SlideShare ist ein Scribd-Unternehmen logo

Reduce Lab Backlog with Mobile Data Forensic Previews

Als PPTX, PDF herunterladen
Cellebrite
Cellebrite

Forensic previews have been valuable in separating the hard drives, game systems, cameras, and other digital devices that are relevant to a case, from those that are not relevant. Historically, mobile devices have not been part of this analysis -- even though they are at least as important. This session will detail what’s involved with mobile device previews, including how they prepare case agents to communicate their needs to forensic examiners.

MobilTechnologieBusiness
1 von 30
Reducing Backlog: Mobile Forensic Previews Lee Papathanasiou Cellebrite: Sales Engineer, Forensics
Mobile Device Proliferation
*As of January 2014:  90% of American adults have a cell phone  58% of American adults have a smart phone  32% of American adults own an e-reader  42% of American adults own a tablet Multi-Device Environment Source: Pew Research Center http://www.pewinternet.org/
Volume & Complexity of Data
Volume & Complexity of Data
Mobile Device Exams Increase  Statistics from three cities in North America anecdotally* show a steady increase in the ratio of mobile forensic exams to computer exams starting from 2005 to present. *No standards exist for the tracking of forensic lab statistics, so not all labs report the same way. In addition, labs’ own reporting may be inconsistent from year to year. Other variables, such as trends in investigations themselves, have not been accounted for.
Mobile Forensics: A Team Effort
Today’s model of mobile device evidence collection ■ Forensic Examiner performs extraction & analysis at the Lab ■ First Responder Secures Scene ■ Investigator Seizes Evidence: “Bag and Tag”
Limitations of Current Model ■ Actionable information NOT available to First Responder o Result: Opportunity for time-sensitive decisions is missed which could mean the difference between Life and Death ■ Evidence becomes more vulnerable the longer it sits at scene o Result: Evidence on the device is remotely Wiped/Deleted ■ The importance of evidence is not identified or qualified at scene o Result: Lack of insight leads to collection of unnecessary evidence and directly contributes to EVIDENCE BACKLOG! ■ Field personnel are not being utilized to their full capacity o Result: The inefficient use of resources is an unnecessary Waste of Money ■ Forensic Examiners are spending valuable time on basic evidence collection o Result: Less time available to focus on the deeper/complex examinations which can yield important evidence & deleted information. This amounts to a Waste of Talent.
Mobile Forensics: Multi-Tiered Model
Location Hierarchy Least Most Gradient Scale
Personnel Hierarchy Least Most Gradient Scale
Function Hierarchy Least Most Gradient Scale
Multi-Tiered Model Reduces Backlog! ■Increases Quality of evidence in lab ■Empowers existing personnel with mobile forensic technology ■Enables rapid evidence collection & preview in field ■Decreases Quantity of evidence in field ■Result: More Leads in Less Time
Use Cases that can Benefit ■Monitoring Probation/Parole ■Child Abuse Image Investigations ■Drug Interdiction ■Substantiate Victim Claims ■List goes on…
Implementation Requirements: EEE ■Education ■Engineering■Enforcement
■Data collection & review contributes to officer/civilian safety Education: Academy Level ■Eliminate & Prevent Intimidation ■Academy Curricula needs to be prioritized & updated ■SOP & Training need to compliment each other
Education: Field Level ■Evidence Handling & Collection ■Establish guidelines for escalations to lab (i.e. Prosecution over Intel, Felonies over Misdemeanor) ■Incorporate 15 min hands-on training during briefings ■Keep current with warrant templates, preservation letters, etc.
■Types of Evidence Collected: Textual Data and/or Media Files? (Dictates bandwidth & storage capacity needed) Engineering: Data Management Infrastructure ■Decide on method of transferring and/or storing evidence ■Need to maintain Chain of Custody and Integrity of data ■Remote Storage: Secure 4G/WiFi connection. VPN Tunneling. ■Local Storage: Hard Drive/ Flash Drive/ SD Card – Logistics
■Software must have built-in reviewing & basic analysis capabilities Engineering: Mobile Forensic Solution ■Mobile forensics software solution needs to be flexible & easy to use ■Software needs to be able to support extraction from an immense variety of mobile devices in order to be effective ■A laptop/tablet or stand-alone forensic device will be required. Preferably semi or fully ruggedized with relatively small footprint
© 2014 Cellebrite Mobile Synchronization LTD, All rights reserved • Purpose built • Closed for other applications • No User maintenance • Extraction only UFED Touch • Multiple tools single platform • Full Cycle capabilities • HW upgrade at your own pace • Chose your platform – Flexibility UFED 4PC • Single source • Multiple tools single platform • Full Cycle capabilities • No user installation • Standalone and ruggedized UFED TK
© 2014 Cellebrite Mobile Synchronization LTD, All rights reserved UFED: Extract & Preview
■SOP should set clear expectations for everyone involved including when to escalate devices to a forensic specialist Enforcement ■Controls need to be in place to prevent abuse ■Establish Policies as well as SOP to enforce training & evidence collection methodologies ■Software solution needs to of facilitate these requirements. User & Permission Management, Logs, Training verification
Enforce: UFED Permission Manager User Authentication and Permission Management ■ Profile defines authorized actions ■ By action ■ By data type (where applicable) ■ Profiles are assigned to Users ■ Import / Export Users list
■Examples: Search Warrant Consent Probation/Parole Exigent Circumstances Search Incident to Arrest Plain Sight Enforcement: Rules of Engagement ■Laws vary from state to state and are in constant flux ■Consult legal authorities to ensure adherence to law
Data Triage & Public Safety
Data Triage & Public Safety Traffic Accidents – Was the driver distracted by their phone? Where were they last? Time sensitive situations that can significantly benefit from mobile device collection at scene of incident: Active Shooter – Did they have accomplices? Abductions – Who was their abductor? Where were they last? Bomb Threats – Where is the bomb located? What is the detonation device?
This is only the Beginning!! ■Decision making in the field can be improved even further • Imagine collecting evidence from a mobile device on scene and then running that data against a database…. Fugitives Abductees Drug Terms Gang Members Terrorists Explosives Stolen VINs Etc…..
■State & Local Fusion centers will have more diverse datasets to utilize which will increase situational awareness. Impact on Crime Prevention ■Mobile Device Evidence also has value downstream ■Intel & Crime Analysts benefit from high quality data ■The variety of data on mobile devices can contribute significantly to predictive analytics & crime prevention efforts
THANK YOU!! Lee Papathanasiou lee.papa@cellebrite.com 201-848-8552 Ext. 106

