Information Technology Reference
In-Depth Information
Mobile forensic challenges
One of the biggest forensic challenges when it comes to the mobile platform is the fact that
data can be accessed, stored, and synchronized across multiple devices. As the data is
volatile and can be quickly transformed or deleted remotely, more effort is required for the
preservation of this data. Mobile forensics is different from computer forensics and
presents unique challenges to forensic examiners.
Law enforcement and forensic examiners often struggle to obtain digital evidence from
mobile devices. The following are some of the reasons:
•
Hardware differences
: The market is flooded with different models of mobile
phones from different manufacturers. Forensic examiners may come across differ-
ent types of mobile models, which differ in size, hardware, features, and operating
system. Also, with a short product development cycle, new models emerge very
frequently. As the mobile landscape is changing each passing day, it is critical for
the examiner to adapt to all the challenges and remain updated on mobile device
forensic techniques.
•
Mobile operating systems
: Unlike personal computers where Windows has dom-
inated the market for years, mobile devices widely use more operating systems, in-
cluding Apple's iOS, Google's Android, RIM's BlackBerry OS, Microsoft's Win-
dows Mobile, HP's webOS, Nokia's Symbian OS, and many others.
•
Mobile platform security features
: Modern mobile platforms contain built-in se-
curity features to protect user data and privacy. These features act as a hurdle dur-
ing the forensic acquisition and examination. For example, modern mobile devices
come with default encryption mechanisms from the hardware layer to the software
layer. The examiner might need to break through these encryption mechanisms to
extract data from the devices.
•
Lack of resources
: As mentioned earlier, with the growing number of mobile
phones, the tools required by a forensic examiner would also increase. Forensic ac-
quisition accessories, such as USB cables, batteries, and chargers for different mo-
bile phones, have to be maintained in order to acquire those devices.
•
Generic state of the device
: Even if a device appears to be in an off state, back-
ground processes may still run. For example, in most mobiles, the alarm clock still
works even when the phone is switched off. A sudden transition from one state to
another may result in the loss or modification of data.
•
Anti-forensic techniques
: Anti-forensic techniques, such as data hiding, data ob-
fuscation, data forgery, and secure wiping, make investigations on digital media
more difficult.