No products in the cart.
"The cat was once seen, sitting on a roof, indoctrinating some sparrows perched just beyond his reach. He told them that all animals were comrades, and any sparrow he desired could land on his hand; but the sparrows preferred to stay away."
Animal Farm - George Orwell
Introduction
With this exponential growth in the digital universe, mobile devices and connections that includes valuable information, and are becoming a huge repository of confidential data becoming more and more powerful as personal computers, started to be part of the routine of people all over the world, surpassing the world population and adding up to more than 8 billion devices.
Along with this advancement, and using the same technologies, given the pace at which mobile development is progressing, everyday tasks, such as sending and receiving emails, sharing photos and videos, accessing social networks, banking, managing tasks and reminders, are part of our routine. Because of this advancement, every day the world's media reports cases involving eyewitness computers, cell phones, IoT, vehicular systems, drones, smart watch, wearables tablets and cloud storage.
It is no surprise that governments, phreaking, spy agencies and criminals, due to the ease of access to citizen data and technological manipulation, began to gain advantage by using evidence and social involvement to facilitate their crimes.
Mobile forensics is an ever-evolving set of scientific methodologies involving techniques aimed at extracting, collecting, retrieving and analyzing data stored in the internal memory of a cell phone extending to cloud storage, and to digital evidence in a legal context.
Today's mobile devices document, detail and expose a user's behaviors, actions, routines and thoughts far more than any data stored on a personal computer, and are getting smarter, cheaper and more easily available for daily use, presenting a true challenge for law enforcement and the forensic community due to rapid changes and updates in technology, using natively, for example, the use of strong cryptography and decentralization in information storage.
The diversity of operating systems and applications for different mobile devices generates important technological standards for procedures and data storage in the cloud.
Therefore, with this unprecedented amount of electronic evidence, we must accept and understand, beyond any doubt, that information contained in a mobile device makes highly skilled digital law enforcement examiners look at this data as a great and valuable challenge to obtain possible and infinite proofs.
Data from a mobile device is critical and may contain information such as documents, financial situation, habits, patterns and, most importantly, daily routines of a person or company. In an investigative process, this is the key for the forensic examiner.
Two decades ago, the FBI and other law enforcement agencies began to model what they dubbed ‘Examination of Digital Evidence’. This model focuses exclusively on the outcome, the acquisition, trust and acceptance of that data.
Computer Forensic Investigation Process
For the correct evidence of possible digital crimes, through an investigation process, a standard has been developed by the FBI and other law enforcement agencies that can be better understood through the flowchart below:
Physical and digital crime scenes are processed together to determine the extent to which evidence can be trusted or rejected and whether further analysis and digital forensics are fed through a physical investigation. Deleted file recovery, file carving, reverse engineering and analysis of encrypted files are some examples of techniques that can be applied at this stage. In case of any missing pieces of the entire puzzle to determine a primary chain of evidence, it is necessary that a search for digital evidence can be resumed.
The findings of the investigation team involving police officers, researchers and forensic experts depend, for example, on factors such as what happened, when and what devices were involved, and still need to produce a standardized framework to ensure a well-conducted investigation.
Users are increasingly using apps to facilitate calling, texting and voice messaging, chatting and other forms of communication.
An investigator in charge of obtaining information from a destination number needs to understand that, in some cases, the number provided by the operator, during authentication carried out by SMS, ceases to exist. After enabling specific applications and services on different devices, spread across different geographic regions of that country, it’s almost impossible to trace and acquire the devices for forensic investigation purposes.
And when this information is not found, leaving no trace?
For further understanding, please refer to the eforensic article Mobile Service Breach
Info: Unlike the always questionable WhatsApp and several other applications, such as telegram, which also in its default configuration stores cache and deleted records, including messages and photos in the cloud, becoming reliable only when the secret chat function is enabled, causing strong encryption and self-destruct message to be enabled by default, bringing reliability to the platform.
For further understanding, please refer to the eforensic article Mobile Service Breach
This example does not include operator call detail records for device-to-device communication. As it has no location, there is no evaluation and collection.
For further understanding, please refer to the eforensic article Mobile Service Breach
Destroyed encrypted data cannot be recovered.
The security of some applications used strategically together is increasingly popular, providing several layers of protection to ensure the usability, stability and integrity of the traffic data, making it impossible to capture this information.
Encrypted data, such as emails, photos, videos, files, and notes, are not preserved in the device's internal memory, being destroyed as soon as the recipient views these files, and cannot be recovered.
