SlideShare ist ein Scribd-Unternehmen logo

Mobile Forensics Trends for 2013 - Cellebrite’s Panel Predictions _WhitePaper MF 2013 Trends

Cellebrite
Cellebrite

Cellebrite asked six of its most influential customers to weigh in on how evolutions in mobile technology, legal, regulatory and legislative landscapes will impact forensic examiners’ efforts throughout 2013. About Cellebrite UFED: http://www.cellebrite.com/mobile-forensic-products.html Download 30 Free Trial: http://www.cellebrite.com/free-trial-30-day.html

1 von 10
Downloaden Sie, um offline zu lesen
THE YEAR AHEAD FOR MOBILE FORENSICS Cellebrite’s Panel Predictions for 2013 A decade after law enforcement first realized that evidence could exist on cell phones, the mobile forensics discipline has evolved as fast as, or arguably slower than, the technology whose data it was born to extract. Corporate legal teams and private investigators have caught on to mobile evidence’s relevance to civil litigation. And accelerating smartphone and tablet use has sparked debate over data security and privacy issues. Cellebrite asked six of its most influential customers to weigh in on how evolutions in mobile technology, legal, regulatory and legislative landscapes will impact forensic examiners’ efforts throughout 2013. Eoghan Casey is founding partner at CASEITE, a service instructor, she has been involved in the digital forensics provider that specializes in complex digital forensics, profession since 1999. For this paper, she provided incident response including network intrusions with in- perspective on how mobile apps and malware will ternational scope, and cyber security risk management. impact law enforcement and trial courts. Casey also supports forensic R&D at the DoD’s Cyber Crime Center (DC3/DCCI). An instructor/researcher at Heather Mahalik is mobile forensics technical lead Johns Hopkins University’s Information Security Insti- at Basis Technology and a SANS Institute Certified tute, he also authored the book “Digital Evidence and Instructor, where she authors and teaches FOR563 Computer Crime: Forensic Science, Computers, and the – Mobile Device Forensics. Her experience as a Internet.” He is a SANS Institute Senior Instructor who government contractor centered her trend predictions developed and teaches the Mobile Device Forensics on encryption, apps, and mobile storage issues, (SANS FOR563) and the new Advanced Smartphone all affecting how forensic examinations are performed. and Mobile Device Forensics (SANS FOR564) courses. His experience drove his assessment of how mobile will Paul Henry, principal at vNet Security and a SANS impact the enterprise in the coming year. Institute Senior Instructor, has worked in the fields of network security, incident response, digital John Carney is Chief Technology Officer at Carney forensics and virtualization for 15 years. These Forensics in St. Paul (Minnesota). Attorney-at-Law at specialties provided a future view of the still-devel- Carney Law Office and counselor-at-law admitted in oping “bring your own device” (BYOD) trend, mobile the State of Minnesota and the US District Court for malware, and well-rounded forensic examinations. the District of Minnesota, he is a strategic evidence consultant and expert witness who previously worked Gary Kessler is associate professor at Embry-Riddle for 30 years as a software engineer, systems architect Aeronautical University, adjunct professor at Australia’s and IT consultant. His insights on technology and Edith Cowan University, and a member of the ICAC the law informed his predictions in this paper. Northern Florida Task Force. Previously, he founded and directed Champlain College’s Master of Science in Cindy Murphy has nearly 28 years in law enforcement. Digital Forensic Management program. His breadth and A Madison (Wisconsin) police detective and part-time depth of experience both at home and abroad gave rise SANS Institute FOR563 – Mobile Device Forensics to his insights about legal and technology trends.
Trends, and challenges, on the mobile forensics horizon Mobile apps—more specifically, the data stored within them—will become more relevant in investigations this year. Pointing to apps like WhatsApp Messenger, Kik Messenger, Text Free, Go SMS Pro, and SnapChat, Carney says this is partly because mobile messaging apps are cannibalizing service providers’ revenues for text messaging. But these apps aren’t the only sources of evidence. “Whether it’s mobile messaging apps, or personal navigation apps, or social media apps, or productivity apps, or mobile payment apps, or any other category, apps are going to dominate in 2013,” said Carney. Both Mahalik and Murphy pointed out that the more apps there are and the more data they contain, the more extensive file systems will become. That will lengthen forensic examinations. Mahalik added that some app data could be stored or encrypted in such a way that renders it difficult to access. This may impact investigators dealing with the BYOD trend, which got underway in 2012. “Corporate IT has not been able to stop the onslaught of consumer device use in the enterprise,” said Carney. “As a result, keeping personal evidence separate from corporate evidence on the same mobile device is proving to be a real challenge.” TRENDING Other expected trends include: A continued shift away from logical to physical mobile examinations. “One of the biggest problems in the legal system is that we are not being thorough enough,” said Henry. “Physical analysis is much more thorough and can recover a much greater amount of data.” Mobile’s increasing relevance to civil litigation and e-discovery, said Carney, as more responsive evidence – data and communications – is found on mobile devices. All panelists agreed that 2013 will be the year mobile malware becomes prevalent. Casey added that the growing quantity and sophistication of malware will lead to more complex intrusions into smart phones targeting sensitive data, creating challenges for investigators and computer security professionals. Increased use of mobile evidence visualization in reporting and in the courtroom, especially timelines, maps, and social graphs and activity analytics “to explain the people aspect of the evidence,” said Carney. A greater need for non-vendor-specific mobile forensics training and certifications. 2
These issues come bundled with challenges to practitioners. “This quickly changing field means that training, software, and equipment needs are also always changing,” said Murphy. Kessler put this into context, observing that phones contain more probative evidence per byte of data than computer hard drives do. “In many cases a full physical extraction can take hours on a single phone,” he explained. “This will continue to be exacerbated as people purchase bigger smartphones; it takes less time to image a one-terabyte hard drive than it does to acquire a 60GB phone.” To meet these needs, mobile forensics tools must be well engineered, which raises their cost. “The Vermont ICAC spends more on one mobile workstation than on one computer workstation,” Kessler noted. Yet budgets, in both the public and private sectors, are not keeping pace—and the situation isn’t expected to improve. This is confounded, according to Carney, by the hard-to-quantify “opportunity cost of time that examiners need to install, configure, and validate new tools given the pace and amount of innovation.” Evolutions in mobile security, apps development Ranking the trends in mobile forensics and storage, and their impact on mobile forensics for the year ahead Carney believes that mobile device security will evolve into its own this year. Two of the most important issues facing the “It took years and a lot of pain and data loss for anti-virus, anti-spyware mobile forensics industry, according to panelists’ solutions to become common, even popular, on personal computers over survey rankings, are 1) critical data stored in apps a decade ago,” he said. “But now, with the increase of malware, especially as well as on mobile devices; and 2) password, on Android platforms, we have reached a tipping point. Even some encryption, prepaid, and other technology consumers are beginning to understand the need for mobile security limiting examiners’ ability to obtain data. solutions and backup/sync solutions on their devices and I expect this These items each ranked in panelists’ top three. trend to accelerate in 2013.” Of somewhat lesser importance were the rapidly That’s because consumers and their employers have begun to learn hard evolving regulatory and legislative landscape, lessons about mobile apps’ lack of security and privacy, especially as mobile helping investigative professionals understand app developers rush to market without adequately testing their apps. “With those evolutions, mobile e-discovery, BYOD, mobile devices all over the enterprise, security is just not up to par and it and issues related to closed Apple security needs to be paramount,” said Henry. and the open Android platform. However, this could lead to additional frustration for mobile forensics examiners. “Expect to see more encryption of data on smartphones to protect personal privacy and corporate data, which will make forensic examination more challenging,” Casey warned. On the bright side, said Carney, addressing oversights in the app development lifecycle could help secure both user and corporate data. “The real issue with insecure and exposed mobile app data is failure 3
