Advances in smartphone technology seem to come one on top of another, and as they do, they affect the science of mobile forensics. Cellebrite, a provider of mobile forensic and mobile data transfer solutions, recently released a list of top trends and predictions in mobile forensics.
To gather these predictions, Cellebrite interviewed a number of prominent experts from law enforcement, corporations and universities, as well as industry analysts, familiar with mobile forensics, information security and e-discovery and the most advanced mobile forensic products available today. Following are some of the most critical for investigative and legal professionals to prepare for the upcoming year:
- “Bring your own device” (BYOD): BYOD adoption across the enterprise means that forensics professionals will encounter a greater number of compromised phones. According to John Carney, chief technology officer, Carney Forensics, “For e-discovery experts, BYOD will mean contending with more devices that contain both personal and corporate evidence as well as an increase in legal challenges related to device access and privacy during corporate investigations.”
- Apps: According to a 2012 Nielsen report, the average smartphone user has approximately 41 apps installed on a single device. “Whether it’s mobile messaging, personal navigation, social media or improving productivity, apps are going to dominate smartphones and tablets in 2013,” Carney says. “The ability to extract critical data stored in apps will become the new measuring stick by which investigators gauge the superiority of mobile forensics tools.”
- Tougher encryption: “Expect to see more encryption of data on smartphones to protect personal privacy and corporate data, which will make forensic examination more challenging,” says Eoghan Casey, founding partner at CASEITE. Password technology, too, has advanced; pattern-screen locks have hindered forensic data extraction efforts. In 2013, look for mobile forensics tools to continue to find ways to bypass a greater number of passwords and device locks, as well as address advanced encryption technology.
- Varied mobile operating systems: Though Android took 75 percent of the market in Q3 of 2012, for mobile forensics professionals, market share isn’t everything. As Paul Henry, security and forensics analyst, vNet Security, notes, “While Android is the predominant operating system, the bulk of the bandwidth is still taking place on Apple devices, making them critical to many investigations.” In addition, despite BlackBerry’s decline in recent years, Carney says: “Their popularity for over a decade will make them an important legacy device pertinent to investigations for years to come.”
- Windows 8: Notwithstanding all the attention garnered by Android and Apple, the real wildcard for 2013 will be the rise of Microsoft in the mobile device market. While questions remain regarding how prevalent Microsoft devices will become, Cellebrite’s panel of experts predicts that the need for mobile forensic tools providing support for Windows 8 will increase in 2013.
- Mobile devices as witnesses: Look for mobile devices and the data they contain to take center stage in both civil and criminal investigations in the year ahead. “Civil litigators are discovering that mobile device evidence is just as important as digital documents and e-mail evidence,” Carney says.
- Uncertain regulatory and legislative landscape: “Lawmakers and judges are looking at cell phones much more critically than they did computers,” says Gary Kessler, associate professor, Embry-Riddle Aeronautical University and a member of the ICAC North Florida Task Force. “However, because few understand the nature of the technology, they are erring greatly on the side of caution. This speaks to the need for greater education regarding the scope and possibilities of mobile forensics and what it means for privacy and pre-trial discovery.”
- Increase in mobile malware: In 2013, look for malware on smartphone platforms and tablets to increase exponentially, particularly on Android devices. According to Cindy Murphy, detective, computer crimes/computer forensics, Madison Wisconsin Police Department, “The intended uses of mobile malware will be very similar to non-mobile malware—steal money, steal information and invade privacy. For law enforcement and forensics professionals, mobile malware means dealing with potentially compromised devices that may help perpetrators cover their tracks, making it increasingly difficult for investigators to meet the threshold of reasonable doubt.”