Report - CHOOy 004 PDF

Preview

Summary

SMARTPHONE FORENSICS - Report...

Description

Osama Ahmed Chohan [email protected]

SMARTPHONE FORENSICS 19-April-2019

STUDENT ID: 110237890

Abstract: 21st century has not just evolved the technology but the thoughts and views of people about technology too. Each day a new product is being introduced and people don’t want to use old traditional bulky devices. Smartphone had replaced computers and there are more devices in the world than the entire human population. It is packed with very advantageous features but some of the criminal minded people has been using for their evil purposes. There is a discussion about the process of Mobile forensic and evidences can be obtained from Smartphone. Due to growth of Smartphone the Forensic practitioner are facing challenges and two of the mobile phone related crime has been discussed.

INTRODUCTION:

Various electronic gadgets fall into the category of Smartphones which includes cellphones; smartphones like the Apple iPhone and Blackberry; personal digital assistant (PDAs). Laptop,tablet and iPad items are not commonly named a cell phone as they are not little enough to be viewed as handheld. Today's cell phone comes with the capability that is like hand-held computer which can be used for entertainment purposes like connecting with your friend as well as it gives you features that can help you with your office work. A Smartphone is a cell phone that offers you a capability to run versatile applications with cellular connectivity(Bennett 2011). According to GSMA, there are 7.22 Billion mobile devices in this world. Officially it’s more than the entire human population (Boren 2014).The reason for huge success of Smartphones is because of it is very uncomplicated and conveyable unlike the old traditional computers. Email, instant messaging, high-resolution camera, sensors, global positioning system (GPS) and many other features comes all together assembled in today’s smartphone. All of these electronic evidences are very essential in carrying a criminal investigation ( Bennett 2011). Criminals have been taking advantages of smartphone, misuse of smartphone has arisen. Notable example of mobile related crimes includes Mumbai Terror attack 2008 and riots in London. Since these events, forensics researchers are working on finding proper methods to recover achievable digital evidence about user activities from these devices (Alghafli, Jones & Martin 2011).

NEED FOR MOBILE FORENSIC:

“Forensic Practitioner is the person who collects, preserve, analyze, and present of computer-related evidence” (Alghafli, Jones & Martin 2011). Due to dramatic growth in the use of mobile phone it has been noticed there is more need of expertise in mobile forensic. Since the technology is evolving day by day it is very important for Forensic Practitioner to have a great sense of understanding and knowledge when dealing with different types of Mobile Phone Devices. Older phones were only capable of having small amount of data which was easier in terms of collecting data. In past few years, the Mobile Forensic has been increased due to large amount of illegal activities being carried out. (Bennett 2011). PROCESS OF MOBILE FORENSICS: The digital forensic is carried out based on the four phases. They are listed as following: Preservation: In this phase, preserving of the digital evidence is carried. It is very important to keep the evidence in original state to avoid data modification and alteration. Failing in the first phase can fail the forensic activity overall (Alghafli, Jones & Martin 2011).

Acquisition: After preserving the device, the second step is taken which is to identify device’s model and type. This is performed inside the lab. Once the device has been identified the examiner decides the right tool accordingly. It is not easy to identify the device correctly due to the versatile devices available in market and it can be clone of the device which is very similar in look but different in behavior. Image is created in this phase, integrity is checked to identify if there was any sort of modification (Alghafli, Jones & Martin 2011). Examination and Analyses: Right tool should be selected for the device. Mostly examination tools work rightly but sometimes not which maybe another challenge. Therefore, it is very important to select the right tool. Due to huge amount of data, forensic process can be slow (Alghafli, Jones & Martin 2011). Presentation: The last phase is the about presenting the evidence in such way that people with low computer literacy can understand. This phase is carried out once they find the evidence. Last phase is very crucial it is about presenting the evidence correctly. Otherwise, the case may become unsolved mystery (Alghafli, Jones & Martin 2011).

DIGITAL EVIDENCES FOUND IN SMARTPHONE: Typically, smartphone contains various essential electronic evidences. Cell phones contain different proof things which can be of enthusiasm for a Forensics Practitioner. Wellsprings of proof in a Mobile telephone may include: Subscriber Identity Module (SIM), Mobile Phone Internal Memory, Memory Cards and Network Service Providers. Outer recollections for Mobile Phones may incorporate SIM, SD, MMC, CF cards, and the Memory Stick. They can contain electronic evidences like Pictures, Videos, Audio file and any sort of data format essential for investigation. Data is transferred from SD card and Sim card through a card reader. These must be deliberately examined, as it is conceivable to recoup (erased) information like contacts or instant messages. Forensic examiner uses Forensic tools (like Encase, FTK and so forth).Call Data Records CDRs, Messages Information, and Subscriber Information (counting Name, Address, Number, National Identity and so on) can be accessed through Network Service Providers (Mobile Phone Operators).This strategy includes typical information recuperation strategies while considering Memory Card as an outside capacity media and their File System as FAT. Coherent instruments can recuperate live information from memory cards inside handsets. In any case, the telephone never gives erased records amid a consistent securing. For recovering deleted data they have to memory card access directly. At the point when a record is erased from a FAT parcel: the document's index passage is changed to demonstrate that the record is never again required and first character of filename is supplanted with a 'marker'. The record information itself is left

