|Quotation Request||6 Mobile Phone Forensic Tools|
|Reference No.||G4GSYT 001|
|Statement of Requirements||To supply 6 Mobile Forensic Tools with at least the following features:
Your quote must be for a fixed price per tool which will be valid for 90 days from 22/05/2017. This will allow for staggered purchases within this period to be made at the same price.
Quotations will be assessed on the basis of Price and Quality Mix (Most Economically Advantageous Tender)
500 marks are available in total:
125 marks price
The total MEAT Score is arrived at by adding the Price score to the Quality score
|Closing Date/Time||22nd May 2017 at 12:00 (Midday)
Quotations received after the deadline will not be considered
|Contact Details||Simon Lang
Phone Number: 01782 286300
|The purchase of the Forensic Tools is subject to securing funding from the European Regional Development Fund.|
|Supplier Response||Please submit completed quotations to:
The Evolution of Vehicle Forensics
by Matthew J Parkinson BSc (Hons), Digital Forensic Analyst, SYTECH
Matthew G McKay MComp (Hons), Digital Forensic Analyst, SYTECH
In this day and age, technology surrounds our everyday lives, whether it be at home watching the Smart TV, at the gym using a Smart Watch or in the car using a Sat-Nav, society thrives on it. At the center of this ever-growing, fast paced industry, is the Mobile Phone.
Mobile Phones are leading the way in technological advancements with many new technologies exploiting the phone’s connectivity and capabilities, since a mobile phone is generally with the user, it is the perfect hub for all of our digital needs. This has led to a growing interest in the “Internet of Things” and the idea of a “Smart Home” which allows different aspects of your home to be autonomous or controlled via a Mobile Phone. This growth of the idea of everything being connected has now extended into vehicles, altering the way vehicle technology is implemented.
Since 1930, when the first stereo was implemented within a car, until not so long ago, car technology has been stagnating with not many changes away from the original idea. Recently, car technology has started catching up to the 21st Century with the buyer’s expectation increasing, and expecting; Bluetooth, Touch Screens and DAB radio as standard. With the implementation of the aforementioned features comes concerns over what data the car will store.
Currently, Vehicle Forensics involves the investigation of a bespoke system with limited research available and manufacturers restricting information to assist. We believe the future of Vehicle Forensics will revolve around a Mobile Phone, eliminating past issues and forensic limitations.
Predicting the direction in which technology will flow towards is important for any digital forensics company and here at SYTECH Digital Forensics it’s no different. At SYTECH, we endeavour to maintain a strong arm in research and development in order to stay up-to-date with “bleeding edge” technology, this innovative characteristic of the company is vital in order to maintain a well-established advantage in the digital forensic age.
This article explores the marriage of two industries, mobile devices and vehicle technology, and how they will change Vehicle Forensics for the better.
The Evolution of Vehicle Technology
In the past, Vehicle Technology was confined to the car radio, with the only improvements relating to different ways of storing and accessing music, this originally came in the form of a tape (cassette) which was then followed by CD’s. The first stage of device connectivity to a car was an Auxiliary Port (AUX) which was implemented by vehicle manufacturers. This enabled a user to play music from a personal device.
After this, Car manufacturers started developing Vehicle Infotainment Systems, which generally used a touch-screen with bespoke hardware and software. These systems displayed a visual interface of what was once analogue and included features such as programmable radio stations and basic manufacturer-supplied satellite navigation. This system was quickly outdated as the process of updating the system’s software was inconvenient and not undertaken by the majority of the users. This process involved getting the software from the manufacturer, commonly in the form of a CD / DVD. This led the car manufacturers to look for other means of keeping the system up-to-date.
Society’s heavy reliance on Mobile Phones and their idea of being connected at all times has led to vehicles needing to implement a strong link to take advantage of these devices. This started out as the connection to a phone being possible via Bluetooth or Physical connection. This allowed the user to play music stored on their mobile phone, download their phonebook onto the in-car system and make and receive phone calls hands-free. This was achieved by the phone sharing its data with the in-car system that displayed the music, phonebook and call information in its native format.
At this stage, the connectivity of the phone and vehicle infotainment system was useful but still restrictive with the users still having to rely on limited functionality and basic software provided by the vehicle manufacturer. This often included a native satellite navigation system that was both expensive and difficult to update leading to maps becoming erroneous. Due to the issues of the in-car system, many technology companies started looking for a solution. Overlooking these issues, there is a strong foundation for an efficient, connected and up-to-date eco-system to build upon, with the already present Bluetooth and USB connections, Touch Screen display and microphones placed for hands-free control.
