Cellebrite Research Reveals Top Trends Shaping Mobile Forensics: Multi-Device, Field Analysis, Social Evidence, Big Data (SYTECH) and Malware
Industry Research Study Delivers Outlook for Mobile Forensics
Cellebrite surveyed its customer base and conducted interviews with leading mobile forensic experts and analysts spanning the industry. According to the research, the following trends will directly shape mobile forensics in the months to come:
- Consumers Increasingly Rely on Multiple Devices: Investigators are likely to find themselves analyzing data from more than one cellular phone, tablet, GPS device and other mobile media, not just per case but also per person. As a result, mobile forensic investigations have outpaced computer forensics, with the ratio increasing by as much as threefold over the past three years. “This trend shows that as mobile devices become more powerful and easier to use, more people depend on them to manage different aspects of their work and personal lives,” said Cindy Murphy, a detective with the Madison Wisconsin Police Department. “That means that investigators need ways to manage multiple sources of data to obtain a full picture of each person’s life, in the time frame that they need the information most.”
- Extraction and Analysis Go Local, Shifting from the Lab to the Field: Due to the rapid increase in mobile device evidence, law enforcement agencies can no longer rely solely on forensic labs at the state and federal levels. Whether as part of a search incident to arrest, the forensic preview of digital media during execution of a search warrant or a consent to search while evaluating a complaint, almost 44 percent of survey respondents now extract mobile data in the field. “Digital forensics is becoming democratized,” said D/Sgt Peter Salter of the Police Service of Northern Ireland eCrime Unit. “Specialized expertise will always be an important strategic element within overall capability to produce robust evidence for court. However, specialists and case investigators alike both benefit from having the capability to examine exhibits locally and on the frontline. Within agreed procedures, this approach enables investigators to determine which exhibits require more in-depth investigation, as well as provide frontline investigators with rapid, controlled access to digital evidence in order to inform their critical decision making.”
- Mobile Evidence Gets Social, Data Sources Diversify: There are approximately 1.19 billion active users on Facebook, 300 billion tweets sent on Twitter monthly, and 16 billion photos shared on Instagram monthly. Additionally, 2013 saw more than 100 billion downloads of mobile applications. The result? Data living in social applications has become critically important as the number of criminal investigations involving data collected from these applications rose significantly. Cellebrite’s survey revealed that 77 percent of respondents believed that mobile apps were the most critical data source, followed by the cloud at 71 percent. “Documenting different communication channels that are part of a crime (e.g., Facebook, YouTube, etc.), as well as those that can lead to new witnesses, victims, suspects and alternate perpetrators is becoming more important,” said John Carney, Chief Technology Officer at Carney Forensics. “It is necessary to contextualize mobile device data with social data from people’s online personas.”
- Big Data, Focused Analytics: With the amount of digital evidence growing from gigabytes to terabytes in many cases, data analytics becomes even more crucial in understanding mobile evidence. Investigators need to be able to separate relevant data from the inconsequential, and then easily understand and explain the differences to themselves, colleagues, barristers/attorneys and jurors. “The ability to visualize timelines, geographical locations, and content can make all the difference in how jurors, barristers/attorneys, and others perceive the relevance of data we extract,” said Simon Lang, Digital Forensic Manager with SYTECH.
- Mobile Malware Impacts Civil and Criminal Investigations: In 2013, Cellebrite’s panel of industry experts predicted a rise in mobile malware and the resulting need for forensics examiners to understand how to recognize and analyze it together with other evidence. “Malware as a factor in fraud, intimate partner abuse, theft of intellectual property and trade secrets and other crimes is something that all investigators will need to consider with every mobile device they encounter,” said Carlos Cajigas, Training Director and Senior Forensic Examiner with EPYX Forensics. “Training and practical experience are necessary to develop the level of proficiency investigators need to make these assessments.”
“The rise in mobile phone usage and consumer reliance on these devices has directly increased the complexity of criminal investigations,” said Ron Serber, Cellebrite co-CEO. “In order to ensure that collected mobile data translates into forensically sound evidence, awareness, education and training will be critical for the mobile forensics industry this year.”
Findings are based on a combination of survey responses and interviews with industry leaders. The following mobile forensics experts were interviewed as part of Cellebrite’s research:
- Carlos Cajigas – Training Director and Senior Forensic Examiner, EPYX Forensics
- John Carney – Chief Technology Officer, Carney Forensics
- Cindy Murphy – Detective Computer Crimes/Computer Forensics, Madison Wisconsin Police Department
- Simon Lang – Digital Forensic Manager, SYTECH
- Peter Salter – Detective Sergeant, Police Service of Northern Ireland eCrime Unit
- Ron Serber – Co-CEO, Cellebrite
To read Cellebrite’s complete industry outlook, visit: http://www.cellebrite.com/collateral/OUTLOOK_FOR_THE_MOBILE_FORENSICS_INDUSTRY_2014_WP.pdf
To learn more about Cellebrite’s mobile forensics solutions, visit: http://www.cellebrite.com/mobile-forensics.
Founded in 1999, Cellebrite is a global company known for its technological breakthroughs in the cellular industry with dedicated operations in the United States, Germany, Singapore, and Brazil. A world leader and authority in mobile data technology, Cellebrite established its mobile forensics division in 2007, introducing a new line of products targeted to the law enforcement sector. Using advanced extraction methods and analysis techniques, Cellebrite’s Universal Forensic Extraction Device (UFED) is able to extract and analyze data from thousands of mobile devices, including feature phones, smartphones and GPS devices. Cellebrite’s UFED is the tool of choice for thousands of forensic specialists in law enforcement, military, intelligence, security and government agencies in more than 100 countries.
Cellebrite is a wholly-owned subsidiary of the Sun Corporation, a listed Japanese company (6736/JQ).