the phone can be opened the contacts could serve as a list of possible suspects to the individual in question. Images if stored on the phone could hold incriminating evidence as well as web browser history or emails. This information takes time to analyze because manufactures lack standardization of this type of data storing. Cyber forensic teams consistently need new tools and methods to analyze mobile phones at a pace that technology keeps coming out with new …show more content…
As discussed previously, technology has developed various makes and models of mobile devices and is a challenge to overcome the obstacle of obtaining data from these different devices. However; obtaining the critical information from these devices can be extremely beneficial to law enforcement. Mobile device extraction has many different methods and some are more reliable, expensive, technical or may require more time. In addition, to extracting this data having an informational security policy within your Cyber forensic is critical in the safe guarding of electronic data. Despite the limitations and challenges of these mobile devices they are still considered one of the most critical pieces of evidences when at a crime scene and should be carefully
Forensics investigations that require the analyzation and processing of digital evidence can be influenced both positively and negatively by a number of outside sources. In this paper, we will explore how physical security plays a role in forensics investigations activities. We will start by examining how physical and environmental security might impact the forensics investigation process. Next, we will discuss the role that physical and logical security zones play in supporting effective forensics activities. We will illustrate how centralized and decentralized physical and environmental security affects the forensics professional’s approach toward the investigation. Lastly, we will evaluate some potential areas of risk related to the physical security of our case study organization, Widget Factory, identified in Attachment 1.
Digital Forensic is the process of uncovering and interpreting electronic data that can be used in a court of law. It requires a set of standards to show how the information that is gathered, preserve, and analyzed is strictly followed. The analysts need to understand the evolution of the current technology and how it will impact how they gather their information. The investigator is able to uncover evidence and analyze it to gain the understanding of the motives, crime, and the criminal’s identity to help solve the crime. As computers and technology continue to become a part of our everyday lives, the cyber realm contains a growing realm for evince in all types of criminal investigations (Cummings, 2008) Digital forensics is a way to connect information security and law enforcement. It ensures that the digital evidence is collected in a way that it can make it into the courts in an unhampered or uncontaminated way (Dlamini, M., Eloff, J. & Eloff, M., 2009).
Evidence essentially comes in two forms: verbal or physical. For instance, verbal evidence could be spoken evidence acquired from a wiretap. Physical evidence could include DNA, blood, or bodily samples. Another reliable origin evidence is digital documentation. “As technology has become more portable and powerful, greater amounts of information are created, stored, and accessed” (GEDJ). Over the past few decades, technology has advanced to extreme levels! The most common technology used to find digital evidence are cell phones, computers, tablets, external storage devices, GPS locators, and various other devices (GEDJ). Text messages, social media posts, pictures, etc. are becoming more common data in investigations of the modern era. “Digital evidence can come from both suspects and victims, as all involved parties may have their own personal devices that are relevant to the investigation” (GEDJ). If they are available, computers, phones, social media and much more are very useful sources of gathering data for a criminal case. For instance, both the suspect and the victim may have text messages on their cell phones that could add to the search. “In some criminal cases, digital evidence can be useful if the suspect had associated with it. In some cases it can lead in the wrong direction or to the wrong people. Or it could simply be useless if the suspect didn 't use anything digital”
In order for computer forensics findings to be admissible in a court of law, the tools and methods used to collect such data must ensure its integrity. According to Marie-Helen Maras (2012), “As with other forms of evidence, the original captured network traffic data must be kept intact. An investigator must ensure that any programs that are run to obtain evidence do not modify data on the system” (p.286). The National Institute of Standards and Technology (NIST) maintains the Computer Forensics Tool Testing (CFTT) program to help investigators choose the appropriate tools for this purpose.
Senator Charles Schumer (D-New York) first introduced the Mobile Device Theft Deterrence Act of 2012 (S. 3186). This was the first attempt to address phone crimes on a national scale. Due to the previous failure in 2012, the Mobile Device Theft Deterrence Act was re-introduced by Senator Schumer in 2013. It targeted to criminalize tampering with mobile device identification number as a means to halt the black market for stolen cell phones. There is a unique International Mobile Equipment Identity (IMEI) number in every smartphone. This number enables local carriers to block operating device’s network and puts it on blacklist. This bill also sought to impose a 5-year criminal penalty for the alternation of IMEI number. Other than these, there were joint efforts between cell carriers and FCC to create Stolen Cell Phone Registry by November 30, 2012 . This registry would store a list of stolen phones’ International Mobile Equipment Identity (IMEI) number. However, this database only worked if thieves didn’t tamper cell phone ID number. In fact, there are many loopholes for thieves to get around with such registry. When cellphones are reported stolen, most phone carriers in United States only deactivate the SIM card by prohibiting access to information stored in the SIM card. This blocks the device from using the existing data on the phone. Yet, SIM card can be easily removed and replaced. Stolen cell phones can be sold in black market even if it is blocked. Therefore, there are a lot more to be done to protect public safety and smartphone crimes.