The in-car technology market is at a very pivotal point right now with two well-established companies introducing the following standards:
Apple CarPlay is a development from Apple which was released in 2014 as “iOS in the Car” but rebranded to CarPlay, it allows the user to connect their iPhone to the in-car display through a USB or Bluetooth connection. The display will then show a refined version of the iPhone’s display with all the applications and notifications the user will need whilst in the car. As standard these applications are; Apple Maps, Phone, Messages and Music. The user will then have the option to include additional third-party apps that are compatible with CarPlay and accepted by Apple, these include music streaming, navigation, radio, communication and many other genres of apps. Currently, application development is in its infancy but will grow as the technology is standardised across the vehicle manufacturing range.
The user can control CarPlay using their voice, touch or in-car controls. The voice control will use the already established voice recognition software built into most Apple products called Siri, this can be activated from the steering wheel or saying the words “Hey Siri”. After activating this voice control the user is able to control all the supported applications, as well as perform internet searches. Siri can also answer many different queries from the user for example “How long will it take to get home?” and “Play a song by Bon Jovi”, both useful if stuck in traffic. The touch controls will be utilised on the in-car screen where the current activity will be displayed. CarPlay will integrate and operate with the vehicle’s in-car controls such as steering wheel buttons and dashboard dials. Apple CarPlay requires a compatible Infotainment System and an iPhone 5 or later running Apple’s mobile device operating system, iOS 7.1 or above.
Android Auto was developed and released by Google in 2015, it allows the Android operating system to be displayed on an in-car infotainment system. Android Auto requires a Physical and Bluetooth connection which enables the device to display notifications, sync contact information and make and receive calls. Android Auto is built around Google Maps, Google Now and the ability to talk to Google and also has a growing audio and messaging app eco-system. Android Auto requires an application to be installed on the Mobile Phone to allow the connection to the in-car system, this is downloaded from the Google Play store.
Android Auto displays five option panels to the user: Navigation, Phone function, Information, Music & Media and Car diagnostics information. The Navigation pane will present the user with a polished version of Google Maps, this will include a voice controlled search function, live traffic information and turn-by-turn directions. The Phone function pane will allow the user to receive and make calls as well as dictating SMS messages. The Information pane will allow the user to conduct internet searches, using Google, with their voice. The Music & Media pane will contain all the entertainment apps which include Spotify, Pocket Casts and Google Play Music. The Car diagnostics pane will show the car’s various statistics.
In a similar fashion to Apple, Google will monitor and control the applications that will be compatible with Android Auto to keep driver-safety measures at the forefront of their vision. Android Auto requires a compatible vehicle infotainment system and can be used with mobile devices running Android operating system, version 5.0, also known as “Lollipop”, or higher.
Technologies similar to both Apple CarPlay and Android Auto include, MirrorLink, a research project by Nokia, created to integrate a smart phone and a car’s infotainment system. Some vehicle manufacturers have native systems for syncing the car with smartphones but Android Auto and Apple CarPlay will have many benefits over the competition, this is due to the link to the user’s mobile phone. This link provides the user with the already present functionality, applications and personal data that the phone possesses to use with the in-car system.
Another technology that has features that compliment both Apple CarPlay and Android Auto is “OnStar”. This is being introduced to many new vehicles across the UK, with Vauxhall being the first to include this service across the range. “OnStar” provides direct communication to an advisor who can assist with tasks such as Navigation, security and various other features. Along with this, “OnStar” also brings other useful technologies to the vehicle system which include WiFi, sensor access, automated emergency response and limited app control such as unlocking your car using an app on your mobile phone.
An analogy for these technologies is a set top box and a TV:
- The set top box is the Mobile Phone
- The TV is the Car Display
The TV alone has limited functionality but the connection of a set top box allows further capabilities to be added and displayed on the TV.
The implementation of all this new technology brings a new perspective on the way we use our cars, resulting in different data being collected about its user. In the past, vehicles have been a gold mine of data but forensic barriers including bespoke systems and unsupported hardware meant that vehicles were being overlooked, although potentially imperative to an investigation. The introduction of new in-car systems means the Mobile Phone will become the hub of all the data thus allowing a clear cut method in obtaining the data without the previous complications, meaning Vehicle Forensics will become Mobile Forensics.