unaltered which implies that erased documents can be found (by perusing index passages).Law authorization offices now and again likewise depend on application programming to manage extensive measure of information accessible with Network Operators. These product offer highlights like: discovering criminal by backtracking portable numbers from IMEI, graphical reports on use and association examples of a specific target telephone and so on. Investigation of call information records and the relating tower-reception apparatus sets can likewise give valuable data as proof in a criminal preliminary. This sort of examination is performed to identify caller’s exact location. Few of phone can have information previous sim card. MSIDN can be located in sim memory else it can be obtained from operator’s code. The table mentioned below shows the critical evidences that can be obtained from smartphone devices.(Zareen&Baig 2010).

Name of Service Provider Unique Id Number Location Area Identity (LAI) Integrated Circuit Card Identifier (ICCID) International Mobile Subscriber Identity (IMSI) Text Messages Data (SMS) Contacts Call Logs International Mobile Equipment Identity (IMEI) Multimedia Messages Images/Sound/Videos WAP/Browser History/Emails Calendar Items/Notes (Zareen&Baig 2010, p. 48).

Sim card Printed Printed Stored Stored

Phone Memory N/A N/A N/A NA

Stored Stored Stored Stored

N/A Stored Stored Stored

N/A N/A N/A N/A N/A

Printed/Stored Stored Stored Stored Stored

THE CHALLENGES OF THE DIGITAL FORENSICS OF THE SMARTPHONE DEVICES: Call history, contacts, text messages, multimedia messages, internet browser history, photos, videos, email and social media data are the essential evidences contained within the storage of Smartphone. The difficult task is achieving the data following the standard of forensics else it cannot be used as evidence. It has been suggested that smartphone data extraction is convoluted as their structure is different from traditional hard drive or server. When programs are copied from a device, the file structure is volatile and diffuse. In most of the cases it is only the partial data. Password protected can make it more

challenging for forensic examiner to access data (Wilson, R. and Chi, H. 2017). There many other problems, challenges and difficulties faced by forensic practitioner due to dramatic rise of mobile phone are following: 

















Smartphones are becoming smarter day by day. Rapid changes in Smartphone devices are making it difficult for Forensic Practitioner to extract the data. Most of the mobile phone manufacturers are using their proprietary interface along with close operating system. To counter this challenge they need to develop new forensics tool and methodology (Zareen&Baig 2010) (Alghafli ,Jones & Martin. 2011). Most of the commercial forensic tools don’t provide any approach in dealing with physically damaged phones. (Zareen&Baig 2010). Mobile Phone’s signal is needed to be blocked while carrying investigation. Active network might ruin the evidences in the phone. Battery can instantly be drop during signal blocking. (Zareen&Baig 2010)(Alghafli ,Jones& Martin2011) Rising of the smartphone has resulted in the difference of hardware. Forensic inspectors usually come across varieties of smartphones, they can come different sizes, features and hardware. It is very challenging to adapt new technologies and obtaining information from it. Preventing data modification is very important and critical which can lead in to incorrect evidences. It is impossible to prevent data modification because of background process. IMEI alteration is possible with few handsets which is illegal and can create a problem to identify the phones (Zareen&Baig 2010). Due to the growth of smartphones there is a growth in different Operating System. The two competitors in market is Android and iOS but beside that we have got Windows Phone, Symbian, BlackBerry OS. And of each Operating System there is different version which makes it more challenging for Forensic unit (Mahalik&Tamma 2016). Verifying a screenshot can be challenging as in few cases people share screenshot picture of a phone. They need to see the copy of Original for verifying(Bowcott 2018). Lack of untrained professionals can destroy the evidence because of mishandling which can render inaccurateresult in a crime investigation (Bowcott 2018). The Chinese manufacturers don’t proceed with international standard in the production of smartphones. Some of them doesn’t even have IMEI number which cannot be traced. That is why they are used often used in terrorism activities (Bennett 2011). And it is not easy to identify the behavior of those phones in different scenarios. Analyzing on few smartphones like clone of iPhone, N95 and Moto Razr. It was found that removing a battery of Razr for 5 to 10 minutes will not delete temporary data due to the charge left in phone but

