Mobile Forensics -1

Mobile Forensics is one of the upcoming fields in the area of Information Security. While initially it was bundled with Computer Forensics, it posed problems which were unique in many aspects. Thus we had something called Small Scale Digital Device Forensics. I could have used that term in the title, but I kind of like pithy titles. Anyways I am going to blabber on the what sort of problems are being faced by officers in the field and researchers in the labs when analysing these devices.

The first rule of forensics is that evidence obtained on the site should be preserved in exactly the same condition as it was found. So suppose an officer (say Mr. Goon) finds a mobile on the scene of a crime. What does he do with it (apart from trying to keep the fingerprints intact… think of technology situations)? Does he switch it off or does he leave it on? If he leaves it on there might be a string of incoming messages which might overwrite existing data on the mobile. If I switch it off… well for all I know when I turn that thing back on.. it might ask for a password. These are a couple of examples, however the thing is you can not switch it off because you are changing the state of the device, which goes against the law of Forensics. And you can not leave it on cause not only can new data overwrite data but also the device being on network is open to intrusion of different types.

One of the solutions is that you put the mobile in specially built bags which block signals, thus taking the device off the network. The issues with this approach are multifold. One these bags are very expensive. So if you are a small time Inspector in India, you can not afford to have one of these bags. Two these bags do not work for the better part (irrespective of how costly the bag is). Technology like jamming is unfortunately banned in many countries (including the United States). Even if you somehow block the signal (assuming the bag works). The problem is that the device will keep on trying to find a network which is a very energy intensive task. So basically your battery runs out and you have a dead device on you. And you thought this would be simple… welcome to wonderland…

P.S. look at the pic below and if u like it search for ” A SOFTER WORLD”…