Vehicle & Mobile Forensics
The merging together of Mobile & Vehicle Forensics will result in the main extraction method of vehicle data becoming the analysis of Mobile Phones that have been connected to the vehicle in question. This will bring simplicity and speed to these investigations, as Mobile Forensics has a strong foundation with industry-recognised tools, a Mobile Phone is easier to store and work with and the fact that two avenues of data can be analysed as one.
Along with data that is already recovered from a Mobile Phone examination, data from the connection to the in-car system through Apple CarPlay or Android Auto will also be included, this will show the user’s activity whilst in the car. Applications running through Android Auto and Apple CarPlay from the connected phone will create the majority of the data. The types of applications currently available and future considerations are as follows:
- Location-based applications are predominately satellite navigation apps such as Apple Maps and Google Maps. Siri and Google Now both use the user’s location to narrow down the scope of a user’s requests such as nearby petrol stations and restaurants. These applications will create location data which is very useful in pin-pointing the user’s movements and location, potentially providing important evidence for a case.
- Phone applications will include the native Phone app and various other third-party apps, these allow contacts to be saved and the making and receiving of calls over GSM or an internet-based network e.g. Skype and FaceTime Audio. These applications will create call logs which will provide the user’s communication activity, which is useful evidence in a case.
- Messaging applications will include the native Messaging application, Email and various third-party apps, these allow for messages to be sent over GSM or an internet-based network, e.g. iMessage, WhatsApp and Kik. These applications will create chat logs which could be used for evidence of communication between two or more parties.
Music & Audio Applications
- Music & Audio applications will include the native Audio application as well as many music streaming options such as Spotify and Deezer. Other types of Music & Audio applications will include Audiobooks, Podcasts and News apps. These applications can show user activity and they have potential to compliment evidence in a case.
- Voice Control applications will utilise the user’s voice to control various aspects of the in-car system, this will be achieved through the native voice recognition software from the Mobile Phone, e.g. Siri and Google Now. This software brings functionality that is easy to control whilst maintaining driver safety, this functionality includes:
- Internet Searches
- Voice Dialling, e.g. “Call George”
- SMS dictation, e.g. “Message Stuart”
- Updating social media feeds, e.g. Facebook and Twitter
- Location queries, e.g. Where’s the nearest petrol station?
- Various other requests, e.g. Music, Time, Weather, Sport
- These activities will amass valuable data that can be used in many types of investigations.
Car Diagnostics Applications
- This area of Apple CarPlay and Android Auto has limited support but we believe it will become useful and increasingly popular as car manufacturers implement this. Car Diagnostic applications will show the user many statistics about the vehicle, for example, fuel level, service reminders, crash information and speed warnings, all of which could be of beneficial use within a case.
All of these different types of applications and the various data that they store will need extracting to be used in a forensic investigation.
Since the data is stored upon the Mobile Phone, the extraction will be performed in exactly the same manner in which a normal Mobile Phone examination will be completed. This involves various stages that takes it from the extraction of raw data, the analysis and finally production of an expert witness statement.
The three common extraction types are:
- Physical – this will recover both live and deleted data
- File System – this will recover both live and deleted data depending on the phone
- Logical – this will recover live data.
There are also five advanced forensic techniques that assist in completing the extraction of the Mobile Phone which are as follows:
- JTAG / Flasher Box examinations
- Advanced iOS PIN Decryption (iOS 7, iOS 8 and working towards an iOS 9 exploit)
- Advanced Chip-Off Examination
- In-System Programming (ISP)
- Custom Recoveries
All of which SYTECH Digital Forensics can provide.
After the data has been successfully extracted using one or many of the aforementioned techniques it will then be analysed.
Analysis involves parsing the raw data to present it in an understandable format including different data types such as SMS messages, Search History and other valuable evidence recovered from the Mobile Phone.
Prior to a full investigation and further in-depth testing of both Apple CarPlay and Android Auto we are unable to say how the data, that is created from both, is stored on the Mobile Phone. We do however believe the following:
- Apple CarPlay – The data created whilst using Apple CarPlay will not contain any indication that the data was created via this, resulting in Mobile Phone and in-car data being analysed as one.
- Android Auto – Taking into consideration that Android Auto requires an application to be installed on the Mobile Phone for a connection to the vehicle, we believe that the data will be sent through this application thus making it identifiable as in-car data. However, as all of the data is stored on the Mobile Phone, it will still be analysed as one.