Empfohlen

Verification and Validation of Findings
Verification and Validation of FindingsVerification and Validation of Findings
Verification and Validation of FindingsCellebrite
 
Trends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and ArtifactsTrends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and ArtifactsCellebrite
 
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...Cellebrite
 
Ce hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handlingCe hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handlingVi Tính Hoàng Nam
 
Technical Challenges in Cyber Forensics
Technical Challenges in Cyber ForensicsTechnical Challenges in Cyber Forensics
Technical Challenges in Cyber ForensicsOllie Whitehouse
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsShreya Singireddy
 
Business Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicBusiness Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicDhiren Gala
 
computer forensics
computer forensicscomputer forensics
computer forensicsshivi123456
 

Empfohlen

Verification and Validation of Findings
Verification and Validation of FindingsVerification and Validation of Findings
Verification and Validation of FindingsCellebrite
 
Trends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and ArtifactsTrends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and ArtifactsCellebrite
 
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...Cellebrite
 
Ce hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handlingCe hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handlingVi Tính Hoàng Nam
 
Technical Challenges in Cyber Forensics
Technical Challenges in Cyber ForensicsTechnical Challenges in Cyber Forensics
Technical Challenges in Cyber ForensicsOllie Whitehouse
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsShreya Singireddy
 
Business Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicBusiness Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicDhiren Gala
 
computer forensics
computer forensicscomputer forensics
computer forensicsshivi123456
 
Computer Forensic Softwares
Computer Forensic SoftwaresComputer Forensic Softwares
Computer Forensic SoftwaresDhruv Seth
 
Data validation using CDR (Call Detail Records) and real cell tower coverage
Data validation using CDR (Call Detail Records) and real cell tower coverageData validation using CDR (Call Detail Records) and real cell tower coverage
Data validation using CDR (Call Detail Records) and real cell tower coverageNicola Chemello
 
Cyber forensics 02 mit-2014
Cyber forensics 02 mit-2014Cyber forensics 02 mit-2014
Cyber forensics 02 mit-2014Muzzammil Wani
 
