The adoption of mobile devices has drastically changed the mobile forensics industry in just the last year alone, and the evolving landscape presents newer challenges that demand investigators to rethink the way they work.
In a new industry forecast issued today by Cellebrite, a leading provider of mobile forensic and mobile data transfer solutions, forensics experts reveal that multiple devices, field analysis, social evidence, Big Data and mobile malware will be the driving factors in shaping the industry this year. According to the research, the following trends will directly shape mobile forensics in the coming months.
Click through for the top trends driving mobile forensics in 2014, as identified by Cellebrite.
Consumers increasingly rely on multiple devices.
Investigators are likely to find themselves analyzing data from more than one cellular phone, tablet, GPS device or other mobile media, not just per case but also per person. As a result, mobile forensic investigations have outpaced computer forensics, with the ratio increasing by as much as threefold over the past three years. “This trend shows that as mobile devices become more powerful and easier to use, more people depend on them to manage different aspects of their work and personal lives,” said Cindy Murphy, a detective with the Madison Wisconsin Police Department. “That means that investigators need ways to manage multiple sources of data to obtain a full picture of each person’s life, in the time frame that they need the information most.”
Extraction and analysis go local, shifting from the lab to the field.
Due to the rapid increase in mobile device evidence, law enforcement agencies can no longer rely solely on forensic labs at the state and federal levels. Whether as part of a search incident to arrest, the forensic preview of digital media during execution of a search warrant, or a consent to search while evaluating a complaint, almost 44 percent of survey respondents now extract mobile data in the field. “Digital forensics is becoming democratized,” said D/Sgt Peter Salter of the Police Service of Northern Ireland eCrime Unit. “Specialized expertise will always be an important strategic element within overall capability to produce robust evidence for court. However, specialists and case investigators alike both benefit from having the capability to examine exhibits locally and on the frontline. Within agreed procedures, this approach enables investigators to determine which exhibits require more in-depth investigation, as well as provide frontline investigators with rapid, controlled access to digital evidence in order to inform their critical decision making.”
Mobile evidence gets social, data sources diversify.
There are approximately 1.19 billion active users on Facebook, 300 billion tweets sent on Twitter monthly, and 16 billion photos shared on Instagram monthly. Additionally, 2013 saw more than 100 billion downloads of mobile applications. The result? Data living in social applications has become critically important as the number of criminal investigations involving data collected from these applications rose significantly. Cellebrite’s survey revealed that 77 percent of respondents believed that mobile apps were the most critical data source, followed by the cloud at 71 percent. “Documenting different communication channels that are part of a crime (e.g., Facebook, YouTube, etc.), as well as those that can lead to new witnesses, victims, suspects and alternate perpetrators is becoming more important,” said John Carney, chief technology officer at Carney Forensics. “It is necessary to contextualize mobile device data with social data from people’s online personas.”
Big data, focused analytics.
With the amount of digital evidence growing from gigabytes to terabytes in many cases, data analytics becomes even more crucial in understanding mobile evidence. Investigators need to be able to separate relevant data from the inconsequential, and then easily understand and explain the differences to themselves, colleagues, barristers/attorneys and jurors. “The ability to visualize timelines, geographical locations, and content can make all the difference in how jurors, barristers/attorneys, and others perceive the relevance of data we extract,” said Simon Lang, digital forensic manager with SYTECH.
Mobile malware impacts civil and criminal investigations.
In 2013, Cellebrite’s panel of industry experts predicted a rise in mobile malware and the resulting need for forensics examiners to understand how to recognize and analyze it together with other evidence. “Malware as a factor in fraud, intimate partner abuse, theft of intellectual property and trade secrets and other crimes is something that all investigators will need to consider with every mobile device they encounter,” said Carlos Cajigas, training director and senior forensic examiner with EPYX Forensics. “Training and practical experience are necessary to develop the level of proficiency investigators need to make these assessments.”