The analysis carried out will depend on the type of case we are dealing with, as previously mentioned it may not be easy to differentiate in-car and mobile data, causing issues with cases that only involve in-car data. However, if we need to find out if the suspect has contacted a certain person, we will be able to analyse the communication data whether or not it has been created whilst connected to Apple CarPlay / Android Auto.
Below are examples of cases that data from cars and mobiles can be used as one:
- Robbery – We may use the data from the Sat Nav application to see the details of a journey, as well as calls to accomplices and internet searches, all of which could be created whilst the phone was connected to the car.
- Grooming – Messages of a grooming nature may have been sent whilst the phone was connected to the car through voice dictation.
- IIOC offenses – The user could use voice dictation whilst their phone is connected to the vehicle to search for, and/or view Indecent Images of Children.
- Drug Offenses – Activity of intent to supply or the purchase of illegal drugs could be created whilst the user’s device is connected to the car, for example SMS messages or call history.
- Person of interest – The device’s Music & Audio may be used to assist in a case where very limited evidence is available, for example the user’s music or audiobook preference may help identify the device’s user.
- Murder – Activity that could be used as evidence in a murder case may be created upon the Mobile Phone whilst connected to the in-car system. This includes location, communication and many other types of data.
Many vehicle manufacturers will be implementing Apple CarPlay and Android Auto compatibility into their new build models, for example Ford, who have said they will be adding support for both platforms to all 2017 models.
The availability and support of both platforms will increase significantly over the coming years, this will lead to more applications being developed, adding more functionality to the in-car system, this will in turn create more data that can be forensically extracted, analysed and used for a digital forensic investigation.
SYTECH Digital Forensics
In conclusion, Mobile Phone forensics is going to take over Vehicle Forensics and being one of the leading companies in the UK dealing with Mobile Forensics, SYTECH will in turn become leading experts in Vehicle Forensics.
Our already successful advanced forensic techniques will play a key role in the future of Vehicle Forensics.
SYTECH Digital Forensics can conduct In-House Advanced Chip-off examinations
SYTECH also offers Advanced iOS PIN Decryption.
Every year for the past five years, Splashdata has published a list of the 25 most commonly used passwords. This list is an attempt to educate people on what’s commonly used so they can start thinking about changing passwords to something more complex and random. Sadly, after five years, not much has changed on the top 25. Below you will find the complete list of the most commonly used passwords in order of their popularity and whether it saw a growth, no change, or a reduction in popularity over the previous year’s list.
|Rank||Password||Change from 2014|
SYTECH received instructions from Dorset Police whom requested the Mobile Phone Forensic examinations and analysis of multiple Mobile Phone Handsets not supported for analysis via conventional forensic means and were all attributed to the below referenced murder investigation.
A “truly evil” couple who stabbed a man to death and recorded the “protracted and brutal” attack on a mobile phone have been jailed for life.
Phillip Nicholson, 22, was lured to a flat in Bournemouth where he was set upon by his ex-girlfriend, Isabella Gossling, and her new partner Richard Moors.
Gossling, 20, was found guilty of murder following a trial at Winchester Crown Court. She has been sentenced on Monday to a minimum of 19 years in jail.
Her boyfriend Richard Moors, 25, pleaded guilty to murder in a previous hearing at Portsmouth Crown Court in October.
He was sentenced on Monday to at least 22 years in jail.
Mr Nicholson, who had learning difficulties, was found dead in Gossling’s flat in the Boscombe area of the town on 26 May. He died from a stab wound to the neck.
He was enticed to her home on the pretence of meeting another girl who the couple were friends with, Winchester Crown Court heard.
But the meet-up was a lie made up by Gossling and Moors.
Once Mr Nicholson was at the flat, they stabbed him and recorded the attack on her phone, Dorset Police said.
In the audio recording, Gossling can be heard demanding an apology from Mr Nicholson for sexually assaulting her and encouraging Moors to kill him.
Police said the sex allegation was never substantiated nor reported and they believe it was unfounded.
The phone recording also captured the couple discussing how to leave Mr Nicholson’s body in a way to make it look like he stabbed himself.
The knife used to kill Mr Nicholson was found in a sink at the flat.
The court heard the couple had previously bullied and threatened their vicitm.
Detective Chief Inspector Stewart Balmer, from Dorset Police’s Major Crime Investigation Team, said: “Isabella Gossling and Richard Moors are truly evil.