to comply with federal privacy statutes and regulatory frameworks like HIPAA, Gramm Leach Bliley, FERPA, and others,” he explained. “Also, compliance with state data privacy breach statutes is in jeopardy, especially as Congress considers enacting a national data privacy statute.” Also affecting mobile security and privacy: storage. Murphy believes that the trend toward cloud storage will continue, with the result that at least some evidence might exist off-device. However, Carney cautioned, “The canary in the mine on cloud-based mobile storage will be iPhone-to-iCloud automated backups. Likely only a minority of iPhone users do it today, but it will grow. I don’t see it for the majority of Android users any time soon because third-party backup apps must be selected, installed, configured and tested. Google will, however, sync contacts, calendars and settings automatically after the user connects the device to his or her Google account.” 2013: the year of mobile malware? Both as a subset of BYOD and on their own, malware and spyware are also expected to become more prevalent this year. Casey predicts more varied, prevalent mobile malware whose payloads will include data destruction, denial of service, data theft and espionage, while Carney anticipates specific types of attacks. “We will see an increase in viruses on mobile, spyware on mobile, phishing and smishing (SMS phishing) attacks, and all assortment of hacks, data loss, and incidents needing effective responses,” he said. Likewise, Henry stated, “We are going to see more malware and more of it targeting enterprise credentials. Mobile malware in the corporate environment will be a huge problem in 2013. Phishing attacks will continue to be the number one way to infect systems. Vishing will also increase as a result of VoIP usage.” Smartphone market share, consumer usage and investigations Henry added, “BYOD equals BYOM (bring your own malware). While 80% of companies are permitting BYOD, only 20% have policies in place. In addition, Android™ took 75% global market share in Q3 of we’ve seen a spike in Android malware. Forensics professionals are going 2012, and according to comScore, more than half to have to be able to handle these compromised devices.” Casey added, of the US market share in Q4 (although Kantar “Individuals and employers can best prepare to respond to mobile malware Worldpanel ComTech data shows an Apple lead by treating smartphones with the same level of care, policies and security in the US for the same period). BlackBerry®’s share measures as other computers they use to communicate, conduct business, has been slipping for some time, but is still the and support financial activities and health care. In other words, implement preferred enterprise solution for many public security measures but be prepared for the worst by having an incident and private sector organizations. What will these response plan that includes smartphones.” trends mean for mobile forensics in 2013? Besides the enterprise, malware will affect law enforcement investigations, Android will continue to come on like gang- said Murphy. “I anticipate that mobile malware will closely follow the path of busters in 2013, for both high end, consumer ‘traditional’ non-mobile malware,” Murphy said, “and that the intended uses smart phones, and down-market pre-paids. will be very similar: 1) steal money, 2) steal information, 3) invade privacy.” Continued on next page 4
She anticipates an increase in malware and spyware used in stalking, identity Apple’s iDevices will continue to be extremely theft, and as a defense against crimes like possession of child abuse images. popular. (Carney) Keep in mind the bulk of This is profound considering Carney’s observation that most of the current bandwidth is still being used on Apple devices. mobile spyware detection tools are not forensically sound. “The non-forensic (Henry) solutions available from leading antivirus, anti-spyware commercial vendors (Lookout, Kaspersky, Symantec, Bullguard, etc.) are not sufficient for our BlackBerry’s decline will continue, even regard- rigorous requirements to preserve mobile device evidence,” he says. less of OS10’s anticipated release. Email is still vulnerable via BlackBerry servers, and no one is One specific area where mobile malware could have a serious impact: mobile writing BlackBerry apps. (Kessler) BlackBerry payment strategies. “The emerging use of mobile devices as currency devices will continue to be a major target of substitutes for credit cards, ‘mobile payments,’ has great potential to become attacks as long as they are used by government a big, bold target for malware,” said Carney. “Malware and other hacks used to organizations and corporate enterprises. (Casey) perpetrate fraud in consumer commerce could seriously curtail the emerging Also, even if BlackBerry sales trail off, they will role of mobile devices in mobile payment strategies. remain an important legacy device due to their long-time popularity. (Carney) “Mobile device forensics may serve as an early and effective, if only reactive, deterrent from a criminal justice perspective,” Carney continued. “But, mobile Windows Phone is the real wildcard in 2013. app testing and validation responsibly performed by app developers before The platform may gain market (and app launch is clearly the more proactive approach for secure mobile payments.” developers’) mind share especially if Windows 8 tablets become significant. (Carney) Windows Mobile together with Android, iOS and even counterfeit “knock-offs” will continue to FUTURE THINKING dominate the industry. (Mahalik) Could Windows 8 merge computer and mobile forensics disciplines? “I believe Windows 8 could provide the first real impetus for a merger of the two disciplines, computer forensics and mobile device forensics,” said Carney. “Microsoft has enlarged Windows 8 support of traditional computing platforms, like laptops and servers, to embrace post-PC computing platforms as well. Will Windows tablets look to us forensi- cally like hard drives and vice versa? What impact will a completely solid state device environment have on Windows forensic examinations?” On the other hand, Murphy thinks the disciplines have already merged. “It began with micro SD storage cards and has continued as examiners use traditional tools along with mobile forensic tools to get the most out of their examinations,” she explained. However, Carney believes tablets may take this concept a step further. “We are talking about the whole device, not just a memory add-on,” he said. Casey agrees. “I anticipate more users combining their phone and tablet usage into a single mobile device,” he said. “This will make these devices more important as sources of evidence (perhaps the sole source of evidence in some cases).” 5
Legal, regulatory and legislative impact on mobile forensics Carney noted that mobile device search and seizure issues are too unsettled to project how they will ultimately affect the mobile forensics industry. However, he believes two specific issues are important to watch: global positioning systems geo-data, especially tracking devices; and privacy and liability concerns regarding access to employee owned mobile devices (BYOD), which confound the corporate legal department,” he added. Courts, too, are struggling. Both Murphy and Kessler believe that judges, prosecutors and police need better education about the evidence that mobile devices contain, the extent to which they contain it, and what this means for privacy and pretrial discovery. “Lawmakers and judges both seem to be looking at cell phones much more critically than they did computers, but because few understand the nature of the technology, they are proposing laws and making rulings that err too greatly on the side of caution,” said Kessler. Casey added, “I anticipate that courts will continue to react against investigative haste and missteps, as they have done with other sources of digital evidence in the past. Privacy concerns are heightened by the personal nature of mobile devices, which accompany people wherever they go and enable investigators to reconstruct movements, communications, and other personal details.” These issues have led to an unpredictable, constantly shifting legislative and regulatory environment. As Murphy pointed out, criminal and civil courts at various levels across 50 states are not likely to come up with consistent rulings this year. Henry has noticed a similar trend. “Legal decisions mostly depend on geographic boundaries, and differ from state to state,” he said. “In more traditionally liberal states we are seeing a greater erosion of privacy rights, and in other states there has been greater push back.” However, Murphy is optimistic that it will settle. “As the courts become more aware of technology and privacy issues, they will make more well-reasoned decisions about the legal ramifications of search and seizure, acquisition and analysis,” she said. This will be shaped partly by the regulatory environment, which is also in flux. Carney questioned whether digital forensic examiners might be required to be licensed in more states, or even by the federal government one day; whether labs could be inspected and qualified against uncertain criteria; and whether examiners might be required to obtain non-vendor- specific, mobile forensic certifications that do not yet exist. Murphy agreed. “Regulators don’t seem to make decisions with practitioners’ perspective in mind,” she explained. “One size fits all solutions are impossible 6
