Challenges in Mobile Forensics¶
Challenges in Mobile Forensics¶
1) Preventing data alteration on the device.
- not practical with respect to mobile forensics because simply switching ON a device might also change certain state variables that are present on the device.
- With mobile devices, background processes always run and a sudden transition from one state to another can result in the loss or modification of data (ex Alarm). Therefore, there is a chance that data may be altered either intentionally or unintentionally by the forensic analyst.
- In addition to this, there is a high possibility that an attacker can remotely change or delete the content present on the device – HOW?
- Unlike computer forensics, mobile device forensics requires more than just isolating the device from the network.
2) Wide range of operating systems and device models
- Also for a given operating system, there are millions of mobile devices available that differ in OS versions, hardware, and various other features.
- For example, within the Android operating system, there are around 16 versions, and for each version, there are different customizations made by different manufacturers. Based on the manufacturer, the approach to acquiring forensic artifacts changes
- Sometimes within the same operating system the data storage options and file structures also change, making it even more difficult.
- There is no single tool that can work on all the available types of mobile operating systems.
3) Inherent security features:
- As the concept of "privacy" is increasingly gaining importance, mobile manufacturers are moving towards implementing robust security controls on devices, which complicates the process of gaining access to the data.
- For example- Passcode protection, full disk encryption, file disk encryption mechanisms that are implemented on the latest devices preventing law enforcement agencies and forensic analysts from accessing the information on the device.
- Apple's iPhone encrypts all the data present on the device by default, using hardware keys built into the device. It is very difficult for an examiner to break these encryption mechanisms using techniques such as brute force. To read - FBI vs Apple case
4) Legal issues:
- Mobile devices can be involved in crimes that span across the globe and can cross geographical boundaries.
- In order to tackle these multijurisdictional issues, the forensic examiner needs to be aware of the nature of the crime and also regional law
- 5) Anti forensic techniques – data hiding, secure wiping
- 6) Passcode Recovery
- 7)Lack of Resources and availability of tools