Covid-19 Update: We've taken precautionary measures to enable all staff to work away from the office. These changes have already rolled out with no interruptions, and will allow us to continue offering the same great service at your busiest time in the year.

Mobile Incident Response & Investigations

3917 words (16 pages) Essay in Technology

18/05/20 Technology Reference this

Disclaimer: This work has been submitted by a student. This is not an example of the work produced by our Essay Writing Service. You can view samples of our professional work here.

Any opinions, findings, conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of UK Essays.

Abstract

This white paper report is about mobile network incident response and investigation. We are going to discuss the technology of Mobile networks as it was central to telecommunications with which the mobile devices have become an important part, been a daily life needs a device for personal and business process purposes. Also, we are going to discuss the modern trends in mobile technology, the law, regulations, and forensic handling of mobile devices. This report contain insight into mobile technology digital forensic and accident response capabilities for a law enforcement unit.

Moreover, the project work will contain the analysis and presentation of forensic information and the biggest threats in mobile forensic as well as discussing the biggest threat in mobile forensics and recommend a possible solution to mitigate the threat.

Technology of Mobile Networks – Overview.

The technology behind mobile network can never be accurately discussed with mentioning mobile device network transmission, mobile phone devices communication, cellular -to- cellular communication, mobile switching centers, and base switching subsystems.

Mobile Device Transmissions

For mobile device users to communicate with other users using different frequencies, one for sending and the other for receiving. Also, they need two important technology schemes that include- Global Systems for Mobile Communication (GSM) which is world-wide and Code Division Multiple Access (CDMA) that are mostly used in the United States. CDMA assigns codes to each phone call which allows across frequency communication while LTE is the global standard for wireless networks. AT&T and T Mobile use GSM, while Verizon and Sprint use CDMA technology schemes to transmit network to user’s mobile devices. (Tyler Lacoma, 2019).

Mobile Phone Communication-

 Mobile communication was initially intended for voice communication only, but over time, there are multiple offering now that include SMS. Bluetooth, gaming, camera, video recorders. MSS for sending and receiving photos and video. MP3 player, radio and GPS. The modern-day mobile phone devices can communicate on 1m664 channels or more, And the mobile phones operate within the cells, to be able to switch on to different cells as the users move around. The grade of service (GOS) is the quality customer’s experience which is measuring the systems congestion and the probability of calls failing due to increased network traffic (D Mohahkumar, 2019).

Cellular -to -Cellular Communication-

 When the cell phone is powered on, it listens for a system identification number (SID), a 15-bit numeric identifier, in the control channel.  When the cellular device receives the SID, it compares it to the SID programmed into the device.  If both SIDs match, then the device knows that the cell it is communicating with the correct device (D Mohankumar, 2014). The SID is a five-digit number assigned to the carrier by the FCC to the device and the Electronic Serial Number (ESN) is a permanent 32-bit number that is programmed into the mobile communication device.

Mobile Switching Centers-

 Mobile phone switching centers (MSC) is a core part of GSM systems. The switching centers enhances the process of call initiation and transferred. When a caller makes a call, the call is first routed from mobile station to BTS, then BTS transferred it to MSC, then MSC will scan the mobile phone number that is dialed by the caller for authenticity. The mobile switching center serves as an administrator for the handovers to wireless base stations, the records for the mobile subscriber location, services, and billings (Umar Maniar,2018).

Base Switching Subsystems-

 The base station subsystems (BSS) is another critical component of a mobile phone call transmission network that handles traffic and signals between mobile devices and the network switching subsystems. BBS carries out transcoding of speech channel, allocation of radio channels to mobile phones, transmission, and reception over the air interface and many other tasks related to the radio network. Base switching subsystems is composed of two-part- The Base Transceiver station (BTC) and The Base Station Controller (BSC) (Tutorialspoint-,2019).

 Furthermore, with smartphones, tablets and other mobile communication devices to meet the demands of government and business, mobile devices have become more than just a personal tool. Being a necessity in most workplace settings, smart devices are commonly a part of the BYOD plan for organizations as well as mobile devices for personal use. Other wireless technologies include GPS, Bluetooth, Wi-Fi.