Even if, through a thorough investigative process, involving several sectors, the number provided by the mobile operator was somehow recovered or cloned, the installed applications would no longer exist at the origin, changing the safety number confirmations of each one of these applications and contacts, in addition to the powerful and native protection barriers, such as the alphanumeric PIN number, including special characters and the 2factor or Multi-factor authentication of the mentioned applications.
Even if this were possible, the messages would already be destroyed, according to the self-destruct function, which is native to these applications. Making it impossible to recover some type of information for analysis.
As there is no location and collection, there is no evaluation, because without identification, it becomes impossible to define the location, and consequently access to data, for the collection of possible digital evidence.
Today's growing need for advanced smartphone forensic skills is indisputable, and smartphone investigation has become more challenging, tools are rapidly
outdated, and are not able to process some very abstract files, being inefficient in many cases.
Meaning that the scope they cover is getting smaller and smaller in the face of the evolution of applications and storage systems with encrypted standards natively containing a function of self-destruction of files and messages.
Even using native resources contained in platforms, such as Android and Apple, for example, which have similar processes, with regard to remote erasure, Over the Air (OTA) comes by default in many of its products, regardless of platform, allowing its users to remotely wipe the device with a few simple clicks, bringing immeasurable harm to forensic investigators.
On the other hand, criminals, in turn, understand the behavior of these ready-made tools and increasingly improve them to circumvent the modes of operation of forensic investigators, bringing more difficulties to investigative processes.
Considering that forensic tools and the interaction between physical and digital investigations are increasingly outdated for event detection, compression techniques, signature resolution, profile detection, anomalous detection, complaints, system monitoring and data recovery,
understanding and handling low-level techniques is now more important than ever, increasing the must-have skills for mobile device investigators.
In this case presented, the probability of acquisition is an incalculable problem for investigators, definitely burying all the stages and methodologies of digital forensics.
Educational resources
Fonefinder.net
Bandwidth.com
www.msab.com
https://phonelookup.zetx.com/
carrierlookup.com
search.org
www.oxygen-forensic.com/en/
Phonenumberlookup.com
www.phonescoop.com/phones/finder.php
www.gsmarena.com/search.php3
www.mobileforensicscentral.com
www.forensicfocus.com/
www.magnetforensics.com
http://developer.android.com
www.xda-developers.com/
developers.com
www.imactools.com
https://i-funbox.en.softonic.com/
Final Considerations
Many digital forensic professionals commercially rely on the use of off-the-shelf tools available for physical data collection extractions, greatly increasing exam processing time. In addition, the professional performing the physical examination may need training related to the specific program, hardware, utility, or forensic process being used.
This type of analysis is outdated, because for a successful examination of digital evidence from a mobile device by forensic experts, they cannot rely only on tools, in addition to having a strong and limited dependence on the developers of these automated applications, free limited versions and not-so-soft tools. Some of the paid versions are so powerful, most mobile device experts today do not fully understand the methods and processes used, limiting the investigative process.
Decoding some data requires an intimate understanding of electronic evidence and data, which is increasing at an alarming rate with the growth of the world's population and reliance on technology, multiplied by the increasingly accessible arrival of the Internet of Things. This will increasingly require legwork and a “potpourri” of search techniques and personalized programs.
Note
Contrary to Peter Stephenson, who believes that "every digital crime has a point of origin, a point of destination and a path between these two points", advances in technology have brought us greater opportunities to do our work.
Technology has also brought greater threats to civilized societies, as well as more opportunities for “suspicious” anonymity, expanded legal complexities and limitations, reduced, limited and decentralized cooperation from content service providers, and a growing public distrust related to the constant monitoring and interference from authoritarian governments.
The problem is not the technology that brings many disruptions and social benefits around the world, it is, without a doubt, the human being, which in its algorithmic construction, since Adam and Eve, has become full of bugs.
Welcome to the apocalyptic universe of mobile forensics.
Warning:
To the fullest extent of the law, practitioners and researchers must always rely on their own methods in evaluating and using any information contained in this article. The author of the article and eForensics Magazine are not responsible for any damages or failures attributed to said software.
About the Author
Wilson Mendes - I am a cryptanalyst, researcher and advocate for digital privacy rights.
I work with information security, artificial intelligence and cybercrime. I am a creator of anti-tracking solutions and devices. I developed embedded systems with deep expertise in the areas of security protocol, privacy and anonymity.