Why i hate digital forensics - draft
Why i hate digital forensics - draftWhy i hate digital forensics - draft
Why i hate digital forensics - draftDamir Delija
 
Computer Forensics: You can run but you can't hide
Computer Forensics: You can run but you can't hideComputer Forensics: You can run but you can't hide
Computer Forensics: You can run but you can't hideAntonio Sanz Alcober
 
Codebits 2010
Codebits 2010Codebits 2010
Codebits 2010Tiago Henriques
 
Cyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics LectureCyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics LectureOllie Whitehouse
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensicsnoorashams
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Damir Delija
 
Computer Forensic
Computer ForensicComputer Forensic
Computer ForensicNovizul Evendi
 
Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.guestcf6f5b
 
Forensic Lab Development
Forensic Lab DevelopmentForensic Lab Development
Forensic Lab Developmentamiable_indian
 
Lect 3 Computer Forensics
Lect 3 Computer ForensicsLect 3 Computer Forensics
Lect 3 Computer ForensicsKabul Education University
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics abdullah roomi
 
Digital forensics
Digital forensics Digital forensics
Digital forensics Adriana Backman
 
Computer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP KhartoumComputer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP KhartoumOWASP Khartoum
 
The Future of Digital Forensics
The Future of Digital ForensicsThe Future of Digital Forensics
The Future of Digital Forensics00heights
 
Lect 2 computer forensics
Lect 2 computer forensicsLect 2 computer forensics
Lect 2 computer forensicsKabul Education University
 
Lect 4 computer forensics
Lect 4 computer forensicsLect 4 computer forensics
Lect 4 computer forensicsKabul Education University
 
Lect 5 computer forensics
Lect 5 computer forensicsLect 5 computer forensics
Lect 5 computer forensicsKabul Education University
 
Preparing to Testify About Mobile Device Evidence
Preparing to Testify About Mobile Device EvidencePreparing to Testify About Mobile Device Evidence
Preparing to Testify About Mobile Device EvidenceCellebrite
 
Interview Techniques for a Mobile Crime World
Interview Techniques for a Mobile Crime WorldInterview Techniques for a Mobile Crime World
Interview Techniques for a Mobile Crime WorldCellebrite
 

Weitere ähnliche Inhalte

Was ist angesagt?

Computer Forensic Softwares
Computer Forensic SoftwaresComputer Forensic Softwares
Computer Forensic SoftwaresDhruv Seth
 
Data validation using CDR (Call Detail Records) and real cell tower coverage
Data validation using CDR (Call Detail Records) and real cell tower coverageData validation using CDR (Call Detail Records) and real cell tower coverage
Data validation using CDR (Call Detail Records) and real cell tower coverageNicola Chemello
 
Cyber forensics 02 mit-2014
Cyber forensics 02 mit-2014Cyber forensics 02 mit-2014
Cyber forensics 02 mit-2014Muzzammil Wani
 
Why i hate digital forensics - draft
Why i hate digital forensics - draftWhy i hate digital forensics - draft
Why i hate digital forensics - draftDamir Delija
 
Computer Forensics: You can run but you can't hide
Computer Forensics: You can run but you can't hideComputer Forensics: You can run but you can't hide
Computer Forensics: You can run but you can't hideAntonio Sanz Alcober
 
Cyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics LectureCyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics LectureOllie Whitehouse
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensicsnoorashams
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Damir Delija
 
Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.guestcf6f5b
 
Forensic Lab Development
Forensic Lab DevelopmentForensic Lab Development
Forensic Lab Developmentamiable_indian
 
Computer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP KhartoumComputer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP KhartoumOWASP Khartoum
 
The Future of Digital Forensics
The Future of Digital ForensicsThe Future of Digital Forensics
The Future of Digital Forensics00heights
 

Was ist angesagt? (20)

Computer Forensic Softwares
Computer Forensic SoftwaresComputer Forensic Softwares
Computer Forensic Softwares
 
Data validation using CDR (Call Detail Records) and real cell tower coverage
Data validation using CDR (Call Detail Records) and real cell tower coverageData validation using CDR (Call Detail Records) and real cell tower coverage
Data validation using CDR (Call Detail Records) and real cell tower coverage
 
Cyber forensics 02 mit-2014
Cyber forensics 02 mit-2014Cyber forensics 02 mit-2014
Cyber forensics 02 mit-2014
 
Why i hate digital forensics - draft
Why i hate digital forensics - draftWhy i hate digital forensics - draft
Why i hate digital forensics - draft
 
Computer Forensics: You can run but you can't hide
Computer Forensics: You can run but you can't hideComputer Forensics: You can run but you can't hide
Computer Forensics: You can run but you can't hide
 
Codebits 2010
Codebits 2010Codebits 2010
Codebits 2010
 
Cyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics LectureCyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics Lecture
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensics
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science
 
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
 
Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.
 