to find, but everyone seems to be looking for them.” Thus Casey believes more than just decision-makers have a duty in this area. “Mobile forensics professionals will have to keep updated on privacy protection legislation and data breach regulations,” he stated, “in much the same way as other forensic professionals have to be aware of these issues. More stringent requirements will put more constraints on mobile forensic practitioners, and require digital investigators to have greater awareness of the privacy issues associated with data on mobile devices.” Planning for mobile evidence’s relevance to litigation and e-discovery in the coming year Legal issues from mobile evidence extend to civil litigation, as well. “Mobile device forensic examiners are now challenged to find new ways to load their mobile data from phones and tablets into litigation support and e-discovery systems,” said Carney. “The challenge, of course, is not just the data load, but more importantly, formatting, tagging, and structuring the data such that it will support important, new e-discovery capabilities like early case assessment (ECA) and predictive coding.” Carney continued, “Organizations can plan for the coming onslaught of mobile device evidence by educating themselves on mobile as a new, relevant and probative form of evidence that will shape civil litigation in coming years. Organizations can begin evaluating and selecting mobile device forensic tools that have the promise to integrate well with litigation support and e-discovery tools in meaningful ways during the coming New Year and beyond.” “E-discovery experts need to be just as trained on mobile devices as computers,” said Mahalik. “Most companies provide cell phones to employees and these are often a part of the investigation. Unique data could be missed if the mobile device is handled improperly.” To this, Casey added: “The industry should resolve to provide stronger capabilities for enterprise-wide smartphone investigations to support the investigation of data breaches targeting smartphones and the needs of e-discovery. In addition, organiza- tions should seriously consider data protection and retention on mobile devices to manage the risks associated with data breach and e-discovery. ” “This will grow rapidly this year due to the blind adoption of BYOD,” said Henry. “We will also continue to see more mobile data with regards to litigation in the coming year. Mobile forensics is growing and it will continue to become a more profitable venture moving forward.” 7
How mobile forensics tools and practices should evolve in 2013 Murphy believes that forensic tools and practices will continue to evolve to fit immediate needs, “close on the tail of technological and legal changes in the mobile device world,” she said. Mahalik agreed. “The tools are always playing catch up to the fast paced device releases and this will continue,” she said. “Support for Windows Phone 7 and 8 is limited and will need to improve,” Mahalik added. “Practices are going to have to include bypassing more passwords / locks and device encryption. [Vendors should also] focus on supporting one device to the best of their ability. For example, if iOS support is your main goal, support all aspects of it (logical, file system and physical). Don’t partially support it.” On a related point, Carney seeks real forensic solutions for mobile spyware “before the need outpaces our capabilities as examiners. I know of only one tool that lightly supports the forensically sound detection of just a few mobile spyware apps,” he said. In addition, he sees mobile app support as “the new measuring stick for mobile device forensic tools’ superiority.” Casey, meanwhile, wants to see more capabilities to support investigation of data breaches and malware-related incidents. On the other hand, Carney sees the recent and growing emphasis on advanced visualization as a positive step. “Basic support for timelines took great leaps forward during 2012,” he explained. “Even rudimentary geo-data and map visualizations appeared in 2012. I think we’re going to go much further in 2013. “And I’m quite excited about the activity analytics and social graphs that I’m seeing coming out of phone contact data as integrated with profiles from mobile apps and other important mobile data,” Carney continued. “This visual information is going to allow us to get the big picture and discover quickly who the significant custodians and actors are in the case. Mobile device forensic tools are going to help us get that big picture more effectively in 2013.” Henry believes this will only be possible if the industry abandons basic logical analysis and agrees only to perform full physical analysis of devices. Most broadly, however, mobile forensics practitioners must keep a close eye on manufacturers’ development trends. Says Gary Kessler: “It’s incumbent on both tool vendors and forensic examiners to keep up with, if not stay ahead of, the manufacturers.” 8
The Questions 1. In your opinion, what are the biggest mobile forensics trends on the horizon for 2013? 2. Rank the following trends in mobile forensics for the year ahead 1-6, in order from most to least important, with 1 being the most important: __ Critical data stored not only on the device but in apps as well __ Device passwords, encryption, prepaid versions, and other technology posing obstacles for law enforcement and private sector investigative professionals __ Challenges with new closed security on Apple devices; conversely, challenges with open platforms such as Android __ Upcoming digital forensics regulation and legislation, and how it may impact mobile investigations __ Helping law enforcement, corporate security and legal professionals stay abreast of trends, precedents and technology affecting mobile devices as “witnesses” in criminal and civil investigations __ Other (Add one trend not listed above) 3. If there is a New Year’s resolution the mobile forensics industry should make, what should it be? 4. What are the biggest challenges facing mobile forensics professionals in 2013? 5. How will the evolving regulatory and legislative environment in the areas of digital forensics, electronic communications and privacy impact the mobile forensics industry in 2013? 6. How do you anticipate mobile security, apps development and storage evolving in 2013, and what impact will these advancements have on mobile forensics? 7. How do you anticipate mobile forensics tools and practices evolving in 2013? 8. Android took 75% market share in Q3 of 2012. Apple’s and BlackBerry’s leads are slipping. What other changes do you anticipate in the mobile market in 2013? How do you anticipate these trends affecting usage—and thus investigations? 9. How do you anticipate courts deciding cases on the seizure, acquisition and analysis of cell phone evidence, and what effect will these decisions have on the mobile forensics industry in the year ahead? 10. What trends do you anticipate regarding mobile malware: its genesis, impact and how criminals will use it? How can individuals and their employers best prepare to prevent and respond to mobile malware? 11. How should organizations plan for mobile data’s relevance to litigation and e-discovery in the coming year? 9
About UFED from thousands of legacy and feature phones, smartphones , portable GPS devices, and tablets with ground-breaking physical extraction capabilities for the world’s most popular platforms – BlackBerry®, iOS, Android, Nokia, Windows Mobile, Symbian and Palm and more. ESN IMEI, ICCID and IMSI information and more. About Cellebrite Founded in 1999, Cellebrite is a global company known for its technological breakthroughs in the cellular industry. A world leader and authority in mobile data technology, Cellebrite established its mobile forensics division in 2007, with the Universal Forensic Extraction Device (UFED). Cellebrite’s range of mobile forensic products, UFED Series, enable the bit-for-bit extraction and in-depth decoding and analysis of data from thousands of mobile devices, including feature phones, smartphones, portable GPS devices, tablets and phones manufactured with Chinese chipsets. Cellebrite’s UFED Series is the prime choice of forensic specialists in law enforcement, military, intelligence, corporate security and eDiscovery agencies in more than 60 countries. Cellebrite is a wholly-owned subsidiary of the Sun Corporation, a listed Japanese company (6736/JQ) www.ufedseries.com BlackBerry® is a registered trademark of Research in Motion (RIM) Corp. Android™ is a trademark of Google Inc. iPhone® is a trademark of Apple Inc., registered in the United States and other countries. HEADQUARTERS USA GERMANY Cellebrite Ltd. Cellebrite USA, Inc. Cellebrite GmbH 94 Em Hamoshavot St. 266 Harristown Rd., Suite 105 Am Hoppenhof 32a Petah Tikva 49130 Glen Rock, NJ 07452 33104 Paderborn Israel USA Germany Tel: +972 3 926 0900 Tel: +1 201 848 8552 Tel: +49 52 51 54 64 90 Fax: +972 3 924 7104 Fax: +1 201 848 9982 Fax: +49 52 51 54 64 9 49 www.ufedseries.com © 2013 Cellebrite Mobile Synchronization LTD, All rights Reserved

