Recovering digital evidence from mobile devices is the next frontier of science, according to Dr Raymond Choo, a security researcher at the University of South Australia.
Dr Choo says that mobile users increasingly leave a trail of personal and business information on smart devices. This digital footprint, where forensically examined, offers a wealth of information. This can be tapped for law enforcement, intelligence-gathering or crime-tracking organisations, he said.
The science of mobile or digital forensics is still evolving. Evidence collected under forensically-sound conditions, is useful in courts, law enforcement, as well as government and intelligence-gathering agencies, said Choo.
Mobile devices store a wealth of untapped data that can be identified, preserved and analysed. “There is a demand to forensically examine these devices. Evidence can be tracked and recovered from different sources,” said Choo.
The University of South Australia is leading forensics research into mobile devices and the cloud. Recent work has involved accessing popular cloud storage services and mobile platforms.
“We were able to forensically recover data remnants such as a username, password, file-names, dates and times, or the presence of client software to indicate which cloud service, if any, had been used on the device,” said Choo.
Personally-identified information encompasses banking or financial transactions, cyber-activity, or peer-to-peer communication. Mobile devices’ 4-digit password or alphanumeric password is not designed to protect data. Evidence can be tracked and recovered from different sources.
“These may include login credentials for email, cloud storage and other online accounts and metadata. Photos or videos stored in a smart mobile device or the cloud offer new trails,” said Choo.
“The science lies in being able to forensically extract and analyse this data. Potential evidential data may reside in login credentials for email, cloud storage or online accounts,” he said.
The body of digital evidence is growing worldwide and piecing this evidence together and using it scientifically is the next challenge.
Demand for anti-mobile forensics
On the flip side, there is renewed interest in “anti-mobile forensic” techniques for use by government agencies or the private sector. These sectors may need to securely conceal or destroy data, Choo said.
"Government agencies, especially those working in national security and intelligence or the private sector, would not want data stored on misplaced or stolen mobile devices to be (forensically) recovered.
“A relatively under-studied area is anti-mobile forensics to prevent or inhibit unwanted forensic investigations,” he said.
Concealment techniques are being refined to secure non-protected data. These techniques use data deletion, or insertion techniques that deter forensic investigations.
Trends for counter forensics tap into built-in data deletion for mobile devices, the overwriting of metadata, and creating an “obfuscation trail” that covers an end-user’s digital track, Choo said.
Follow Shahida Sweeney on Twitter:@bizmonitorgroup
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.