Flasher Box or No Flasher Box?
Fri, 07/11/2014 - 9:27am
Let’s be very clear before we go down the flasher box path, there is no replacement or substitute for the automated forensic tools produced by mobile forensic manufacturers such as: CelleBrite UFED or Physical Pro, Micro Sytemation XRY or XACT, Paraben Device Seizure Kit, Logicube CellDEK, or Susteen Secure-View to name but a few. Indeed these types of solutions should always be used as a first response. Unfortunately, with growing consumer demand for newer and more technologically advanced mobile phones, these automated and safe solutions do not meet some investigative requirements.
There is no question that flasher boxes are invasive alternatives, but this is where mobile phone forensics started prior to the commercially available fast copy, and more recently, forensic physical extraction tools. So is it safe to use them? Yes, by those who have been trained or have extensive experience in their use under controlled environments. What are the alternatives? Do you really want to leave evidence behind and just move on if the automated solution has failed you? If your conscience will allow you to leave potential evidence behind when a child predator has abducted a victim or a terrorist attack is imminent and you believe that using a flasher box is against the rules, then so be it.
Using all options available in a controlled and methodical manner to advance an investigation should be our desire. Don’t stick your head in the sand like some eminent professionals and mobile forensic manufacturers, who advocate not using flasher boxes because they are not forensically sound. The trusted and well-established global protocols, such as the ACPO Guidelines for Computer-Based Electronic Evidence and the U.S. Department of Justice Electronic Crime Scene Investigations actually facilitate the use of such processes when all else fails, so who is to question them?
There were many sound convictions worldwide before EnCase and FTK came onto the computer forensic scene. Unfortunately, we are still at the pioneering stage in mobile phone technology and with the growth and complex structure of new devices appearing in the market place on a daily basis this will continue for some time. Those who purchase one automated forensic solution and think they can deal with every handset that comes through their laboratory are sadly mistaken. It is common to see multiple mobile forensic tools within a laboratory so why ignore or discredit any solution that can and does retrieve valuable evidence?
From: Flasher Boxes: Back to Basics in Mobile Phone Forensics by John (Zeke) Thackray