Empfohlen

Digital Crime & Forensics - Presentation
Digital Crime & Forensics - PresentationDigital Crime & Forensics - Presentation
Digital Crime & Forensics - Presentationprashant3535
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics pptNikhil Mashruwala
 
Cellebrite Predictions Survey 2015
Cellebrite Predictions Survey 2015Cellebrite Predictions Survey 2015
Cellebrite Predictions Survey 2015Cellebrite
 
With UFED Physical Analyzer, investigative team helps prove a case for capita...
With UFED Physical Analyzer, investigative team helps prove a case for capita...With UFED Physical Analyzer, investigative team helps prove a case for capita...
With UFED Physical Analyzer, investigative team helps prove a case for capita...Cellebrite
 
Interview Techniques for a Mobile Crime World
Interview Techniques for a Mobile Crime WorldInterview Techniques for a Mobile Crime World
Interview Techniques for a Mobile Crime WorldCellebrite
 
Preparing to Testify About Mobile Device Evidence
Preparing to Testify About Mobile Device EvidencePreparing to Testify About Mobile Device Evidence
Preparing to Testify About Mobile Device EvidenceCellebrite
 
Reduce Lab Backlog with Mobile Data Forensic Previews
Reduce Lab Backlog with Mobile Data Forensic PreviewsReduce Lab Backlog with Mobile Data Forensic Previews
Reduce Lab Backlog with Mobile Data Forensic PreviewsCellebrite
 
Trends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and ArtifactsTrends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and ArtifactsCellebrite
 

Empfohlen

Digital Crime & Forensics - Presentation
Digital Crime & Forensics - PresentationDigital Crime & Forensics - Presentation
Digital Crime & Forensics - Presentationprashant3535
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics pptNikhil Mashruwala
 
Cellebrite Predictions Survey 2015
Cellebrite Predictions Survey 2015Cellebrite Predictions Survey 2015
Cellebrite Predictions Survey 2015Cellebrite
 
With UFED Physical Analyzer, investigative team helps prove a case for capita...
With UFED Physical Analyzer, investigative team helps prove a case for capita...With UFED Physical Analyzer, investigative team helps prove a case for capita...
With UFED Physical Analyzer, investigative team helps prove a case for capita...Cellebrite
 
Interview Techniques for a Mobile Crime World
Interview Techniques for a Mobile Crime WorldInterview Techniques for a Mobile Crime World
Interview Techniques for a Mobile Crime WorldCellebrite
 