"The cat was once seen, sitting on a roof, indoctrinating some sparrows perched just beyond his reach. He told them that all animals were comrades, and any sparrow he desired could land on his hand; but the sparrows preferred to stay away."
Animal Farm - George Orwell
Introduction
With this exponential growth in the digital universe, mobile devices and connections that includes valuable information, and are becoming a huge repository of confidential data becoming more and more powerful as personal computers, started to be part of the routine of people all over the world, surpassing the world population and adding up to more than 8 billion devices.
Along with this advancement, and using the same technologies, given the pace at which mobile development is progressing, everyday tasks, such as sending and receiving emails, sharing photos and videos, accessing social networks, banking, managing tasks and reminders, are part of our routine. Because of this advancement, every day the world's media reports cases involving eyewitness computers, cell phones, IoT, vehicular systems, drones, smart watch, wearables tablets and cloud storage.
It is no surprise that governments, phreaking, spy agencies and criminals, due to the ease of access to citizen data and technological manipulation, began to gain advantage by using evidence and social involvement to facilitate their crimes.
Mobile forensics is an ever-evolving set of scientific methodologies involving techniques aimed at extracting, collecting, retrieving and analyzing data stored in the internal memory of a cell phone extending to cloud storage, and to digital evidence in a legal context.
Today's mobile devices document, detail and expose a user's behaviors, actions, routines and thoughts far more than any data stored on a personal computer, and are getting smarter, cheaper and more easily available for daily use, presenting a true challenge for law enforcement and the forensic community due to rapid changes and updates in technology, using natively, for example, the use of strong cryptography and decentralization in information storage.
The diversity of operating systems and applications for different mobile devices generates important technological standards for procedures and data storage in the cloud.
Therefore, with this unprecedented amount of electronic evidence, we must accept and understand, beyond any doubt, that information contained in a mobile device makes highly skilled digital law enforcement examiners look at this data as a great and valuable challenge to obtain possible and infinite proofs.
Data from a mobile device is critical and may contain information such as documents, financial situation, habits, patterns and, most importantly, daily routines of a person or company. In an investigative process, this is the key for the forensic examiner.
Two decades ago, the FBI and other law enforcement agencies began to model what they dubbed ‘Examination of Digital Evidence’. This model focuses exclusively on the outcome, the acquisition, trust and acceptance of that data.
Computer Forensic Investigation Process
For the correct evidence of possible digital crimes, through an investigation process, a standard has been developed by the FBI and other law enforcement agencies that can be better understood through the flowchart below:
Physical and digital crime scenes are processed together to determine the extent to which evidence can be trusted or rejected and whether further analysis and digital forensics are fed through a physical investigation. Deleted file recovery, file carving, reverse engineering and analysis of encrypted files are some examples of techniques that can be applied at this stage. In case of any missing pieces of the entire puzzle to determine a primary chain of evidence, it is necessary that a search for digital evidence can be resumed.
The findings of the investigation team involving police officers, researchers and forensic experts depend, for example, on factors such as what happened, when and what devices were involved, and still need to produce a standardized framework to ensure a well-conducted investigation.
Users are increasingly using apps to facilitate calling, texting and voice messaging, chatting and other forms of communication.
An investigator in charge of obtaining information from a destination number needs to understand that, in some cases, the number provided by the operator, during authentication carried out by SMS, ceases to exist. After enabling specific applications and services on different devices, spread across different geographic regions of that country, it’s almost impossible to trace and acquire the devices for forensic investigation purposes.
And when this information is not found, leaving no trace?
For further understanding, please refer to the eforensic article Mobile Service Breach
Info: Unlike the always questionable WhatsApp and several other applications, such as telegram, which also in its default configuration stores cache and deleted records, including messages and photos in the cloud, becoming reliable only when the secret chat function is enabled, causing strong encryption and self-destruct message to be enabled by default, bringing reliability to the platform.
For further understanding, please refer to the eforensic article Mobile Service Breach
This example does not include operator call detail records for device-to-device communication. As it has no location, there is no evaluation and collection.
For further understanding, please refer to the eforensic article Mobile Service Breach
Destroyed encrypted data cannot be recovered.
The security of some applications used strategically together is increasingly popular, providing several layers of protection to ensure the usability, stability and integrity of the traffic data, making it impossible to capture this information.
Encrypted data, such as emails, photos, videos, files, and notes, are not preserved in the device's internal memory, being destroyed as soon as the recipient views these files, and cannot be recovered.
