Professional Documents
Culture Documents
ne t
Table 1: Personal Computers versus Smartphones Because mobile devices present unique challenges and risks as outlined in table 1 (Nena, & Anne, 2009), it is imperative to have a solid practice in place that allows f or proper f orensic analysis. T his includes understanding the challenges and how to not f all victim to those challenges, otherwise the credibility of the investigation is at risk itself . In terms of the priority of threats of when it comes to network intrusion, malware, and insider f ile deletions we can prioritize the f ollowing aspects of the mobile technology stack. 1. Hardware 2. Memory 3. Disk Drives 4. Data Digital f orensics when it is all said and done comes down to the preservation, recovery, and reporting of data that is stored on a device.
Hardware
To understand the challenges associated with mobile devices it is imperative to understand the architecture. T his can be dif f icult to say the least because the f act is that while the GSM architecture is a published standard, the reality is GSM and the associated protocols are understood by a small set of engineers (Welte, 2010). T he modern smartphone essentially utilizes a modem that encompasses three core f eatures that include handling of the GSM f requencies, analog data translation, and f inally digital data translation. When it comes to the area of security, there are widely accepted standard f eatures that each smartphone has but the reality is these same f eatures and not consistent (Welte, 2010). T he lack of consistency does not present a signif icant hurdle f or a f orensic analyst because f eatures such as the International Mobile Equipment Identif ier (IMEI), Subscriber Identity Module (SIM) card, and f irmware signatures can be of assistance during the investigation and any legal actions that may arise.
Disk Drives
A typical smartphone does not have per say a typical hard drive but this device acts essentially like a portable hard drive because of the memory capacity and the hardware which when connected to a personal computer behaves like any other type drive. I would like to say that hardening of the device is easily accomplished, but the reality is the sof tware that drives smartphones dif f er strongly across the mobile spectrum. In addition, manuf acturers and end users are f acing major security problems that have never been seen previously.
Data
Face it, the entire idea of a smartphone is to be able to access and share data quickly and easily. However, with this f reedom comes inherit risks of modif ication, interception, and deletion of that same data. T he f act
is these same smartphones of ten access critical data and they have no f irewall or antivirus sof tware in place thus enhancing the security risks. Intrusion may be as simple as a lost device or more complex as a black hat capturing the data exchange while the smartphone is connected to public or protected Wi-Fi networks. T here are options available that assist in protecting data and these options include the use of a Virtual Private Network (VPN) and encryption (Munro, 2007).
Network Intrusion
T he f acts about network intrusion are painf ully obvious and an argument may be presented that while prevention is a team ef f ort, the f act is most people are complacent when it comes to security. I have to rank network intrusion as the highest priority because of the mobile device being both easily hidden and powerf ul. In addition, the reality is many Network Intrusion Detection Systems (NIDS) simply monitor and alert well known attacks and of ten overlook mobile devices. Once a mobile device is connected to a given network, the f act remains if the device is compromised, it can easily af f ect the network in a number of ways that is of ten detrimental to the company. Chung, Jacoby, and Davis (2010) present a compelling concept of intrusion with mobile devices that come down to something as simple as power consumption. Because a mobile devices power level increases when the wireless mode is enabled or when they send and receive data packets an IDS could potentially monitor and alert the Inf ormation Technology (IT ) staf f with any suspicious behavior, f igure 2 demonstrates a power comparison by technology with clearly shows how power consumption may be monitored. Chung et al. (2010) propose the use of what is called a battery-based intrusion detection (B-bid) system on the mobile devices themselves.