Forensic Lab Development
Forensic Lab DevelopmentForensic Lab Development
Forensic Lab Development
 
Lect 3 Computer Forensics
Lect 3 Computer ForensicsLect 3 Computer Forensics
Lect 3 Computer Forensics
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 
Computer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP KhartoumComputer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP Khartoum
 
The Future of Digital Forensics
The Future of Digital ForensicsThe Future of Digital Forensics
The Future of Digital Forensics
 
Lect 2 computer forensics
Lect 2 computer forensicsLect 2 computer forensics
Lect 2 computer forensics
 
Lect 4 computer forensics
Lect 4 computer forensicsLect 4 computer forensics
Lect 4 computer forensics
 
Lect 5 computer forensics
Lect 5 computer forensicsLect 5 computer forensics
Lect 5 computer forensics
 

Andere mochten auch

Preparing to Testify About Mobile Device Evidence
Preparing to Testify About Mobile Device EvidencePreparing to Testify About Mobile Device Evidence
Preparing to Testify About Mobile Device EvidenceCellebrite
 
Interview Techniques for a Mobile Crime World
Interview Techniques for a Mobile Crime WorldInterview Techniques for a Mobile Crime World
Interview Techniques for a Mobile Crime WorldCellebrite
 
With UFED Physical Analyzer, investigative team helps prove a case for capita...
With UFED Physical Analyzer, investigative team helps prove a case for capita...With UFED Physical Analyzer, investigative team helps prove a case for capita...
With UFED Physical Analyzer, investigative team helps prove a case for capita...Cellebrite
 
Cellebrite Predictions Survey 2015
Cellebrite Predictions Survey 2015Cellebrite Predictions Survey 2015
Cellebrite Predictions Survey 2015Cellebrite
 
Preparing Testimony about Cellebrite UFED In a Daubert or Frye Hearing
Preparing Testimony about Cellebrite UFED In a Daubert or Frye HearingPreparing Testimony about Cellebrite UFED In a Daubert or Frye Hearing
Preparing Testimony about Cellebrite UFED In a Daubert or Frye HearingCellebrite
 
Festplatte
FestplatteFestplatte
FestplatteRudi2014
 
Cdma ppt for ECE
Cdma ppt for ECECdma ppt for ECE
Cdma ppt for ECEajitece
 
HDD & SSD Grundlagen
HDD & SSD GrundlagenHDD & SSD Grundlagen
HDD & SSD Grundlagenjcambass
 

Andere mochten auch (9)

Preparing to Testify About Mobile Device Evidence
Preparing to Testify About Mobile Device EvidencePreparing to Testify About Mobile Device Evidence
Preparing to Testify About Mobile Device Evidence
 
Interview Techniques for a Mobile Crime World
Interview Techniques for a Mobile Crime WorldInterview Techniques for a Mobile Crime World
Interview Techniques for a Mobile Crime World
 
With UFED Physical Analyzer, investigative team helps prove a case for capita...
With UFED Physical Analyzer, investigative team helps prove a case for capita...With UFED Physical Analyzer, investigative team helps prove a case for capita...
With UFED Physical Analyzer, investigative team helps prove a case for capita...
 