Preparing to Testify About Mobile Device Evidence
Preparing to Testify About Mobile Device EvidencePreparing to Testify About Mobile Device Evidence
Preparing to Testify About Mobile Device EvidenceCellebrite
 
Reduce Lab Backlog with Mobile Data Forensic Previews
Reduce Lab Backlog with Mobile Data Forensic PreviewsReduce Lab Backlog with Mobile Data Forensic Previews
Reduce Lab Backlog with Mobile Data Forensic PreviewsCellebrite
 
Trends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and ArtifactsTrends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and ArtifactsCellebrite
 
Preparing Testimony about Cellebrite UFED In a Daubert or Frye Hearing
Preparing Testimony about Cellebrite UFED In a Daubert or Frye HearingPreparing Testimony about Cellebrite UFED In a Daubert or Frye Hearing
Preparing Testimony about Cellebrite UFED In a Daubert or Frye HearingCellebrite
 
What Happens When You Press that Button?
What Happens When You Press that Button?What Happens When You Press that Button?
What Happens When You Press that Button?Cellebrite
 
E discovery Brochure
E discovery BrochureE discovery Brochure
E discovery BrochureCellebrite
 
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...Cellebrite
 
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...Cellebrite
 
Verification and Validation of Findings
Verification and Validation of FindingsVerification and Validation of Findings
Verification and Validation of FindingsCellebrite
 

Weitere ähnliche Inhalte

Mehr von Cellebrite

Preparing Testimony about Cellebrite UFED In a Daubert or Frye Hearing
Preparing Testimony about Cellebrite UFED In a Daubert or Frye HearingPreparing Testimony about Cellebrite UFED In a Daubert or Frye Hearing
Preparing Testimony about Cellebrite UFED In a Daubert or Frye HearingCellebrite
 
What Happens When You Press that Button?
What Happens When You Press that Button?What Happens When You Press that Button?
What Happens When You Press that Button?Cellebrite
 
E discovery Brochure
E discovery BrochureE discovery Brochure
E discovery BrochureCellebrite
 
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...Cellebrite
 
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...Cellebrite
 
Verification and Validation of Findings
Verification and Validation of FindingsVerification and Validation of Findings
Verification and Validation of FindingsCellebrite
 

Mehr von Cellebrite (6)

Preparing Testimony about Cellebrite UFED In a Daubert or Frye Hearing
Preparing Testimony about Cellebrite UFED In a Daubert or Frye HearingPreparing Testimony about Cellebrite UFED In a Daubert or Frye Hearing
Preparing Testimony about Cellebrite UFED In a Daubert or Frye Hearing
 
What Happens When You Press that Button?
What Happens When You Press that Button?What Happens When You Press that Button?
What Happens When You Press that Button?
 
E discovery Brochure
E discovery BrochureE discovery Brochure
E discovery Brochure
 
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
 
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...
 
Verification and Validation of Findings
Verification and Validation of FindingsVerification and Validation of Findings
Verification and Validation of Findings
 

Mobile Forensics Trends for 2013 - Cellebrite’s Panel Predictions _WhitePaper MF 2013 Trends