Malware
T he second greatest threat is malware. Malware by def inition is malicious sof tware that is installed without you knowledge or permission. Depending upon the point of view, many arguments were made against Carrier IQ and the f act the sof tware meet the def inition of malware because many consumers were not aware of this sof tware. In any case, Carrier IQ serves as a great example of what malware can accomplish. Carrier IQ was designed to allow providers to measure perf ormance and use with no visible impact to the device owner (Tsukayama, 2011), but the problem was unsuspecting users were not inf ormed of the sof tware, much less what data was or was not be collected and transmitted to the provider. Protection f rom malware can be an uphill battle because as more and more mobile devices are f looded into the market the growth of malware explodes. While there are mechanisms that protect f rom malware the f act is mobile device owners of ten are not compelled to install antivirus sof tware (Ortega, Fuentes, lvarez, Gonzalez-Abril, & Velasco, 2011). For a f orensic analyst malware presents a substantial problem because malware exploits vulnerabilities in code, which in turn af f ects hardware, data, f ile integrity, and network protocols. While malware presents challenges, Ortega et al. (2011) presents the idea of a monitoring module, which analyzes data transmissions. T his module as outlined provides the necessary monitoring and inspection of the data transf er to both allow and store decisions based upon the transmission. T he f act that the decision history is maintained provides great value to the area of digital f orensics as an audit trail. Keep in mind that because mobile operating systems and the hardware that they run on dif f er greatly, any type of monitoring system would have to adapt to the dif f erences across devices.
File Integrity
At this point one thing that should be painf ully obvious is the f act that mobile devices pose a very large threat. T hese devices are data centric and this same data could be harmf ul in the hands of the wrong individual. Consider f or a moment the ease of capturing pictures or videos. Furthermore, assume you turned on the evening news only to hear a report of a well-known politician in an unf lattering picture, it can happen. While image a video only represent one aspect of f ile integrity, I do believe it is extremely important because of ease of access. In f act, f rom a f orensic standpoint it is imperative to distinguish between any alterations to the media (Rocha, Scheirer, Boult, & Goldenstein, 2011). Protection and acquisition of data f rom mobile devices is of ten very simple. For example, most smartphones when connected to a PC simply show up as a disk drive. With Android devices, a f orensic analyst may utilize the Android Debug Bridge (adb) to acquire data.
Conclusion
Mobile devices have quickly become the norm and everyone f rom all walks of live have, which includes administrators, developers, secretaries, and yes even grandma and grandpa. Because of the wide range in the use base complicated with the verbose usage of mobile devices and a f alse sense of security, the threats are just as verbose as the devices themselves. Stop f or a moment and consider the challenges with malware, network intrusion, and f ile integrity when it comes to user behavior, see f igure 6. While each of these areas address a specif ic concern together they can immensely assist any digital f orensic investigation.
Ref erences
Chung, J., Jacoby, G., & Davis, N. (2010). Detecting network intrusion on mobile device by monitoring power consumption. Retrieved f rom http://www.ece.vt.edu Daesung, M., Byungkwan, P., Yongwha, C., & Jin-Won, P. (2010). Recovery of f lash memories f or reliable mobile storages. Mobile Inf ormation Systems, 6(2), 177-191. doi:10.3233/MIS-2010-0098 Fox News. (2012). Symantecs lost cell phone study conf irms the worst in people. Retrieved f rom http://www.f oxnews.com Munro, K. (2007). Kill deleted data f or good. SC Magazine: For IT Security Prof essionals. p. 19. Retrieved f rom http://www.haymarket.com Nena, L., & Anne, K. (2009). Forensics of computers and handheld devices identical or f raternal twins? Communications of the ACM, 52(6), 132-135. Retrieved f rom http://www.acm.org Ortega, J. A., Fuentes, D., lvarez, J. A., Gonzalez-Abril, L., & Velasco, F. (2011). A novel approach to trojan horse detection in mobile phones messaging and bluetooth services. KSII Transactions on Internet & Inf ormation Systems, 5(8), 1457-1471. doi:10.3837/tiis.2011.08.006 Rocha, A., Scheirer, W., Boult, T., & Goldenstein, S. (2011). Vision of the unseen: Current trends and challenges in digital image and video f orensics. ACM Computing Surveys, 43(4), 26.1-26.42. doi:10.1145/1978802.1978805 Tsukayama, H. (2011). What is Carrier IQ? Washington Post. Retrieved f rom http://www.washingtonpost.com Welte, H. (2010). Anatomy of contemporary GSM cellphone hardware. Retrieved f rom http://laf orge.gnumonks.org
Wilson, M., Craggs, D., Robinson, S., Jones, M., & Brimble, K. (2012). Pico-ing into the f uture of mobile projection and contexts. Personal & Ubiquitous Computing, 16(1), 39-52. doi:10.1007/s00779011-0376-2