Even if, through a thorough investigative process, involving several sectors, the number provided by the mobile operator was somehow recovered or cloned, the installed applications would no longer exist at the origin, changing the safety number confirmations of each one of these applications and contacts, in addition to the powerful and native protection barriers, such as the alphanumeric PIN number, including special characters and the 2factor or Multi-factor authentication of the mentioned applications.
Even if this were possible, the messages would already be destroyed, according to the self-destruct function, which is native to these applications. Making it impossible to recover some type of information for analysis.
As there is no location and collection, there is no evaluation, because without identification, it becomes impossible to define the location, and consequently access to data, for the collection of possible digital evidence.
Today's growing need for advanced smartphone forensic skills is indisputable, and smartphone investigation has become more challenging, tools are rapidly
outdated, and are not able to process some very abstract files, being inefficient in many cases.
Meaning that the scope they cover is getting smaller and smaller in the face of the evolution of applications and storage systems with encrypted standards natively containing a function of self-destruction of files and messages.
Even using native resources contained in platforms, such as Android and Apple, for example, which have similar processes, with regard to remote erasure, Over the Air (OTA) comes by default in many of its products, regardless of platform, allowing its users to remotely wipe the device with a few simple clicks, bringing immeasurable harm to forensic investigators.
On the other hand, criminals, in turn, understand the behavior of these ready-made tools and increasingly improve them to circumvent the modes of operation of forensic investigators, bringing more difficulties to investigative processes.
Considering that forensic tools and the interaction between physical and digital investigations are increasingly outdated for event detection, compression techniques, signature resolution, profile detection, anomalous detection, complaints, system monitoring and data recovery,
understanding and handling low-level techniques is now more important than ever, increasing the must-have skills for mobile device investigators.
In this case presented, the probability of acquisition is an incalculable problem for investigators, definitely burying all the stages and methodologies of digital forensics.
Educational resources
Fonefinder.net
Bandwidth.com
www.msab.com
https://phonelookup.zetx.com/
carrierlookup.com
search.org
www.oxygen-forensic.com/en/
Phonenumberlookup.com
www.phonescoop.com/phones/finder.php
www.gsmarena.com/search.php3
www.mobileforensicscentral.com
www.forensicfocus.com/
www.magnetforensics.com
http://developer.android.com
www.xda-developers.com/
developers.com
www.imactools.com
https://i-funbox.en.softonic.com/
Final Considerations
Many digital forensic professionals commercially rely on the use of off-the-shelf tools available for physical data collection extractions, greatly increasing exam processing time. In addition, the professional performing the physical examination may need training related to the specific program, hardware, utility, or forensic process being used.
This type of analysis is outdated, because for a successful examination of digital evidence from a mobile device by forensic experts, they cannot rely only on tools, in addition to having a strong and limited dependence on the developers of these automated applications, free limited versions and not-so-soft tools. Some of the paid versions are so powerful, most mobile device experts today do not fully understand the methods and processes used, limiting the investigative process.
Decoding some data requires an intimate understanding of electronic evidence and data, which is increasing at an alarming rate with the growth of the world's population and reliance on technology, multiplied by the increasingly accessible arrival of the Internet of Things. This will increasingly require legwork and a “potpourri” of search techniques and personalized programs.
Note
Contrary to Peter Stephenson, who believes that "every digital crime has a point of origin, a point of destination and a path between these two points", advances in technology have brought us greater opportunities to do our work.
Technology has also brought greater threats to civilized societies, as well as more opportunities for “suspicious” anonymity, expanded legal complexities and limitations, reduced, limited and decentralized cooperation from content service providers, and a growing public distrust related to the constant monitoring and interference from authoritarian governments.
The problem is not the technology that brings many disruptions and social benefits around the world, it is, without a doubt, the human being, which in its algorithmic construction, since Adam and Eve, has become full of bugs.
Welcome to the apocalyptic universe of mobile forensics.
Warning:
To the fullest extent of the law, practitioners and researchers must always rely on their own methods in evaluating and using any information contained in this article. The author of the article and eForensics Magazine are not responsible for any damages or failures attributed to said software.
About the Author
Wilson Mendes - I am a cryptanalyst, researcher and advocate for digital privacy rights.
I work with information security, artificial intelligence and cybercrime. I am a creator of anti-tracking solutions and devices. I developed embedded systems with deep expertise in the areas of security protocol, privacy and anonymity.