To gather this list, Cellebrite interviewed a number of prominent experts from law enforcement, corporations and universities, as well as industry analysts, familiar with mobile forensics, information security and e-discovery and the most advanced mobile forensic products available today. They highlighted the following nine trends as the most critical for investigative and legal professionals to prepare for the upcoming year:
BYOD impacts the forensics industry. While “Bring Your Own Device” (BYOD) seemed to infiltrate the enterprise in 2012, the mobile forensics industry will confront the impact of this growing trend in the year ahead. BYOD adoption across the enterprise means that forensics professionals will encounter a greater number of compromised phones. According to John Carney, Chief Technology Officer, Carney Forensics, “For e-discovery experts, BYOD will mean contending with more devices that contain both personal and corporate evidence as well as an increase in legal challenges related to device access and privacy during corporate investigations.”
Critical data: there’s an app for that. According to a 2012 Nielsen report, the average smartphone user has approximately 41 apps installed on a single device. “Whether it’s mobile messaging, personal navigation, social media or improving productivity – apps are going to dominate smartphones and tablets in 2013,” said Carney. “The ability to extract critical data stored in apps will become the new measuring stick by which investigators gauge the superiority of mobile forensics tools.”
Smarter phones mean tougher encryption. “Expect to see more encryption of data on smartphones to protect personal privacy and corporate data, which will make forensic examination more challenging,” said Eoghan Casey, founding partner at CASEITE.Password technology, too, has advanced; pattern-screen locks have hindered forensic data extraction efforts. In 2013, look for mobile forensics tools to continue to find ways to bypass a greater number of passwords and device locks, as well as address advanced encryption technology.
Investigators can’t put all their eggs into one mobile operating system. Though Android took 75 percent of the market in Q3 of 2012,for mobile forensics professionals, market share isn’t everything. As Paul Henry, security and forensics analyst, vNet Security, noted, “While Android is the predominant operating system, the bulk of the bandwidth is still taking place on Apple devices, making them critical to many investigations.” In addition, despite BlackBerry’s decline in recent years, Carney said: “Their popularity for over a decade will make them an important legacy device pertinent to investigations for years to come.”
Windows 8 is the wildcard. Notwithstanding all the attention garnered by Android and Apple, the real wildcard for 2013 will be the rise of Microsoft in the mobile device market. While questions remain regarding how prevalent Microsoft devices will become, Cellebrite’s panel of experts predicts that the need for mobile forensic tools providing support for Windows 8 will increase in the New Year.
Mobile devices advance as witnesses. Look for mobile devices and the data they contain to take center stage in both civil and criminal investigations in the year ahead. “Civil litigators are discovering that mobile device evidence is just as important as digital documents and email evidence,” said Carney. According to Heather Mahalik, mobile forensics technical lead at Basis Technology, “Now, more than ever before, e-discovery experts need comprehensive training in order to ensure the proper extraction of all relevant data from mobile devices.”
The regulatory and legislative landscape remains uncertain. “Lawmakers and judges are looking at cell phones much more critically than they did computers,” said Gary Kessler, associate professor, Embry-Riddle Aeronautical Univ. and a member of the ICAC North Florida Task Force. “However, because few understand the nature of the technology, they are erring greatly on the side of caution. This speaks to the need for greater education regarding the scope and possibilities of mobile forensics and what it means for privacy and pre-trial discovery.”
Mobile malware’s incidence will rise. In 2013, look for malware on smartphone platforms and tablets to increase exponentially, particularly on Android devices. According to Cindy Murphy, detective, computer crimes/computer forensics, Madison Wisconsin Police Department, “The intended uses of mobile malware will be very similar to non-mobile malware – steal money, steal information and invade privacy. For law enforcement and forensics professionals, mobile malware means dealing with potentially compromised devices that may help perpetrators cover their tracks, making it increasingly difficult for investigators to meet the threshold of reasonable doubt.”
Data breaches via mobile will rise. “Mobile forensics vendors should resolve to provide stronger capabilities for enterprise wide smartphone investigations to support the investigation of data breaches targeting smartphones and the needs of e-discovery,” said Casey. Malware together with large-scale targeted intrusions into smartphones (targeting sensitive data) will raise enterprises’ risks for data destruction, denial of service, data theft and espionage.
“From the increasing use of mobile evidence to challenges stemming from the rise in tougher encryption methods, there are a number of areas that will demand the attention of mobile forensics professionals in the year ahead,” said Ron Serber, Cellebrite co-CEO. “As the industry continues to evolve, it will be critical for the law enforcement community, as well as the enterprise, to invest in proper training and ensure that their budgets allow them to meet the growing demand for comprehensive device analysis and data extraction.”
Cellebrite’s UFED provides cutting-edge solutions for physical, logical and file system extraction of data and passwords from thousands of legacy and feature phones, smartphones, portable GPS devices and tablets with ground-breaking physical extraction capabilities for the world’s most popular platforms — BlackBerry, iOS, Android, Nokia, Windows Mobile, Symbian and Palm and more. The extraction of vital evidentiary data includes call logs, phonebook, text messages (SMS), pictures, videos, audio files, ESN IMEI, ICCID and IMSI information and more.
Cellebrite’s panel of experts included:
Eoghan Casey, Founding Partner, CASEITE
John Carney, Chief Technology Officer, Carney Forensics; Attorney at Law, Carney Law Office
Paul Henry, Leading Security and Forensics Analyst, Principle at vNet Security; Vice President at Florida Association of Computer Crime Investigators; SANS Senior Instructor
Gary Kessler, Associate Professor, Embry-Riddle Aeronautical University; ICAC Northern Florida Task Force
Heather Mahalik, Mobile Forensics Technical Lead, Basis Technology; SANS Certified Instructor
Cindy Murphy, Detective Computer Crimes/Computer Forensics, Madison Wisconsin Police Department