The Institute of Electrical and Electronics Engineers (IEEE) 802.15 technology task working group’s discussion about Wireless Area Networks (Ryuji Kohno, 2018). Wi-Fi certified tablets, computers, and mobile phones communicate with Wi-Fi, which uses radio waves in Internet router connections. Bluetooth wireless technologies transfer data across short distances commonly in tablets and cellular phones (Ryuji Kohno, 2018).

Trends In Mobile Technology.

Mobile technology has made usage of tablets and other portable computers to become more popular and there is a remarkable achievement in the new trends in mobile technology has extended to the government agency and private sector in the way they process their business. Due to mobile technology diverse functionality, mobile technology like a phone can be transformed into a digital asset to make life and business much easier. Most marketing uses mobile technology platform devices because of the availability of operating systems that has been designed basically for mobile devices and they are easy to operate (Urvish Macwan, 2017).

The total global traffic for mobile data increased by 63% from 2015 to the close of 2016; from 4.4 exabytes used per month in 2015 to 7.2 exabytes used per month at the close of 2016, nearly six hundred and fifty million mobile devices and connections were added in 2017, Fourth generation ( 4G) traffic accounted for 72% of mobile traffic in 2017 (Cisco, 2017).

As more of the global population acquires ownership of a mobile communication device, the instances of misuse or abuse have rapidly increased. One of the ways the revolution in the mobile devices’ trends will continue is of the fact that the internet has now equipped with a 4G and rapidly going into a 5 G network. The faster network will enable a high-speed data transmission in the channels, making the internet to be more flexible and easier to operate (Urvish Macwan, 2017).

Mobile Devices Operating Systems Transmission Types-

The transmission of any mobile phone /devices depends on operating systems that run on the device. The two dominant mobile operating systems are Apple’s iOS and Google Android. Apple’s iOS is a closed system, meaning all applications, the operating system, and hardware is controlled by Apple.  The total mobile OS Market share are Android 65.53 %, iOS 32.34%, Windows Phone 0.8%, Symbian 0.57%, Java ME 0.49 %. Data protection allow files to be encrypted with a random file key, which is then encrypted using a higher tier class key and stored as a file tag with the file.  Passwords are encrypted and stored in a device key escrow mechanism built into the operating system known as an iOS keychain (Broadband.co.za, 2017)

Files and passwords are both protected by access control keys, which must be known to disable the device’s GUI lock and decrypt files.  Current Apple devices have the option to perform a remote wipe of data, which destroys the unique identifier (UID) and 256 bits of the key.  “When data protection is active, the file key is obliterated when the file is deleted, leaving encrypted and generally unrecoverable”, (Ayers, Brothers, & Jansen, 2014) which means forensic investigators should disable radio communications before the examination.

Android, on the other hand is open source with software that is readily available and can be modified and customized. The statistics in the global mobile OS market share, in terms of sales to end-users from 2009 to 2018. And in the second quarter of 2018, 99 percent of all smartphones sold to end users were a phone that uses Android operating systems (Arne Holst, 2019).

Challenges and Threats-

There are varieties of mobile device manufacturers, operating systems, and interface cables.  Depending on the device, special cables only used for that version of that device may be required. These variations present a challenge to forensic investigators due to the frequent changes in operating systems. Mobile devices may support many versions of an operating system, making it difficult to tell which OS version a device may have, by simply identifying the hardware version and manufacturer.  There are a series of challenges and threats to mobile communication devices security protection. The crucial aspect of protecting sensitive data and information against malicious attacks to mobile phones application are challenges and has become a threat to the rapid development of mobile communication (Sharon Solomon, 2013).

A mobile forensic attack can be categorized into four-part

  1. OS Attacks- Vulnerabilities in operating systems
  2. Mobile APP Attack- Poor coding and development
  3. Communication Network Attacks- Bluetooth and wi-fi connections make mobile devices vulnerable.
  4. Malware Attacks- Malware that deletes file can create problems for mobile devices.

