Reliability of Mobile Phone Forensic Evidence - Essay Example

? Summary Week – 2 Due to the widespread usage of mobile phones in the U.S.A. digital evidence is gaining in importance. This can be garnered from the fact that almost 80% of all court cases have an element of digital evidence associated with them. For digital evidence from mobile phones to be useful in these legal procedures, the evidence has to be extracted in a sound manner. However, mobile forensics is still in its infancy and analyzing mobile phones for forensic evidence is a far cry from the traditional computer forensics models used for extracting evidence from computers, which is now well known to forensic science. From the perspective of reliability of mobile phone forensic evidence, the Daubert Guidelines play an important part. Tool testing and error rates find focus in the initial part of the guidelines. The use of a database approach for the documentation of the mobile forensics procedures assists in removing the documentation of testing methods employed, by acquiring results on the several test cases, enabling calculation of tool testing errors. This information enables the presenting of mobile forensic evidence in courts in a reliable and legally acceptable manner (Baggili et al, 2007). The practitioners of computer forensic quite often need to deal with digital images as a part of the evidence requirements. Such instances include child pornography or disputes involving proprietary rights. Photographic images found in computers have a strong likelihood of having originated from digital still cameras (DSC). Computer forensic practitioners should have an understanding of the characteristics of computer images to identify the origins of the DSC images in question. This understanding enables a computer forensic practitioner to use the specific attributes of a DSC image to prove replicas, derivates or additional images within a particular group. Some open source software can also be employed successfully to extract images based upon the characteristics of a DSC image (Kohen, 2007). Week – 3 The usage of the iPhone mobile from Apple is growing rapidly. This has led to the need for iPhone forensics as a part of the armory of forensic and security practitioners. This study shows that it is possible to examine the logical back up acquisition of the iPhone 3GS mobile device using the Apple iTunes back up utility to provide forensically important data in the form of e-mail messages, text and multimedia messages, calendar events browsing history, GPRS locations, contacts, call history, and voicemail recording. The study explored the possibility of forensic acquisition, examination and analysis of the backup of the logical copy in the iPhone 3GS mobile. In the examination process the aim was to find out what significant data was stored in the on the device, location of its storage in the memory, and where the data is located in the back up files. For the acquisition the freely available iTunes back up utility was used in a systematic manner to synchronize data between the iPhone and a paired computer. Testing of this methodology demonstrated that an iPhone mounted on a computer running iTunes does not change the user data portion, which means that data integrity remains intact. When a logical copy is acquired, several hundred backup files containing user data, device settings, application preferences, and status are obtained. All these back up files are encoded into XML, ASCII, or binary formats. Examination of the logical copy from an iPhone reveals that these back up files contain a wealth of data that has the potential for use as evidence in court cases (Baggili & Bader, 2010). Week – 4 Amendments made to the Federal Rules of Civil Procedure effective from December 1, 2006, addresses the issue of Electronically Stored Information (ESI), which also takes into consideration ESI found in small digital devices, like cell phones and Personnel Digital Assistants and their use as evidenced in court procedures. The standards employed for the admissibility of electronic evidence are found in the Frye Test, the Rules of evidence, The Daubert Test, and the Rules of Civil Procedure. Thus, the procedures employed in the preservation, collection, examination, and production of evidence must withstand these tests (Hendricks, 2008). The growing use of small scale devices has had the consequence of the development of mobile device analysis tools and techniques, resulting in the field of digital forensics. The field of digital forensics will grow as the use of small scale devices increases and moire evidence and information can be evinced from them. Turing aside from the information and evidence that is available in these devices will cause the charge of negligence and incomplete investigation. Given the wide variety of small scale devices, tool kit manufacturers will be hard put to interface every device. It may be extremely useful for the development of a selection of tools that cover as many devices as possible, and make this selection of tools available to the digital forensic examiners (Punja & Mislan, 2008). Evidence from earlier research has suggested that mobile devices internal has values are variable, when attempting back-to-back acquisitions. Hash values are useful to digital forensic examiners through their ability features to filter known data files, match data across platforms, and prove that integrity has been retained intact. Research taken up at Purdue University targeted the comparison of known hash values with reported values for data objects populated onto mobile devices, employing different transmission methods. The findings of the research showed that while in the majority of the tests uniformity was observed variability was observed in the has values reported for data objects transferred via Multimedia Messaging Service (MMS) (Danker, Ayers & Mislan, 2009). Week – 5 Developments in the field of cell phone technology have led to similarities in the functional ability of cell phones with computers. However, the organization and operation in cell phones is different. Cell phones use a flash memory and not a hard disk, and contain embedded software to enable them to do their specific functions, rather than operating system software. Differences like these make it difficult to employ computer forensic techniques to these devices and call for the development of cell phone forensics. There are however two impediments to the development of cell phone forensics, consisting of the limited coverage of available cell phone forensic tools and the insufficient means that are available for the validation of the correct functioning of the tools. Phone manager protocol filtering and the populating of SIM cards are two techniques that offer scope for overcoming these two impediments to the development of cell phone forensics (Jansen, Delaitre & Moenner, 2008). Several tools have been developed for the extraction of data objects (SWGDE) from SIM cards. However, a major portion of these tools are proprietary, or use of which is restricted to law enforcement agencies. This runs against the grain of the Daubert Test for acceptability from the scientific community. The SIMbrush is a forensic imaging tool for SIM/USIM cards of an open source nature valuable to forensic science with the capacity of extracting all observable memory and non-standard files present in these cards. It provides the advantages of extraction of the full file system in SIM/USIM cards; uncovers several non-standard files; executable simultaneously in several instances on the same machine without overloading the system and presents its output in a standard textual XML representation. However it carries two disadvantages in that the time required for brushing a SIM/USIM card in full extraction mode goes beyond an hour for most of these cards and it is not capable of extracting the body of those files that have ADM or NEV access conditions (Casadei, Savoldi & Gubian, 2006). Literary References Baggili, I. M. & Bader, M. (2010). iPhone 3GS Forensics: Logical Analysis using Apple iTunes Backup Utility. Advanced Cyber Forensics Research Laboratory, Zayed University. Baggili, I. M., Mislan, R. & Rogers, M. (2007). Mobile Phone Forensics Tool Testing: A Database Driven Approach. International Journal of Digital Evidence, 6(2), Casadei, F., Savoldi, A. & Gubian, P. (2006). Forensics and SIM Cards: An Overview. International Journal of Digital Evidence, 5(1), 1-21. Danker, S., Ayers, R. & Mislan, R. P. (2009). Hashing Techniques for Mobile Device Forensics. Small Scale Digital Device Forensics Journal, 3(1), 1-5. Hendricks, R. (2008). Admissibility of Small Scale Digital Devices in U.S. Civil Litigation. Small Scale Digital Device Forensics Journal, 2(1), 1-4. Jansen, W., Delaitre, A. & Moenner, L. (2008). Overcoming Impediments to Cell Phone Forensics. Proceedings of the 41st Hawaii International Conference on System Sciences – 2008, p.1-9. Kohen, C. (2007). Digital Still camera Forensics. Small Scale Digital Device Forensics Journal, 1(1), 1-7. Punja, S. G. & Mislan, R. P. (2008). Mobile Device Analysis. . Small Scale Digital Device Forensics Journal, 2(1), 1-16. Read More