Your mobile knows a lot about you and that brings a number of business risks – security breaches from company data held in emails or business apps, for example. We highlight the data and security risks of the phone in your pocket. -
See more at: http://www.grant-thornton.co.uk/en/Thinking/Beware-the-secrets-held-in-your-smartphone-/?previouspage=7260
5. Mobile Devices
• Embedded and reliant on mobile devices in our
everyday lives – work, personal and leisure.
• Mobile devices often overlooked as a source of
potential evidence - awareness level for police
constabularies and criminal investigations.
• Individuals often unaware of hidden data stored!
• Example – Audience participation with BlackBerry
devices – Event Log
7. Mobile Devices - Popularity
• Research Firm Gartner – Suggest PC's are on the
decline
• Not a dip caused by squeeze on household
incomes
• 1.9 billion mobile devices to be sold in 2013, where
1 billion estimated will be smart phones
• Social media access – Twitter feeds embedded
into Bloomberg terminals at traders desks. Goes
against the grain for reluctance of firms to allow
access
9. Why Mobile Device Investigations
• Criminal & civil law examples - murder, sexual
assault, violent crime, burglary, intent – sabotage
and collusion, illicit images of children, financial
fraud, commercial espionage, money laundering,
and HR related issues.
• Examinations need to be forensically sound to
stand up in court with robust procedures (ACPO
guidelines).
• Recovery of deleted data.
• Recovery of data from damaged mobile devices.
11. Why Mobile Device Investigations
• SIM cards – Subscriber data used to obtain billing
records, contacts, call data, text messages.
• Handset – Typically contacts, call logs, SMS text
messages, MMS, emails, Internet history, Social
Media, WiFi, Bluetooth, App data, Media (photos,
videos and audio), voicemails (selected smart
phones only), organiser information, eDocs,
metadata and custom dictionary.
• Memory cards – Typically media and backup of
phone data
15. Examples
• Counterfeit and money laundering case – Suspect
unhelpful in investigation and unwilling to provide
handset code to device.
• Commercial espionage – Individual hid data on
memory card under phone casing.
• Intelligence – Individual identified with fake
passport at airport. Handset examined to assist in
identity.
17. Definitions and Problems
• Global Positioning System (GPS) – activated on
handset to locate geographical position.
• Geotagging – adding metadata to media file.
• How accurate especially in large cities?
• Security issues – giving away location?
• Social media issues – privacy and public domain?
• False GPS co-ordinates can be generated by user.
• Geotags can be edited to give false information.
19. Hypothetical Situations?
• Possible to frame innocent parties eg loading
edited photo with fake co-ordinates to unsecured
phone or website and tip off police.
• Uploading of images to smart phone by military
personnel – subsequently transferred to social
media site. Potentially giving enemy access to
location.
21. What is an App?
• An "App" is an application - software designed to
run on a mobile device with limited function.
• Shortcut to popular web based sites eg email.
• 50 Billion Apps have been downloaded from the
Apple store alone.
• Equates to 7 apps per person on the planet.
• 800 Apps per second are downloaded from Apple.
• Data can be forensically retrieved from some Apps
–but not all, due to the vast array encountered.
22. What information is held?
- Emails
- Location
- Social Media
- Personal information
- Degrees of contact
- Web-based data
23. Security Apps – problems for the investigator?
Applications
securing
transmission of
data to and from
the handset
26. Google Glasses
How will data be able
to be extracted and
forensically obtained?
Types of Data – GPS,
pairing with mobile
devices, microphone,
facial recognition?
28. Computer Forensics
- Mobile devices
synchronised with
other electronic
devices
- Even without a
physical mobile device,
backups can exist on
PC's for examination
- Cloud based services