Cellebrite Predictions Survey 2015
Cellebrite Predictions Survey 2015Cellebrite Predictions Survey 2015
Cellebrite Predictions Survey 2015
 
Preparing Testimony about Cellebrite UFED In a Daubert or Frye Hearing
Preparing Testimony about Cellebrite UFED In a Daubert or Frye HearingPreparing Testimony about Cellebrite UFED In a Daubert or Frye Hearing
Preparing Testimony about Cellebrite UFED In a Daubert or Frye Hearing
 
Festplatte
FestplatteFestplatte
Festplatte
 
Cdma ppt for ECE
Cdma ppt for ECECdma ppt for ECE
Cdma ppt for ECE
 
HDD & SSD Grundlagen
HDD & SSD GrundlagenHDD & SSD Grundlagen
HDD & SSD Grundlagen
 
Festplattenpräsentation
FestplattenpräsentationFestplattenpräsentation
Festplattenpräsentation
 

Ähnlich wie Reduce Lab Backlog with Mobile Data Forensic Previews

Network and computer forensics
Network and computer forensicsNetwork and computer forensics
Network and computer forensicsJohnson Ubah
 
DIGITAL FORENSICS_PRESENTATION
DIGITAL FORENSICS_PRESENTATIONDIGITAL FORENSICS_PRESENTATION
DIGITAL FORENSICS_PRESENTATIONAmina Baha
 
Digital forensics research: The next 10 years
Digital forensics research: The next 10 yearsDigital forensics research: The next 10 years
Digital forensics research: The next 10 yearsMehedi Hasan
 
Uncover important digital evidence with digital forensic tools
Uncover important digital evidence with digital forensic toolsUncover important digital evidence with digital forensic tools
Uncover important digital evidence with digital forensic toolsParaben Corporation
 
iConference Popovsky
iConference PopovskyiConference Popovsky
iConference PopovskyBrian Rowe
 
Mobile forensics a primer
Mobile forensics a primerMobile forensics a primer
Mobile forensics a primerRajeev Chauhan
 
The Incident Response Decision Tree
The Incident Response Decision TreeThe Incident Response Decision Tree
The Incident Response Decision TreeMarc St-Pierre
 
Evidence and data
Evidence and dataEvidence and data
Evidence and dataAtul Rai
 
Building a Mobile Security Model
Building a Mobile Security Model Building a Mobile Security Model
Building a Mobile Security Model tmbainjr131
 
Conceptual Study of Mobile Forensics
Conceptual Study of Mobile ForensicsConceptual Study of Mobile Forensics
Conceptual Study of Mobile Forensicsijtsrd
 
HARNESSING THE POWER OF TECHNOLOGY IN INSTITUTIONAL CORREC
HARNESSING THE POWER OF TECHNOLOGY IN INSTITUTIONAL CORRECHARNESSING THE POWER OF TECHNOLOGY IN INSTITUTIONAL CORREC
HARNESSING THE POWER OF TECHNOLOGY IN INSTITUTIONAL CORRECJeanmarieColbert3
 
Social Issues in Computing : Forensics
Social Issues in Computing : ForensicsSocial Issues in Computing : Forensics
Social Issues in Computing : ForensicsKaruna Kak
 
ACEDS Dallas - Back to School Lessons on the EDRM
ACEDS Dallas - Back to School Lessons on the EDRMACEDS Dallas - Back to School Lessons on the EDRM
ACEDS Dallas - Back to School Lessons on the EDRMPatrickBilgere
 
Mobile_Forensics- General Introduction & Software.pptx
Mobile_Forensics- General Introduction & Software.pptxMobile_Forensics- General Introduction & Software.pptx
Mobile_Forensics- General Introduction & Software.pptxgouriuplenchwar63
 
New research directions in the area of
New research directions in the area ofNew research directions in the area of
New research directions in the area ofIJCNCJournal
 
Nhs dealing with cyber threat
Nhs dealing with cyber threatNhs dealing with cyber threat
Nhs dealing with cyber threatShikoh Khan
 
Predict Conference: Data Analytics for Digital Forensics and Cybersecurity
Predict Conference: Data Analytics for Digital Forensics and CybersecurityPredict Conference: Data Analytics for Digital Forensics and Cybersecurity
Predict Conference: Data Analytics for Digital Forensics and CybersecurityMark Scanlon
 

Ähnlich wie Reduce Lab Backlog with Mobile Data Forensic Previews (20)

Network and computer forensics
Network and computer forensicsNetwork and computer forensics
Network and computer forensics
 
DIGITAL FORENSICS_PRESENTATION
DIGITAL FORENSICS_PRESENTATIONDIGITAL FORENSICS_PRESENTATION
DIGITAL FORENSICS_PRESENTATION
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1
 