  • 1. THE YEAR AHEAD FOR MOBILE FORENSICS Cellebrite’s Panel Predictions for 2013 A decade after law enforcement first realized that evidence could exist on cell phones, the mobile forensics discipline has evolved as fast as, or arguably slower than, the technology whose data it was born to extract. Corporate legal teams and private investigators have caught on to mobile evidence’s relevance to civil litigation. And accelerating smartphone and tablet use has sparked debate over data security and privacy issues. Cellebrite asked six of its most influential customers to weigh in on how evolutions in mobile technology, legal, regulatory and legislative landscapes will impact forensic examiners’ efforts throughout 2013. Eoghan Casey is founding partner at CASEITE, a service instructor, she has been involved in the digital forensics provider that specializes in complex digital forensics, profession since 1999. For this paper, she provided incident response including network intrusions with in- perspective on how mobile apps and malware will ternational scope, and cyber security risk management. impact law enforcement and trial courts. Casey also supports forensic R&D at the DoD’s Cyber Crime Center (DC3/DCCI). An instructor/researcher at Heather Mahalik is mobile forensics technical lead Johns Hopkins University’s Information Security Insti- at Basis Technology and a SANS Institute Certified tute, he also authored the book “Digital Evidence and Instructor, where she authors and teaches FOR563 Computer Crime: Forensic Science, Computers, and the – Mobile Device Forensics. Her experience as a Internet.” He is a SANS Institute Senior Instructor who government contractor centered her trend predictions developed and teaches the Mobile Device Forensics on encryption, apps, and mobile storage issues, (SANS FOR563) and the new Advanced Smartphone all affecting how forensic examinations are performed. and Mobile Device Forensics (SANS FOR564) courses. His experience drove his assessment of how mobile will Paul Henry, principal at vNet Security and a SANS impact the enterprise in the coming year. Institute Senior Instructor, has worked in the fields of network security, incident response, digital John Carney is Chief Technology Officer at Carney forensics and virtualization for 15 years. These Forensics in St. Paul (Minnesota). Attorney-at-Law at specialties provided a future view of the still-devel- Carney Law Office and counselor-at-law admitted in oping “bring your own device” (BYOD) trend, mobile the State of Minnesota and the US District Court for malware, and well-rounded forensic examinations. the District of Minnesota, he is a strategic evidence consultant and expert witness who previously worked Gary Kessler is associate professor at Embry-Riddle for 30 years as a software engineer, systems architect Aeronautical University, adjunct professor at Australia’s and IT consultant. His insights on technology and Edith Cowan University, and a member of the ICAC the law informed his predictions in this paper. Northern Florida Task Force. Previously, he founded and directed Champlain College’s Master of Science in Cindy Murphy has nearly 28 years in law enforcement. Digital Forensic Management program. His breadth and A Madison (Wisconsin) police detective and part-time depth of experience both at home and abroad gave rise SANS Institute FOR563 – Mobile Device Forensics to his insights about legal and technology trends.
  • 2. Trends, and challenges, on the mobile forensics horizon Mobile apps—more specifically, the data stored within them—will become more relevant in investigations this year. Pointing to apps like WhatsApp Messenger, Kik Messenger, Text Free, Go SMS Pro, and SnapChat, Carney says this is partly because mobile messaging apps are cannibalizing service providers’ revenues for text messaging. But these apps aren’t the only sources of evidence. “Whether it’s mobile messaging apps, or personal navigation apps, or social media apps, or productivity apps, or mobile payment apps, or any other category, apps are going to dominate in 2013,” said Carney. Both Mahalik and Murphy pointed out that the more apps there are and the more data they contain, the more extensive file systems will become. That will lengthen forensic examinations. Mahalik added that some app data could be stored or encrypted in such a way that renders it difficult to access. This may impact investigators dealing with the BYOD trend, which got underway in 2012. “Corporate IT has not been able to stop the onslaught of consumer device use in the enterprise,” said Carney. “As a result, keeping personal evidence separate from corporate evidence on the same mobile device is proving to be a real challenge.” TRENDING Other expected trends include: A continued shift away from logical to physical mobile examinations. “One of the biggest problems in the legal system is that we are not being thorough enough,” said Henry. “Physical analysis is much more thorough and can recover a much greater amount of data.” Mobile’s increasing relevance to civil litigation and e-discovery, said Carney, as more responsive evidence – data and communications – is found on mobile devices. All panelists agreed that 2013 will be the year mobile malware becomes prevalent. Casey added that the growing quantity and sophistication of malware will lead to more complex intrusions into smart phones targeting sensitive data, creating challenges for investigators and computer security professionals. Increased use of mobile evidence visualization in reporting and in the courtroom, especially timelines, maps, and social graphs and activity analytics “to explain the people aspect of the evidence,” said Carney. A greater need for non-vendor-specific mobile forensics training and certifications. 2
  • 3. These issues come bundled with challenges to practitioners. “This quickly changing field means that training, software, and equipment needs are also always changing,” said Murphy. Kessler put this into context, observing that phones contain more probative evidence per byte of data than computer hard drives do. “In many cases a full physical extraction can take hours on a single phone,” he explained. “This will continue to be exacerbated as people purchase bigger smartphones; it takes less time to image a one-terabyte hard drive than it does to acquire a 60GB phone.” To meet these needs, mobile forensics tools must be well engineered, which raises their cost. “The Vermont ICAC spends more on one mobile workstation than on one computer workstation,” Kessler noted. Yet budgets, in both the public and private sectors, are not keeping pace—and the situation isn’t expected to improve. This is confounded, according to Carney, by the hard-to-quantify “opportunity cost of time that examiners need to install, configure, and validate new tools given the pace and amount of innovation.” Evolutions in mobile security, apps development Ranking the trends in mobile forensics and storage, and their impact on mobile forensics for the year ahead Carney believes that mobile device security will evolve into its own this year. Two of the most important issues facing the “It took years and a lot of pain and data loss for anti-virus, anti-spyware mobile forensics industry, according to panelists’ solutions to become common, even popular, on personal computers over survey rankings, are 1) critical data stored in apps a decade ago,” he said. “But now, with the increase of malware, especially as well as on mobile devices; and 2) password, on Android platforms, we have reached a tipping point. Even some encryption, prepaid, and other technology consumers are beginning to understand the need for mobile security limiting examiners’ ability to obtain data. solutions and backup/sync solutions on their devices and I expect this These items each ranked in panelists’ top three. trend to accelerate in 2013.” Of somewhat lesser importance were the rapidly That’s because consumers and their employers have begun to learn hard evolving regulatory and legislative landscape, lessons about mobile apps’ lack of security and privacy, especially as mobile helping investigative professionals understand app developers rush to market without adequately testing their apps. “With those evolutions, mobile e-discovery, BYOD, mobile devices all over the enterprise, security is just not up to par and it and issues related to closed Apple security needs to be paramount,” said Henry. and the open Android platform. However, this could lead to additional frustration for mobile forensics examiners. “Expect to see more encryption of data on smartphones to protect personal privacy and corporate data, which will make forensic examination more challenging,” Casey warned. On the bright side, said Carney, addressing oversights in the app development lifecycle could help secure both user and corporate data. “The real issue with insecure and exposed mobile app data is failure 3
