Mobile device damage and the challenges to the modern investigator

Mobile Forensics has developed into an area of significant concern to law enforcement agencies and their counterparts, specifically as a result of individuals moving away from using traditional computers and focusing attention on their mobile device. Due to the smart phone being almost permanently attached to the person or in near proximity, it has become a significant source of information for investigators and can mean the difference between proving guilt or innocence. Tools have long been established, which provide agencies the ability to encapsulate expertise, which allows the easy download and production of reports for the mobile device and how it was used. However, whilst these tools work for the majority of devices in near perfect working condition they fail in cases where the phone is even slightly damaged. Many of the tools also require the investigator to unlock the phone or enable a feature before it can be downloaded. Should part of the phone be malfunctioning or if it prevents a feature or unlock from occurring, the ability to obtain forensic evidence will be reduced. Whilst devices can be surprisingly resilient at times, damage by throwing the device into a fire or snapping the logic board in half, will ultimately cause the device to be inoperable and beyond repair. The question therefore arises: How can the investigator even identify the model of device, considering parts of the device, including identification stickers, may have melted off or be missing? In such scenarios repairing the phone via changing the majority of the hardware from ‘donor’ phone cannot be conducted, as they are beyond repair. There is also no chance of being able to re-join the parts of a double or triple layer logic board and a re-joining a single layer logic board is both time and labour intensive. Even then there is no guarantee the phone will work again. To address these difficulties, significant monetary value needs to be invested in equipment and training to equip forensic investigators with the skills and ability in Chip-Off forensics and Ball Grid Array (BGA) rework. These skills mean the small chips from the logic board can be removed without causing damage to their delicate legs or body, enabling the data they contain to be interpreted. Once interpreted, the investigator then has the ability to find what evidence was located on the device and hopefully leading to a conviction of guilt

Detecting and tracing slow attacks on mobile phone user service

The lower bandwidth of mobile devices has until recently filtered the range of attacks on the Internet. However, recent research shows that DOS and DDOS attacks, worms and viruses, and a whole range of social engineering attacks are impacting on broadband smartphone users. In our research we have developed a metric-based system to detect the traditional slow attacks that can be effective using limited resources, and then employed combinations of Internet trace back techniques to identify sources of attacks. Our research question asked: What defence mechanisms are effective? We critically evaluate the available literature to appraise the current state of the problem area and then propose an innovative solution for the detection and investigation of attacks

The next generation for the forensic extraction of electronic evidence from mobile telephones

Electronic evidence extracted from a mobile telephone provide a wealth of information about the user. Before a court allows the trier of fact to consider the electronic evidence, the court must ensure that the subject matter, testimony of which is to be given, is scientific. Therefore, regard must, at the investigation stage, be given to fulfill the requirements of science and law, including international standards. Such compliance also moves the extraction of electronic evidence from mobile telephones into the next generation, a more rigorous position as a forensic science, by being able to give in court well- reasoned and concrete claims about the accuracy and validity of conclusions.published_or_final_versio

A New Framework for Securing, Extracting and Analyzing Big Forensic Data

Finding new methods to investigate criminal activities, behaviors, and responsibilities has always been a challenge for forensic research. Advances in big data, technology, and increased capabilities of smartphones has contributed to the demand for modern techniques of examination. Smartphones are ubiquitous, transformative, and have become a goldmine for forensics research. Given the right tools and research methods investigating agencies can help crack almost any illegal activity using smartphones. This paper focuses on conducting forensic analysis in exposing a terrorist or criminal network and introduces a new Big Forensic Data Framework model where different technologies of Hadoop and EnCase software are combined in an effort to promote more effective and efficient processing of the massive Big Forensic Data. The research propositions this model postulates could lead the investigating agencies to the head of the terrorist networks. Results indicate the Big Forensic Data Framework model is capable of processing Big Forensic Data

A New Framework for Securing, Extracting and Analyzing Big Forensic Data

Finding new methods to investigate criminal activities, behaviors, and responsibilities has always been a challenge for forensic research. Advances in big data, technology, and increased capabilities of smartphones has contributed to the demand for modern techniques of examination. Smartphones are ubiquitous, transformative, and have become a goldmine for forensics research. Given the right tools and research methods investigating agencies can help crack almost any illegal activity using smartphones. This paper focuses on conducting forensic analysis in exposing a terrorist or criminal network and introduces a new Big Forensic Data Framework model where different technologies of Hadoop and EnCase software are combined in an effort to promote more effective and efficient processing of the massive Big Forensic Data. The research propositions this model postulates could lead the investigating agencies to the head of the terrorist networks. Results indicate the Big Forensic Data Framework model is capable of processing Big Forensic Data

Detecting Slow DDos Attacks on Mobile Devices

Denial of service attacks, distributed denial of service attacks and reflector attacks are well known and documented events. More recently these attacks have been directed at game stations and mobile communication devices as strategies for disrupting communication. In this paper we ask, How can slow DDos attacks be detected? The similarity metric is adopted and applied for potential application. A short review of previous literature on attacks and prevention methodologies is provided and strategies are discussed. An innovative attack detection method is introduced and the processes and procedures are summarized into an investigation process model. The advantages and benefits of applying the metric are demonstrated and the importance of trace back preparation discussed

Testing Framework for Mobile Device Forensics Tools

The proliferation of mobile communication and computing devices, in particular smart mobile phones, is almost paralleled with the increasing number of mobile device forensics tools in the market. Each mobile forensics tool vendor, on one hand claims to have a tool that is best in terms of performance, while on the other hand each tool vendor seems to be using different standards for testing their tools and thereby defining what support means differently. To overcome this problem, a testing framework based on a series of tests ranging from basic forensics tasks such as file system reconstruction up to more complex ones countering antiforensic techniques is proposed. The framework, which is an extension of an existing effort done in 2010, prescribes a method to clearly circumscribe the term support into precise levels. It also gives an idea of the standard to be developed and accepted by the forensic community that will make it easier for forensics investigators to quickly select the most appropriate tool for a particular mobile device

The Proceedings of 14th Australian Digital Forensics Conference, 5-6 December 2016, Edith Cowan University, Perth, Australia

Conference Foreword This is the fifth year that the Australian Digital Forensics Conference has been held under the banner of the Security Research Institute, which is in part due to the success of the security conference program at ECU. As with previous years, the conference continues to see a quality papers with a number from local and international authors. 11 papers were submitted and following a double blind peer review process, 8 were accepted for final presentation and publication. Conferences such as these are simply not possible without willing volunteers who follow through with the commitment they have initially made, and I would like to take this opportunity to thank the conference committee for their tireless efforts in this regard. These efforts have included but not been limited to the reviewing and editing of the conference papers, and helping with the planning, organisation and execution of the conference. Particular thanks go to those international reviewers who took the time to review papers for the conference, irrespective of the fact that they are unable to attend this year. To our sponsors and supporters a vote of thanks for both the financial and moral support provided to the conference. Finally, to the student volunteers and staff of the ECU Security Research Institute, your efforts as always are appreciated and invaluable. Yours sincerely, Conference Chair Professor Craig Valli Director, Security Research Institut