Digital forensics research: The next 10 years
Digital forensics research: The next 10 yearsDigital forensics research: The next 10 years
Digital forensics research: The next 10 years
 
Uncover important digital evidence with digital forensic tools
Uncover important digital evidence with digital forensic toolsUncover important digital evidence with digital forensic tools
Uncover important digital evidence with digital forensic tools
 
iConference Popovsky
iConference PopovskyiConference Popovsky
iConference Popovsky
 
Mobile forensics a primer
Mobile forensics a primerMobile forensics a primer
Mobile forensics a primer
 
Cyber forensics and auditing
Cyber forensics and auditingCyber forensics and auditing
Cyber forensics and auditing
 
The Incident Response Decision Tree
The Incident Response Decision TreeThe Incident Response Decision Tree
The Incident Response Decision Tree
 
Evidence and data
Evidence and dataEvidence and data
Evidence and data
 
Building a Mobile Security Model
Building a Mobile Security Model Building a Mobile Security Model
Building a Mobile Security Model
 
Conceptual Study of Mobile Forensics
Conceptual Study of Mobile ForensicsConceptual Study of Mobile Forensics
Conceptual Study of Mobile Forensics
 
HARNESSING THE POWER OF TECHNOLOGY IN INSTITUTIONAL CORREC
HARNESSING THE POWER OF TECHNOLOGY IN INSTITUTIONAL CORRECHARNESSING THE POWER OF TECHNOLOGY IN INSTITUTIONAL CORREC
HARNESSING THE POWER OF TECHNOLOGY IN INSTITUTIONAL CORREC
 
Final october interviewing_techniques
Final october interviewing_techniquesFinal october interviewing_techniques
Final october interviewing_techniques
 
Social Issues in Computing : Forensics
Social Issues in Computing : ForensicsSocial Issues in Computing : Forensics
Social Issues in Computing : Forensics
 
ACEDS Dallas - Back to School Lessons on the EDRM
ACEDS Dallas - Back to School Lessons on the EDRMACEDS Dallas - Back to School Lessons on the EDRM
ACEDS Dallas - Back to School Lessons on the EDRM
 
Mobile_Forensics- General Introduction & Software.pptx
Mobile_Forensics- General Introduction & Software.pptxMobile_Forensics- General Introduction & Software.pptx
Mobile_Forensics- General Introduction & Software.pptx
 
New research directions in the area of
New research directions in the area ofNew research directions in the area of
New research directions in the area of
 
Nhs dealing with cyber threat
Nhs dealing with cyber threatNhs dealing with cyber threat
Nhs dealing with cyber threat
 
Predict Conference: Data Analytics for Digital Forensics and Cybersecurity
Predict Conference: Data Analytics for Digital Forensics and CybersecurityPredict Conference: Data Analytics for Digital Forensics and Cybersecurity
Predict Conference: Data Analytics for Digital Forensics and Cybersecurity
 

Kürzlich hochgeladen

Model Call Girl in Shalimar Bagh Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Shalimar Bagh Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Shalimar Bagh Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Shalimar Bagh Delhi reach out to us at 🔝8264348440🔝soniya singh
 
Chandigarh Call Girls Service ❤️🍑 9115573837 👄🫦Independent Escort Service Cha...
Chandigarh Call Girls Service ❤️🍑 9115573837 👄🫦Independent Escort Service Cha...Chandigarh Call Girls Service ❤️🍑 9115573837 👄🫦Independent Escort Service Cha...
Chandigarh Call Girls Service ❤️🍑 9115573837 👄🫦Independent Escort Service Cha...Niamh verma
 
哪里有卖的《俄亥俄大学学历证书+俄亥俄大学文凭证书+俄亥俄大学学位证书》Q微信741003700《俄亥俄大学学位证书复制》办理俄亥俄大学毕业证成绩单|购买...
哪里有卖的《俄亥俄大学学历证书+俄亥俄大学文凭证书+俄亥俄大学学位证书》Q微信741003700《俄亥俄大学学位证书复制》办理俄亥俄大学毕业证成绩单|购买...哪里有卖的《俄亥俄大学学历证书+俄亥俄大学文凭证书+俄亥俄大学学位证书》Q微信741003700《俄亥俄大学学位证书复制》办理俄亥俄大学毕业证成绩单|购买...
哪里有卖的《俄亥俄大学学历证书+俄亥俄大学文凭证书+俄亥俄大学学位证书》Q微信741003700《俄亥俄大学学位证书复制》办理俄亥俄大学毕业证成绩单|购买...wyqazy
 