  • 4. to comply with federal privacy statutes and regulatory frameworks like HIPAA, Gramm Leach Bliley, FERPA, and others,” he explained. “Also, compliance with state data privacy breach statutes is in jeopardy, especially as Congress considers enacting a national data privacy statute.” Also affecting mobile security and privacy: storage. Murphy believes that the trend toward cloud storage will continue, with the result that at least some evidence might exist off-device. However, Carney cautioned, “The canary in the mine on cloud-based mobile storage will be iPhone-to-iCloud automated backups. Likely only a minority of iPhone users do it today, but it will grow. I don’t see it for the majority of Android users any time soon because third-party backup apps must be selected, installed, configured and tested. Google will, however, sync contacts, calendars and settings automatically after the user connects the device to his or her Google account.” 2013: the year of mobile malware? Both as a subset of BYOD and on their own, malware and spyware are also expected to become more prevalent this year. Casey predicts more varied, prevalent mobile malware whose payloads will include data destruction, denial of service, data theft and espionage, while Carney anticipates specific types of attacks. “We will see an increase in viruses on mobile, spyware on mobile, phishing and smishing (SMS phishing) attacks, and all assortment of hacks, data loss, and incidents needing effective responses,” he said. Likewise, Henry stated, “We are going to see more malware and more of it targeting enterprise credentials. Mobile malware in the corporate environment will be a huge problem in 2013. Phishing attacks will continue to be the number one way to infect systems. Vishing will also increase as a result of VoIP usage.” Smartphone market share, consumer usage and investigations Henry added, “BYOD equals BYOM (bring your own malware). While 80% of companies are permitting BYOD, only 20% have policies in place. In addition, Android™ took 75% global market share in Q3 of we’ve seen a spike in Android malware. Forensics professionals are going 2012, and according to comScore, more than half to have to be able to handle these compromised devices.” Casey added, of the US market share in Q4 (although Kantar “Individuals and employers can best prepare to respond to mobile malware Worldpanel ComTech data shows an Apple lead by treating smartphones with the same level of care, policies and security in the US for the same period). BlackBerry®’s share measures as other computers they use to communicate, conduct business, has been slipping for some time, but is still the and support financial activities and health care. In other words, implement preferred enterprise solution for many public security measures but be prepared for the worst by having an incident and private sector organizations. What will these response plan that includes smartphones.” trends mean for mobile forensics in 2013? Besides the enterprise, malware will affect law enforcement investigations, Android will continue to come on like gang- said Murphy. “I anticipate that mobile malware will closely follow the path of busters in 2013, for both high end, consumer ‘traditional’ non-mobile malware,” Murphy said, “and that the intended uses smart phones, and down-market pre-paids. will be very similar: 1) steal money, 2) steal information, 3) invade privacy.” Continued on next page 4
  • 5. She anticipates an increase in malware and spyware used in stalking, identity Apple’s iDevices will continue to be extremely theft, and as a defense against crimes like possession of child abuse images. popular. (Carney) Keep in mind the bulk of This is profound considering Carney’s observation that most of the current bandwidth is still being used on Apple devices. mobile spyware detection tools are not forensically sound. “The non-forensic (Henry) solutions available from leading antivirus, anti-spyware commercial vendors (Lookout, Kaspersky, Symantec, Bullguard, etc.) are not sufficient for our BlackBerry’s decline will continue, even regard- rigorous requirements to preserve mobile device evidence,” he says. less of OS10’s anticipated release. Email is still vulnerable via BlackBerry servers, and no one is One specific area where mobile malware could have a serious impact: mobile writing BlackBerry apps. (Kessler) BlackBerry payment strategies. “The emerging use of mobile devices as currency devices will continue to be a major target of substitutes for credit cards, ‘mobile payments,’ has great potential to become attacks as long as they are used by government a big, bold target for malware,” said Carney. “Malware and other hacks used to organizations and corporate enterprises. (Casey) perpetrate fraud in consumer commerce could seriously curtail the emerging Also, even if BlackBerry sales trail off, they will role of mobile devices in mobile payment strategies. remain an important legacy device due to their long-time popularity. (Carney) “Mobile device forensics may serve as an early and effective, if only reactive, deterrent from a criminal justice perspective,” Carney continued. “But, mobile Windows Phone is the real wildcard in 2013. app testing and validation responsibly performed by app developers before The platform may gain market (and app launch is clearly the more proactive approach for secure mobile payments.” developers’) mind share especially if Windows 8 tablets become significant. (Carney) Windows Mobile together with Android, iOS and even counterfeit “knock-offs” will continue to FUTURE THINKING dominate the industry. (Mahalik) Could Windows 8 merge computer and mobile forensics disciplines? “I believe Windows 8 could provide the first real impetus for a merger of the two disciplines, computer forensics and mobile device forensics,” said Carney. “Microsoft has enlarged Windows 8 support of traditional computing platforms, like laptops and servers, to embrace post-PC computing platforms as well. Will Windows tablets look to us forensi- cally like hard drives and vice versa? What impact will a completely solid state device environment have on Windows forensic examinations?” On the other hand, Murphy thinks the disciplines have already merged. “It began with micro SD storage cards and has continued as examiners use traditional tools along with mobile forensic tools to get the most out of their examinations,” she explained. However, Carney believes tablets may take this concept a step further. “We are talking about the whole device, not just a memory add-on,” he said. Casey agrees. “I anticipate more users combining their phone and tablet usage into a single mobile device,” he said. “This will make these devices more important as sources of evidence (perhaps the sole source of evidence in some cases).” 5
  • 6. Legal, regulatory and legislative impact on mobile forensics Carney noted that mobile device search and seizure issues are too unsettled to project how they will ultimately affect the mobile forensics industry. However, he believes two specific issues are important to watch: global positioning systems geo-data, especially tracking devices; and privacy and liability concerns regarding access to employee owned mobile devices (BYOD), which confound the corporate legal department,” he added. Courts, too, are struggling. Both Murphy and Kessler believe that judges, prosecutors and police need better education about the evidence that mobile devices contain, the extent to which they contain it, and what this means for privacy and pretrial discovery. “Lawmakers and judges both seem to be looking at cell phones much more critically than they did computers, but because few understand the nature of the technology, they are proposing laws and making rulings that err too greatly on the side of caution,” said Kessler. Casey added, “I anticipate that courts will continue to react against investigative haste and missteps, as they have done with other sources of digital evidence in the past. Privacy concerns are heightened by the personal nature of mobile devices, which accompany people wherever they go and enable investigators to reconstruct movements, communications, and other personal details.” These issues have led to an unpredictable, constantly shifting legislative and regulatory environment. As Murphy pointed out, criminal and civil courts at various levels across 50 states are not likely to come up with consistent rulings this year. Henry has noticed a similar trend. “Legal decisions mostly depend on geographic boundaries, and differ from state to state,” he said. “In more traditionally liberal states we are seeing a greater erosion of privacy rights, and in other states there has been greater push back.” However, Murphy is optimistic that it will settle. “As the courts become more aware of technology and privacy issues, they will make more well-reasoned decisions about the legal ramifications of search and seizure, acquisition and analysis,” she said. This will be shaped partly by the regulatory environment, which is also in flux. Carney questioned whether digital forensic examiners might be required to be licensed in more states, or even by the federal government one day; whether labs could be inspected and qualified against uncertain criteria; and whether examiners might be required to obtain non-vendor- specific, mobile forensic certifications that do not yet exist. Murphy agreed. “Regulators don’t seem to make decisions with practitioners’ perspective in mind,” she explained. “One size fits all solutions are impossible 6
