Abstract
The modern-day smartphones are the result of the technological progression that is happening in this digital world. This technological advancement has brought an incremental augmentation where these were not perceived as critical by the smartphone users. Also, the computational capability and networking competence has been dragooned constantly to maintain the momentum with the ever-expanding workload demands. This scenario has endorsed the smart gadgets such as smartphones and tablets to accomplish the growing complex challenges. In this digital era, the next generation users are substituting the conventional way of preference such as the personal computers and laptops with smartphone for the social connectedness, e-commerce, financial transaction, market updates, latest news, or even editing images. Users willingly install various mobile apps on to their smartphone and consequently providing their valuable and sensitive personal information to their service providers without thinking and knowing the security lapses and repercussions. Considering the fact, the smartphones' size and its portability, these devices are much more susceptible of being stolen, becoming jeopardized, or being exploited for various cyber-attacks and other malevolent activities. Essentially, the hackers look forward to the new mobile vulnerabilities so that they exploit the revealed vulnerability once a newer edition of the respective mobile operating system is released. In view of the fact that the smartphones are too vulnerable to various exploits, the necessity for a digital investigation entrained to establish a separate domain named mobile forensics. This established forensic domain is specialized in acquiring, extracting, analyzing, and reporting the evidence that is obtained from the smartphone devices so that the exploiting artifacts and its respective actions are determined and located. This chapter puts forward the various processes involved with the mobile forensics that can be employed for examining the evidences of various cyber incidents. Furthermore, it discusses the various vulnerabilities with the iOS and Android mobile operating systems and how they are being exploited in detail. The chapter also discusses the various approaches of data extraction and the respective industry standard for the tools that are being utilized for the same.
TopBackground
Mobile Forensics generally follows the same principles that are religiously followed in Digital Forensics. As valuable and portable as digital data goes, it’s equally considered volatile and vulnerable to corruption. Data Authentication comes as a primary foundation to any digital evidence collection as the context and verdict of any crime can change with the minute variations in data which could be either due to human error during evidence collection or sabotage.
During evidence collection, data is seen as a volatile commodity that should be handled with as much care as possible to prevent any sort of change from its original state. This task becomes particularly difficult as the technology advances, criminals tend to encrypt their devices to prevent an external source from accessing its data and provide contingency measures in case of a breach such as wiping the system clean of any evidence, hence rendering the device useless.
It’s considered as an unspoken rule of evidence collection to not turn the device off, keep it for charging, etc. to prevent any sort of data corruption. Unfortunately, this is not the case every time as it might be required to physically open the device or change settings to force our way into the system due to their state when discovered. In these circumstances, logs are maintained meticulously regarding the initial and final stages of the device. Chain of custody is another important aspect as more the people the device has passed onto, the higher than chances of data corruption or sabotage.
Collection and Transport of evidence are also given prime importance as any electromagnetic anomaly can trigger the device to render its data useless. Cords and cables are disconnected, their pictures taken, digital evidence (Mobile phones and its associated peripherals) are sealed in an electronic evidence bag and stored in a location that won’t be subjected to extreme temperatures.
Any form of evidence collection must be in accordance with the regulations set up by the judiciary of that region/country. Failure of which, the data can even be considered inadmissible by the court even if it has information that can acquit/incriminate the suspect.
Key Terms in this Chapter
Vulnerability: Vulnerability is a weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.
Android: Android is a mobile operating system developed by Google that lets users to manipulate the mobile devices intuitively, with finger movements that mirror common motions, such as pinching, swiping, and tapping.
Digital Evidence: Digital evidence is any significant information stored or transmitted in digital form that a party to a court case may use at trial.
Mobile Forensics: Mobile phone forensics is the science of retrieving data from a mobile phone under forensically sound conditions. This includes full data retrieval and examinations of data found on the SIM/USIM, the phone itself and the optional memory cards. Data retrieved and examined can include images, videos, text or SMS messages, call times and contact numbers.
Smart Phones: A smartphone is a mobile device that combines cellular and mobile computing functions such as web browsing and the ability to run software applications into one unit.