Solomon, M. G., Rudolph, K., Tittel, E., Broom, N., & Barrett, D. (2011). Computer Forensics Jumpstart (2nd ed.). Indianapolis, IN: Wiley Publishing Inc..
Abstract This paper discusses several implementations of modern technology in criminal investigations, and the ethical issues that accompany these techniques, focusing on the tradeoff between security and privacy. Specific topics include centralization of information, telecommunications, and general technology. Cases are cited for each topic, as well as a discussion of the ethical issues involved.
A court is not likely to find that Faneuil Hall was negligent for failing to remove a banana peel that was lying on the floor of its market in which Sandy slipped on. Not only could the banana peel have been dropped by another customer after the custodians had already swept the floors of the business, but also, because Sandy arrived to Faneuil Hall several hours after the business had closed and when no Faneuil Hall employees were present, no employees could have seen and therefore been provided with an opportunity to remove the banana peel. A defendant may generally be held liable for negligence if someone on their premise slips on a banana peel that, based on a judgment of its appearance and condition, was on the floor for a considerable period of time such that an employee of the defendant should have reasonably been able to discover and subsequently remove it, or if in the exercise of due care, an employee should have seen it. See generally Anjou v. Boston
A structured standardized approach to any evidence collection is going to be the best course of action. Any well-training computer forensic technicians should not jump into a search without some kind approved policy procedure which will include a checklist or standard operating procedure that will methodically guide them throughout the examination procedure. The cyber forensics should not be taken lightly and it starts with its collection methods.
The use of computers in homes, schools, offices, and other places has increased in the past few years due to technological developments. As computers have become important components of modern communication, their increased use has also led to the emergence of computer crimes. Computer crimes basically involve the use of a computer system to carry out an illegal activity. In attempts to lessen the frequency and impact of computer crimes, law enforcement agencies use computer forensic to investigate these offenses. Actually, computer crimes are governed by specific laws and dealt with through conducting a computer forensic investigation (Easttom & Taylor, 2011, p.337). Notably, a computer forensic investigation is usually carried out through the use of computer forensic tools, which help in collection of evidence based on the specific offense.
In our modern society, computers and other digital devices are becoming ubiquitous. In the late 1970’s the number of crimes that involved digital devices and computers has been increasing rapidly. As a result of that, computer experts specified the need for permanently improving digital forensic tools and practices.
Mobile devices are being exposed to a record number of security threats with potentially alarming statistics indicating a 400 percent increase in Android malware for example, while Wi-Fi connections are also being increasingly targeted. While the conventional desktop PC will still continue to serve important functions at both consumer and professional levels, there is an expectation that mobile devices will become the predominant form for accessing both personal and professional content it is understandable that cyber criminals have begun focusing on mobile devices which have at the same time grown their user base while substantially consolidating the operating system variants which makes the surface area for a potential attack substantially larger (...
Live acquisition: The future of data acquisitions is shifting toward live acquisitions because of the use of disk encryption with newer operating systems (OSs). In addition to encryption concerns, collecting any data that’s active in a suspect’s computer RAM is becoming more important to digital investigations. The processes and data integrity requirements for static and live acquisitions are the same. The only shortcoming with live acquisitions is not being able to perform repeatable processes, which are critical for collecting digital evidence.
Technology has opened new encounters and opportunities for the criminal justice system. There are so many new practices of criminal activity, such as computer crimes. There are different types of computer crimes that many people become victims of every day. Computer crime is any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target ("Computer Crime: Chapter 2: What Are the Crimes?", n.d.). Crimes such as data diddling, pump and dump, social engineering and spoofing are computer crimes. Even though these crimes are difficult by privacy issues, the new technology has made investigations and prosecutions well organized and effective. Though views are different on the pros and cons of specific technological changes in the criminal justice system, there is an agreement the system has changed affectedly ("Effects of Technology in Criminal Justice | eHow", n.d.).
Computer crime or Cyber Crime is defined as any type of crime that involves or regards a computer or computer network. Cyber Crime mainly means that the computer may be used as a tool in the commission of the crime or the computer may be the main target of the criminal’s crime. The rapid growth of technology and gadgets as well as the further de...