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost LoverPowerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost LoverPsychicRuben LoveSpells
 
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun serviceCALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun serviceanilsa9823
 
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,Pooja Nehwal
 
9892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x79892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x7Pooja Nehwal
 
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual serviceanilsa9823
 

Kürzlich hochgeladen (8)

Model Call Girl in Shalimar Bagh Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Shalimar Bagh Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Shalimar Bagh Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Shalimar Bagh Delhi reach out to us at 🔝8264348440🔝
 
Chandigarh Call Girls Service ❤️🍑 9115573837 👄🫦Independent Escort Service Cha...
Chandigarh Call Girls Service ❤️🍑 9115573837 👄🫦Independent Escort Service Cha...Chandigarh Call Girls Service ❤️🍑 9115573837 👄🫦Independent Escort Service Cha...
Chandigarh Call Girls Service ❤️🍑 9115573837 👄🫦Independent Escort Service Cha...
 
哪里有卖的《俄亥俄大学学历证书+俄亥俄大学文凭证书+俄亥俄大学学位证书》Q微信741003700《俄亥俄大学学位证书复制》办理俄亥俄大学毕业证成绩单|购买...
哪里有卖的《俄亥俄大学学历证书+俄亥俄大学文凭证书+俄亥俄大学学位证书》Q微信741003700《俄亥俄大学学位证书复制》办理俄亥俄大学毕业证成绩单|购买...哪里有卖的《俄亥俄大学学历证书+俄亥俄大学文凭证书+俄亥俄大学学位证书》Q微信741003700《俄亥俄大学学位证书复制》办理俄亥俄大学毕业证成绩单|购买...
哪里有卖的《俄亥俄大学学历证书+俄亥俄大学文凭证书+俄亥俄大学学位证书》Q微信741003700《俄亥俄大学学位证书复制》办理俄亥俄大学毕业证成绩单|购买...
 
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost LoverPowerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
 
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun serviceCALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
 
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
 
9892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x79892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x7
 