“They targeted Phillip Nicholson because he was vulnerable and they could exert power over him.
“They subjected Phillip to a brutal and protracted attack.
“This is one of the most harrowing cases I have dealt with in 30 years’ service.”
He added: “The fact they chose to audio record this violent and sick act on her mobile phone is beyond belief.”
Mr Nicholson’s family said in a statement: “We are totally devastated by the way that Phillip was cruelly tormented, tortured and murdered.
“Our son was kind, caring and helpful to all and did not deserve this callous death.
“Phillip’s death will always leave a huge dent in our hearts and those of family and friends that knew him.”
Source: Sky News
If you are interested in an exciting role at SYTECH, then please get in touch: firstname.lastname@example.org visit SYTECH Employment.
Matt is a graduate of the BSc (Hons) Computer Forensics course and is now working for SYTECH as a Digital Forensic Analyst.
Why did you decide to study computer forensics?
“I was looking for a change of career and thought computer forensics sounded very interesting. I wanted a career that was challenging and non-repetitive. During the practical tutorials in the dedicated forensic lab I began to really enjoy the topic, but when it really clicked for me was during my final year project. I became obsessed and would stay in the labs as late as I possibly could, often being asked to leave by campus security so that they could lock the building!”
Why did you decide to study at the University of South Wales?
“The University of South Wales has an outstanding reputation within the industry and I wanted to maximise the value of my degree. Had I not been able to study computer forensics at the University of South Wales, I would not have pursued a career in digital forensics.
“The University of South Wales works closely with the industry of digital forensics in creating its course content. Exposure to advanced forensic techniques such as CCTV reconstruction, forensic data recovery, and chip-off and J-TAG analysis provides students with skills vastly exceeding those of other institutions and a solid foundation upon which to build their careers.”
How did the course challenge and inspire you?
“Dr Huw Read is an excellent lecturer and instilled a new method of thinking within me. Digital forensics is about thinking outside the box, it’s looking at new devices and seeing beyond their hardware capabilities and understanding the functionalities available to the user. It’s about working around the challenges presented by security measures and providing solutions to complex problems. Trust me when I say that there is no greater feeling than that moment when you have overcome a significant challenge. Only when we push ourselves do we discover what we are truly capable of!”
Tell us a bit more about your research?
“My final year project involved creating a forensically sound method of analysing an 8th generation games console. I was given access to a dedicated postgraduate research lab and became obsessed with overcoming the challenges presented by the device. I established a method that does not alter any data during the analysis process. I was awarded a mark of 76% and invited by University lecturers to continue my research during the summer period. In October 2014, I submitted an academic paper at the Digital Forensics Research Conference (DFRWS) Europe’s largest digital forensics conference. In March of 2015, I became a published author and travelled to Ireland to present my work in front of over 200 attendees.”
What does the day-to-day role of a Digital Forensic Analyst entail?
“On a daily basis, I conduct both prosecution and defence examinations of embedded devices, such as mobile phones, tablets, Satellite Navigation Systems, games consoles, etc. The nature of the cases I am involved in range from indecent images of children to missing persons and murder investigations. The role also involves travelling around the country conducting on-site extractions of mobile devices and providing expert witness testimony in a court of law.”
How do you feel your course helped prepare you for your job at SYTECH?
“Although I enrolled on the MComp (Hons) Computer Forensics course offered by the University, I withdrew from the course early, as I was offered my position at SYTECH after graduating with the BSc (Hons) Computer Forensics. I now provide lectures at the University of South Wales to provide guidance on the skills required by industry.”
What are your next steps?
“The next step in my career is to undertake further study at the University of South Wales. I am currently in the process of preparing my PhD research proposal and aim to begin my studies in January of 2016. My aspirations are to make a significant impact in the field of digital forensics and for my name to stand for integrity, honesty and professionalism.”
What advice would you give to someone considering studying a degree?
“If you feel as though you are not ‘brainy’ enough, just remember that when I started out I didn’t have any qualifications, I was never any good in school and I’m dyslexic. Now, I’m a graduate, a published author, employed as a Digital Forensic Analyst at a fantastic organisation that believes in me and has faith in my abilities; so much so that they have offered to fund my PhD studies.”
Matt was interviewed by industry publication, Forensic Focus earlier in the year. Read the article to find out more about Matt’s research on the forensic analysis of a Sony PS4 and how he thinks the industry will evolve over the next few years.