Multiple issues that can result from the above-listed attack to a mobile communication device- Issues like below-

-          Physical security

-          Multiple User Logging

-          Secure Data storage

-          Mobile browsing

-          Application Isolation

-          Systems updates

-          Device Coding issue

-          Bluetooth Attacks (Sharon Solomon, 2013).

Acquisition of data may be further complicated due to most devices do not operate as stand-alone data sources. Many mobile devices constantly synchronize with other devices and applications via the cloud, which could potentially impact the collection and preservation of data.  Considerations regarding software and applications that may be part of the synchronization process, volatile data, and security obstacle should be greatly regarded (Ayers, Brothers, & Jansen, 2014). 

The identification of data can also be complicated due to fragmentation of certain operating systems, different versions within each operating system, and different variations between carriers. The process of lawful retrieval of mobile devices and data for evidence has increased in complexity as mobile technology devices have become more complex.  Forensic teams are required to be aware of these laws as well as of the mobile technology.

Embedded Device Forensics

The operating system in the mobile device uses embedded objects to achieve specific purposes, such as to use an application or to connect to a network. Several types of solid-state memory are used, to include random access memory, read-only memory, programmable ROM, and for electric RAM. Embedded devices such as GPS and gaming systems are examples of RAM storage usage. Some mobile embedded devices in many cases are connected to a cloud services that provide data storage functionality (Mike Chapple, 2019).

There are several reasons why the recovery of data in the embedded device may be necessary. Evidence of crimes, data associated with vehicular accidents, malfunctions which comprise business operations, and the need for visual identification (Ayers, Brothers, & Jansen, 2014).  As with forensic investigations of other technologies, all the steps, phases, activities, or processes in the mobile device forensic investigation must be documented in writing, as well as with photographs, sketches, and videos when possible.

 The mobile forensics processes encompass preservation of data and device, acquisition, an examination of the data, analysis, and the creation of a report. Data collection methods consist of gate read, manual, pseudo-physical, logical, and circuit read acquisitions.  During the first phase of the forensic investigation, digital traces are performed; while in forensic laboratories with limited resources, the most promising digital traces are investigated. The criteria for forensic research of embedded systems include the probability of digital clues that are relevant techniques, universal methods, the degree of industry support tools, and the potential for deployments without the need for specialized equipment or knowledge. The forensic soundness of the embedded device forensics is a measure of how much the original data has been changed or altered in the process (Ayers, Brothers, & Jansen, 2014).

Laws, Regulations and Forensic Handling of Mobile Devices.

Acquisition of data in mobile devices during a forensic investigation is a complicated issue because as the mobile device’s technology grows, the forensic investigation regulatory actions and lawsuits must be proactive in the way investigator collect data in the suspect’s mobile device.

Without proper legal steps like a warrant to collect mobile devices data in forensic investigation, it will lead to missed opportunities, wasted effort, and time. More importantly, increased legal trouble (Scott Polus, 2016). The laws governing electronic evidence in criminal investigations are obtained from privacy laws and the fourth amendment.  Forensic investigators must obtain appropriate authorization before devices being seized and processed, whether it is a search warrant, written letter from an attorney, client, employer, or voluntary consent from the owner of the device. The fourth amendment protects the rights of individual persons and their personal effects against unreasonable searches and seizures without a proper warrant making it imperative to follow the proper protocol (Scott Polus, 2016).

Considerations for Handling Investigative Technique

Handling of digital evidence including all activities related to seizure, storage and transferred of the evidence should be documented and maintained using a chain of custody log. Chain of custody form required details about case number, victim, date/time, location of seizure. Evidence items number, and location of the evidence, If the chain of custody is broken or jeopardized, the investigation is a failure.

Manual data extraction by physically manipulates the device using buttons or the touch screen to review the device’s contents for digital evidence. Logical extraction uses a connection devices or workstation to extract minimal manual manipulation of the device. “Physical extraction is quite different in that a bit-by-bit copy of any data present on the device is made, regardless of file system management or the type of operating system”, (Ayers, Brothers, & Jansen, 2014).