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
 

Reduce Lab Backlog with Mobile Data Forensic Previews

  • 1. Reducing Backlog: Mobile Forensic Previews Lee Papathanasiou Cellebrite: Sales Engineer, Forensics
  • 3. *As of January 2014:  90% of American adults have a cell phone  58% of American adults have a smart phone  32% of American adults own an e-reader  42% of American adults own a tablet Multi-Device Environment Source: Pew Research Center http://www.pewinternet.org/
  • 6. Mobile Device Exams Increase  Statistics from three cities in North America anecdotally* show a steady increase in the ratio of mobile forensic exams to computer exams starting from 2005 to present. *No standards exist for the tracking of forensic lab statistics, so not all labs report the same way. In addition, labs’ own reporting may be inconsistent from year to year. Other variables, such as trends in investigations themselves, have not been accounted for.
  • 8. Today’s model of mobile device evidence collection ■ Forensic Examiner performs extraction & analysis at the Lab ■ First Responder Secures Scene ■ Investigator Seizes Evidence: “Bag and Tag”
  • 9. Limitations of Current Model ■ Actionable information NOT available to First Responder o Result: Opportunity for time-sensitive decisions is missed which could mean the difference between Life and Death ■ Evidence becomes more vulnerable the longer it sits at scene o Result: Evidence on the device is remotely Wiped/Deleted ■ The importance of evidence is not identified or qualified at scene o Result: Lack of insight leads to collection of unnecessary evidence and directly contributes to EVIDENCE BACKLOG! ■ Field personnel are not being utilized to their full capacity o Result: The inefficient use of resources is an unnecessary Waste of Money ■ Forensic Examiners are spending valuable time on basic evidence collection o Result: Less time available to focus on the deeper/complex examinations which can yield important evidence & deleted information. This amounts to a Waste of Talent.
  • 14. Multi-Tiered Model Reduces Backlog! ■Increases Quality of evidence in lab ■Empowers existing personnel with mobile forensic technology ■Enables rapid evidence collection & preview in field ■Decreases Quantity of evidence in field ■Result: More Leads in Less Time
  • 15. Use Cases that can Benefit ■Monitoring Probation/Parole ■Child Abuse Image Investigations ■Drug Interdiction ■Substantiate Victim Claims ■List goes on…
  • 16. Implementation Requirements: EEE ■Education ■Engineering■Enforcement
  • 17. ■Data collection & review contributes to officer/civilian safety Education: Academy Level ■Eliminate & Prevent Intimidation ■Academy Curricula needs to be prioritized & updated ■SOP & Training need to compliment each other
  • 18. Education: Field Level ■Evidence Handling & Collection ■Establish guidelines for escalations to lab (i.e. Prosecution over Intel, Felonies over Misdemeanor) ■Incorporate 15 min hands-on training during briefings ■Keep current with warrant templates, preservation letters, etc.
  • 19. ■Types of Evidence Collected: Textual Data and/or Media Files? (Dictates bandwidth & storage capacity needed) Engineering: Data Management Infrastructure ■Decide on method of transferring and/or storing evidence ■Need to maintain Chain of Custody and Integrity of data ■Remote Storage: Secure 4G/WiFi connection. VPN Tunneling. ■Local Storage: Hard Drive/ Flash Drive/ SD Card – Logistics
  • 20. ■Software must have built-in reviewing & basic analysis capabilities Engineering: Mobile Forensic Solution ■Mobile forensics software solution needs to be flexible & easy to use ■Software needs to be able to support extraction from an immense variety of mobile devices in order to be effective ■A laptop/tablet or stand-alone forensic device will be required. Preferably semi or fully ruggedized with relatively small footprint
  • 21. © 2014 Cellebrite Mobile Synchronization LTD, All rights reserved • Purpose built • Closed for other applications • No User maintenance • Extraction only UFED Touch • Multiple tools single platform • Full Cycle capabilities • HW upgrade at your own pace • Chose your platform – Flexibility UFED 4PC • Single source • Multiple tools single platform • Full Cycle capabilities • No user installation • Standalone and ruggedized UFED TK
  • 22. © 2014 Cellebrite Mobile Synchronization LTD, All rights reserved UFED: Extract & Preview
  • 23. ■SOP should set clear expectations for everyone involved including when to escalate devices to a forensic specialist Enforcement ■Controls need to be in place to prevent abuse ■Establish Policies as well as SOP to enforce training & evidence collection methodologies ■Software solution needs to of facilitate these requirements. User & Permission Management, Logs, Training verification
  • 24. Enforce: UFED Permission Manager User Authentication and Permission Management ■ Profile defines authorized actions ■ By action ■ By data type (where applicable) ■ Profiles are assigned to Users ■ Import / Export Users list
  • 25. ■Examples: Search Warrant Consent Probation/Parole Exigent Circumstances Search Incident to Arrest Plain Sight Enforcement: Rules of Engagement ■Laws vary from state to state and are in constant flux ■Consult legal authorities to ensure adherence to law
  • 26. Data Triage & Public Safety
  • 27. Data Triage & Public Safety Traffic Accidents – Was the driver distracted by their phone? Where were they last? Time sensitive situations that can significantly benefit from mobile device collection at scene of incident: Active Shooter – Did they have accomplices? Abductions – Who was their abductor? Where were they last? Bomb Threats – Where is the bomb located? What is the detonation device?
  • 28. This is only the Beginning!! ■Decision making in the field can be improved even further • Imagine collecting evidence from a mobile device on scene and then running that data against a database…. Fugitives Abductees Drug Terms Gang Members Terrorists Explosives Stolen VINs Etc…..
  • 29. ■State & Local Fusion centers will have more diverse datasets to utilize which will increase situational awareness. Impact on Crime Prevention ■Mobile Device Evidence also has value downstream ■Intel & Crime Analysts benefit from high quality data ■The variety of data on mobile devices can contribute significantly to predictive analytics & crime prevention efforts

Hinweis der Redaktion

  1. A multi-tiered forensic model coupled with the right mobile forensic solution will reduce the growing backlog of evidence as well as the costs associated with it. Leveraging existing resources can shorten investigative cycles as well as increase efficiency in the field & in the lab. Our industry is rapidly evolving and we feel an obligation as the market leader to educate and prepare you for this paradigm shift. I think we can all agree that the industry is at an inflection point which requires us to adapt. By working together, we can meet the demands of this increasingly complex mobile forensics world. Thank you