  • 7. to find, but everyone seems to be looking for them.” Thus Casey believes more than just decision-makers have a duty in this area. “Mobile forensics professionals will have to keep updated on privacy protection legislation and data breach regulations,” he stated, “in much the same way as other forensic professionals have to be aware of these issues. More stringent requirements will put more constraints on mobile forensic practitioners, and require digital investigators to have greater awareness of the privacy issues associated with data on mobile devices.” Planning for mobile evidence’s relevance to litigation and e-discovery in the coming year Legal issues from mobile evidence extend to civil litigation, as well. “Mobile device forensic examiners are now challenged to find new ways to load their mobile data from phones and tablets into litigation support and e-discovery systems,” said Carney. “The challenge, of course, is not just the data load, but more importantly, formatting, tagging, and structuring the data such that it will support important, new e-discovery capabilities like early case assessment (ECA) and predictive coding.” Carney continued, “Organizations can plan for the coming onslaught of mobile device evidence by educating themselves on mobile as a new, relevant and probative form of evidence that will shape civil litigation in coming years. Organizations can begin evaluating and selecting mobile device forensic tools that have the promise to integrate well with litigation support and e-discovery tools in meaningful ways during the coming New Year and beyond.” “E-discovery experts need to be just as trained on mobile devices as computers,” said Mahalik. “Most companies provide cell phones to employees and these are often a part of the investigation. Unique data could be missed if the mobile device is handled improperly.” To this, Casey added: “The industry should resolve to provide stronger capabilities for enterprise-wide smartphone investigations to support the investigation of data breaches targeting smartphones and the needs of e-discovery. In addition, organiza- tions should seriously consider data protection and retention on mobile devices to manage the risks associated with data breach and e-discovery. ” “This will grow rapidly this year due to the blind adoption of BYOD,” said Henry. “We will also continue to see more mobile data with regards to litigation in the coming year. Mobile forensics is growing and it will continue to become a more profitable venture moving forward.” 7
  • 8. How mobile forensics tools and practices should evolve in 2013 Murphy believes that forensic tools and practices will continue to evolve to fit immediate needs, “close on the tail of technological and legal changes in the mobile device world,” she said. Mahalik agreed. “The tools are always playing catch up to the fast paced device releases and this will continue,” she said. “Support for Windows Phone 7 and 8 is limited and will need to improve,” Mahalik added. “Practices are going to have to include bypassing more passwords / locks and device encryption. [Vendors should also] focus on supporting one device to the best of their ability. For example, if iOS support is your main goal, support all aspects of it (logical, file system and physical). Don’t partially support it.” On a related point, Carney seeks real forensic solutions for mobile spyware “before the need outpaces our capabilities as examiners. I know of only one tool that lightly supports the forensically sound detection of just a few mobile spyware apps,” he said. In addition, he sees mobile app support as “the new measuring stick for mobile device forensic tools’ superiority.” Casey, meanwhile, wants to see more capabilities to support investigation of data breaches and malware-related incidents. On the other hand, Carney sees the recent and growing emphasis on advanced visualization as a positive step. “Basic support for timelines took great leaps forward during 2012,” he explained. “Even rudimentary geo-data and map visualizations appeared in 2012. I think we’re going to go much further in 2013. “And I’m quite excited about the activity analytics and social graphs that I’m seeing coming out of phone contact data as integrated with profiles from mobile apps and other important mobile data,” Carney continued. “This visual information is going to allow us to get the big picture and discover quickly who the significant custodians and actors are in the case. Mobile device forensic tools are going to help us get that big picture more effectively in 2013.” Henry believes this will only be possible if the industry abandons basic logical analysis and agrees only to perform full physical analysis of devices. Most broadly, however, mobile forensics practitioners must keep a close eye on manufacturers’ development trends. Says Gary Kessler: “It’s incumbent on both tool vendors and forensic examiners to keep up with, if not stay ahead of, the manufacturers.” 8
  • 9. The Questions 1. In your opinion, what are the biggest mobile forensics trends on the horizon for 2013? 2. Rank the following trends in mobile forensics for the year ahead 1-6, in order from most to least important, with 1 being the most important: __ Critical data stored not only on the device but in apps as well __ Device passwords, encryption, prepaid versions, and other technology posing obstacles for law enforcement and private sector investigative professionals __ Challenges with new closed security on Apple devices; conversely, challenges with open platforms such as Android __ Upcoming digital forensics regulation and legislation, and how it may impact mobile investigations __ Helping law enforcement, corporate security and legal professionals stay abreast of trends, precedents and technology affecting mobile devices as “witnesses” in criminal and civil investigations __ Other (Add one trend not listed above) 3. If there is a New Year’s resolution the mobile forensics industry should make, what should it be? 4. What are the biggest challenges facing mobile forensics professionals in 2013? 5. How will the evolving regulatory and legislative environment in the areas of digital forensics, electronic communications and privacy impact the mobile forensics industry in 2013? 6. How do you anticipate mobile security, apps development and storage evolving in 2013, and what impact will these advancements have on mobile forensics? 7. How do you anticipate mobile forensics tools and practices evolving in 2013? 8. Android took 75% market share in Q3 of 2012. Apple’s and BlackBerry’s leads are slipping. What other changes do you anticipate in the mobile market in 2013? How do you anticipate these trends affecting usage—and thus investigations? 9. How do you anticipate courts deciding cases on the seizure, acquisition and analysis of cell phone evidence, and what effect will these decisions have on the mobile forensics industry in the year ahead? 10. What trends do you anticipate regarding mobile malware: its genesis, impact and how criminals will use it? How can individuals and their employers best prepare to prevent and respond to mobile malware? 11. How should organizations plan for mobile data’s relevance to litigation and e-discovery in the coming year? 9
  • 10. About UFED from thousands of legacy and feature phones, smartphones , portable GPS devices, and tablets with ground-breaking physical extraction capabilities for the world’s most popular platforms – BlackBerry®, iOS, Android, Nokia, Windows Mobile, Symbian and Palm and more. ESN IMEI, ICCID and IMSI information and more. About Cellebrite Founded in 1999, Cellebrite is a global company known for its technological breakthroughs in the cellular industry. A world leader and authority in mobile data technology, Cellebrite established its mobile forensics division in 2007, with the Universal Forensic Extraction Device (UFED). Cellebrite’s range of mobile forensic products, UFED Series, enable the bit-for-bit extraction and in-depth decoding and analysis of data from thousands of mobile devices, including feature phones, smartphones, portable GPS devices, tablets and phones manufactured with Chinese chipsets. Cellebrite’s UFED Series is the prime choice of forensic specialists in law enforcement, military, intelligence, corporate security and eDiscovery agencies in more than 60 countries. Cellebrite is a wholly-owned subsidiary of the Sun Corporation, a listed Japanese company (6736/JQ) www.ufedseries.com BlackBerry® is a registered trademark of Research in Motion (RIM) Corp. Android™ is a trademark of Google Inc. iPhone® is a trademark of Apple Inc., registered in the United States and other countries. HEADQUARTERS USA GERMANY Cellebrite Ltd. Cellebrite USA, Inc. Cellebrite GmbH 94 Em Hamoshavot St. 266 Harristown Rd., Suite 105 Am Hoppenhof 32a Petah Tikva 49130 Glen Rock, NJ 07452 33104 Paderborn Israel USA Germany Tel: +972 3 926 0900 Tel: +1 201 848 8552 Tel: +49 52 51 54 64 90 Fax: +972 3 924 7104 Fax: +1 201 848 9982 Fax: +49 52 51 54 64 9 49 www.ufedseries.com © 2013 Cellebrite Mobile Synchronization LTD, All rights Reserved