  



continuing it for significant amount of time will result in removal of temporary data which includes call logs, date and time (Raghav, S. and Saxena, A.K. 2009). Some of the Smartphone provide features like accidental reset which may cause loss of data and evidences (Mahalik&Tamma 2016). Passcode recovery can be difficult for Forensic team. There are some techniques to bypass screen lock and it is very likely that it won’t work always (Mahalik&Tamma 2016). Mostly the international training available in Forensic industry are not vendor neutral this is one of the biggest challenge in Forensic. There should be more vendor neutral training for Mobile Forensic (Zareen&Baig 2010). Forensic Inspector should be aware of the methods and technologies used by criminal which can result in the destruction and modification of data remotely. To encounter this issue, Smartphone is kept inside the signal isolated box while taking the device from crime location to the lab. And we discussed earlier this can result in the drainage of the battery. (Alghafli ,Jones & Martin. 2011)

MOBILE FORENSIC RELATED CRIMES: Minnesota detectives crack the case with digital forensics: 13 year old girl went missing in Oct 2014. The mystery of this case was solved not by any eye witness but through process of mobile forensic. She was reported missing by her parents 9.36 P.M. The first thing that detectives looked into was their iPods and smartphones. And then Detective Pat O'Hara found the two weeks of sexual chat and with final one saying “Be there” received at 8:31 P.M. Monday. Police were at suspect’s home and searching for the girl. They found her in the basement of 23-year-old man.Casey Lee Chinn, who is currently accused of lawful offense criminal sexual lead, capturing and requesting of a tyke. "Electronic devices are just a treasure trove of information," said Hennepin County Sheriff Rich Stanek. "The digital evidence is one of the first things we go to. They leave footprints all over the place: Who the girls were last talking with, who they were tweeting with. They offer up a lot of clues about what has been happening in these young girls' lives in the past few hours and days." (Prather 2014) Solving A Teen Murder By Following A Trail of Digital Evidence: One of the most heartbreaking and disturbing murder-rape case was solved by a digital evidence obtained from Smartphone. It involves a kidnapping, raping and torturing a teenage girl by her two classmates as she dumped one of them. While carrying this criminal activity they were unable to destroy digital evidences. They left the evidences like search history, GPS coordinates and text messages. The girl’s family and friend created a Facebook page where visitor shared evidences and information about who might have killed her. After a while when police had received enough evidences to get a court order for investigating into boys’ home and taking all gadgets into custody. They did forensic examination on their

computers and phones. They were able to extract history of internet activity and text messages. They were shocked to see that evidences were almost equal to 1.4 Billion pages (Hill 2011). CONCLUSION: [Type a quote from the document People are getting used to portability. Market is flooded with different mobile phon or the summary of an interesting OS and hardware are making Forensic challenging for the practitioner. Lacks of trained professionals are mishandling the evidences and forensic process. Steps should be taken to increase vendor neutral training and Smartphone manufacturers should understand that the damage can be caused by not following international standard. Government and law should create a standard model and they should make sure everyone is following it because one day or another we might see unsolved crimes.

REFERENCES: Alghafli, K.A., Jones, A & Martin, T.A. 2011, 'Guidelines for the digital forensic processing of smartphones', in Edith Cowan University Research Online 2011: 9th Australian Digital Forensics Conference, secau Security Research Centre, Edith Cowan University, Perth, pp. 1-8, viewed 16 April 2019, . Bennett, D.W. 2011, 'The Challenges Facing Computer Forensics Investigators in Obtaining Information from Mobile Devices for Use in Criminal Investigations', ForensicFocus, 20 August, viewed 16 April 2019,. Boren, Z.D. 2014, 'THERE ARE OFFICIALLY MORE MOBILE DEVICES THAN PEOPLE IN THE WORLD', independent, 7 October, viewed 7 April 2019, . Bowcott, O 2018, 'Police mishandling digital evidence, forensic experts warn', The Guardian, 16 May, viewed 16 April 2019, . Hill, K 2011, 'Solving A Teen Murder By Following A Trail of Digital Evidence', Forbes, 3 November, viewed 17 April 2019, . Mahalik, H &Tamma, R 2016, 'Mobile Forensics and Its Challanges', Packtpub, 25 April, viewed 16 April 2019, . Prather, S 2014, 'Minnesota detectives crack the case with digital forensics', Startribune, 6 October, viewed 17 April 2019, .

Raghav, S. and Saxena, A.K. 2009, November. Mobile forensics: Guidelines and challenges in data preservation and acquisition. In 2009 IEEE Student Conference on Research and Development (SCOReD), pp. 5-8 Wilson, R. and Chi, H. 2017, April. A case study for mobile device forensics tools. In Proceedings of the SouthEast Conference, pp. 154-157 Zareen, A. and Baig, S. 2010, May. Notice of Violation of IEEE Publication Principles Mobile Phone Forensics: Challenges, Analysis and Tools Classification. In 2010 Fifth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering, pp. 47-55...