Mobile Forensic Tools-

Any forensic imaging tools used in search and seizure are critical to the mobile forensic investigation., and the tools must be approved by the court. Popular forensic tools for manual mobile devices include-

  1. Project -A-Phone
  2. Fernico ZRT
  3. EDEC Eclipse

Popular forensic tools for Logical Extraction in Mobile devices includes-

  1. XRY Logical
  2. Oxygen Forensic Suite
  3. Lantern (Infosecinstitute.com, 2019).

Analysis and Presentation of Forensic Information

File System Analysis

File-based approach to forensic data analysis requires the analyst to locate the data, extract and processes the files that are identified by the file systems metadata. Bulk analysis approaches identify and extract the files without the files systems metadata. Mobile devices are made up of a system-level microprocessor which minimizes the supporting chip requirements. Existing forensic tools for file system analysis try to recover data belonging to deleted information (Science Direct, 2010).

Techniques for Working through Security Measures-

Attacks on a mobile device may be direct or indirect, interceptions of data, malware attacks, or other methods of exploitation. Because a live analysis may compromise the integrity of the collected data, programs which recover dumped data are required in some cases (Ayers, Brothers & Jansen, 2014). One method to ensure data integrity is the use of the Personal Unblocking Key (PUK) to access the mobile device due to it being embedded in the device and unable to be altered. Such codes can be issued by the device manufacturer with the proper legal request for said access. There are noticeable obstacles to a forensic examination of a mobile device that includes software-based, hardware-based, and investigative. For example, trying to brute force a password on mobile devices in a forensic investigation may result in loss of all evidence (Ayers, Brothers, & Jansen, 2014).

 Third-party applications are an additional hurdle in forensic investigations due to the holes these applications leave in the overall security of a device. When installing these third-party security applications, users eagerly give permit to their device data often without being fully aware due to failure to properly review the disclosures of the application. These applications then share the information from that device with other application developers or even with companies for marketing and advertisement and at times for malintent. Also, some files are deleted logically to make the file invisible to the end-users therefore allow the space left by the deleted file to store a new file. But by using data or file carving method in mobile forensic investigation, all previously deleted or hidden files can be recovered for analysis (US Dept of Justice, 2004).

Biggest Threat in Mobile Forensics.

 Data Carving & File Systems-

 Data carving is a method of file extraction in which raw data is retrieved according to the file format. Because files are usually logically deleted, this makes the file invisible to the end- user. Data carving is done on a disk when a file is analyzed to extract file that is missing due to allocation information (Antonio Merola,2008). Newman’s fast algorithm can locate multiple files, many of which are captured within one node. In-place carving causes reductions in recovered data outside of the target data that is unused after the excavation and this is a threat to mobile devices forensic investigation (Antonia Merola, 2008).

Case Reporting

 The case report of a digital forensic investigation provides a detailed summary of the examination from the beginning of the process to the end. This case report must be presented in a format that is both organized and in compliance with local laws and regulations. A case report must include digital copies of evidence, and chain of custody documentation. During a forensic investigation with faulty case reporting procedures, all missteps of the forensic team will be exposed which can includes possibilities of evidence tampering as well as evidence of loss of chain of custody -e.g. OJ Simpson case – where there was evidence of racism within the LAPD, broken of chain of custody procedures ( Forensics Colleges). The examiner must also outline the techniques used to hide data, such as encryption, the method used to unhide said data and file name associated with the data findings. Without proper case reporting, there exists enormous threat to a mobile forensic investigation (Forensics College,2019).

References

Get Help With Your Essay

If you need assistance with writing your essay, our professional essay writing service is here to help!

Find out more

Cite This Work

To export a reference to this article please select a referencing style below:

Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.

Related Services

View all

DMCA / Removal Request

If you are the original writer of this essay and no longer wish to have the essay published on the UK Essays website then please:

Related Lectures

Study for free with our range of university lectures!