- Cold Case Chronicles
- Crime Lab
- Crime Scene
- Digital Forensic Insider
- Digital Forensics
- Evidence Collection
- Forensic Anthropology
- Forensic Pathology: Expert Witness
- Impression Evidence
- Medical Examiner
- Mobile Forensics
- Most Wanted
- The DNA Collection
- Who Says
Today’s world is becoming more and more mobile every day. In fact, 91% of all people own a mobile device and 56% own some type of smart device. It is no surprise that today there are more mobile devices on the earth than there are people! Equally impressive is that the amount of data we consume is becoming increasingly focused on mobile devices. In fact, according to Pew Research, 55% of all internet traffic in the United States is from a mobile device, which is a first for overall internet traffic.
Mobile data is now part of the Big Data world. And speaking of Big Data, there are new words out there that we’re beginning to see—“zettabyte” and “yottobyte.” A zettabyte is 10 to the 21st power and yottabyte is 10 to the 24th power—not really something the human brain can fully comprehend! Think of it like this, a zettabyte is the equivalent of 250 billion DVDs and 36 million years of HD video. A yottabyte is a lot more than that. To put data into perspective, researchers estimate that by 2015 big data in our world will amount to eight zettabytes.
And not only is there A LOT of data, the data that is all around us is moving extremely fast via transactions, posts, e-mails, and blogs to name a few. Here are some fairly astounding statistics that speak to the velocity of data:
- Facebook does over 105 terabytes of data every half hour.
- In 2012, there were 38,194 photos shared on Instagram every minute.
- Twitter sees 300,000 tweets per minute.
- Google has over 2 million search queries every minute.
- There are over 200 million e-mails sent per minute.
The numbers above represent all data whether it is from a PC or mobile device, and over half of Internet traffic in the U.S. originates from a mobile device.
In a digital investigation scenario, mobile device data is becoming more and more vital to solving crimes. Today, most of a user’s personal information, and what is most influential in any investigation, can be found on his or her mobile device. Examiners rely on this data, combined with the data found on endpoints, network servers, or storage media, to gather evidence, build a case, and develop a clear picture of the crime.
So, what types of mobile data are important to investigations? For both personal and BYOD use, people are creating, posting, sharing, storing, and logging information including passwords, personal and financial data, e-mails, texts, and posts on social media sites. Multi-media, photos, music, and videos add to the data mix as well as the device data, geolocation, browser activity, user settings, and policy set by MDM tools. Factor in that all this data is stored on the device and not on a network server with your mobile provider or your company.
Advancements in the way we communicate are creating new types of mobile data. The communication methods extend beyond standard SMS/MMS and e-mail to application-based communication. The increased SMS transmission costs, cross platform usage, and the adoption of social media and applications are driving alternative options. Today 70% of smart device users use alternative forms of messaging via applications.
In today’s Big Data world, the ability to search and recover mobile data from applications on smart devices is difficult and often limited using the current mobile solutions. Research shows that only 5 to 10% of the entire user data area is examined by typical mobile forensics tools. This leaves 95% of application data unanalyzed, and a lot of times uncollected. Most MDM solutions used by corporations for threat detection and device governance do not manage or analyze the personal applications in a BYOD scenario. The net result shows that most organizations have minimal insight into their mobile application data and the overall mobile data set.
Current software tools simply extract contacts, SMS/MMS, call logs, media, and possibly e-mail. Some go as far as capturing URL and browser data, Wi-Fi information, and some applications. As for analyzing applications data, most solutions allow the parsing of select applications, limited to about .002% of all applications available. In other words, the average forensic tool supports about 30 applications out of a total of 1.6 million iOS and Android apps. Of those 30 applications, the forensic solution is at the mercy of the developers’ upgrades, schema changes, and table changes. With these ongoing updates, the application is no longer supported by the forensic tool and further technical development is needed.
Another mobile challenge finds forensic applications lacking the capabilities in looking for IP addresses, data traffic, or other metadata. This becomes the Achilles heel for investigators. Their fleet of mobile devices is susceptible to potential malware and threats, resulting in a greater need for incident response (IR) tools. Most investigators lack the IR expertise and tools to resolve issues and scan for unknown, critical threats. If undetected, the malware infected device sets up additional vulnerabilities across the company’s networks and environments. Add to that the difficulty in detecting, collecting, and analyzing mobile data then incorporating it into the overall incident response investigation.
With the explosive increase in mobile usage and applications, mobile data grows exponentially. So, what can organizations do to advance their mobile forensics in order to manage the vast amounts of important mobile data? First, organizations need to invest in advanced mobile forensic solutions to handle the most sophisticated investigations and analyze the plethora of data on the mobile devices, applications, communications apps, and social media. New forensic strategies, solutions, and advanced training of examiners must be implemented and ranked as an organization’s highest priority. Forensic tools must include new capabilities to process the volume of mobile data that is stored and transmitted as well as the volume of devices encountered.
Lee Reiber is Vice President of Mobile Forensic Solutions for the AccessData Group.