Offender profiling is taking a different shape, as investigators grapple with increasingly ‘social’ criminal activity

Mobile forensics has changed the methodology when it comes to offender profiling. The frequent use of mobile devices has provided investigators with another source for profiling criminal suspects, as well as an insight into their habits and personalities.

This is not just because of the volume of user voice calls and SMS texts; the amount of rich data that can be extracted from Instant Messaging (IM) and social media applications gives forensic investigators the paint and brushes to develop a detailed picture of a suspect and a criminal case. A suspect’s social media personality can offer a more tailored overview of the character, his or her likes and dislikes and a reflection of ‘who’ they really are, beyond their alleged actions. A victim’s presence on social media can also be used to find a common link to possible suspects.

Recent research from Cellebrite found that 77 per cent of respondents believed that mobile apps were a critical data source in criminal investigations. While this clearly indicates that mobile apps offer a vital source of evidence, it’s not a suggestion that investigators should solely look at mobile-based apps when building the investigative picture – evidence should be extracted from all other items of phone-based data as well.

The widespread use of mobile apps makes them a critical data source for law enforcement, both in terms of evidence and investigative leads. The value to both prosecuting and defence counsels, in a court of law, makes the neglect of such data a potentially severe barrier to solving a case.

People now more frequently use mobile devices to access social media apps, rather than using a traditional PC or laptop. Moreover, social media data that is extracted from a suspect’s mobile device provides additional characteristics such as more accurate location-based data and time proximity to another event or situation. For example, by connecting to a specific Wi-Fi network investigators can establish presence in a certain place and at a certain time correlating it with another action, possibly, on social a network.

Criminals will use various communication channels in the course of their mobile activity. For example, a suspect could use an IM app to organise a meeting, but use SMS to contact the victim. Investigators must operate a flexible forensic practice when sourcing evidential data from mobile devices, because the various channels that criminals communicate through means that a one dimensional approach to forensic evidence gathering could lead to the omission of valuable data.

While data points such as SMS text messages and GPS locations may result in an immediate lead in a criminal case, the ‘online social identity’ of a suspect will allow investigators to delve into the personality of the suspect, which in turn could help build out the case.

This social data can be extracted through the social media apps that the suspect has downloaded on their device. Facebook posts, Tweets, ‘shares’ and ‘likes’ can all give critical information to investigators hoping to build the profile of a suspect.

A suspect’s social media identity goes beyond their ‘likes’ and ‘shares’ though; it can also include immediate locational data, such as a recent ‘check-in’ at a restaurant or a shop. Even if this locational data isn’t completely current, it will still help to paint the forensic picture of a suspect in terms of where they regularly go, who they meet with, and what they do when they’re there.

In court, social data retrieved from mobile apps is fast-becoming a major source of evidence in not only building up the profile of the suspect, but also in establishing or demolishing a witness’ credibility. While social or app-based data has become a crucial evidential component to an investigator’s case, it can also act as an important part of the prosecution or defence process in court.

Offender profiling is changing as people use more social applications to communicate with one another. This is providing investigators with another source of information to build up a complete profile of a suspected criminal, which in turn offers a more comprehensive picture of a suspect in a court of law.

The amount of data that is now being consumed and shared is opening up a number of different opportunities for mobile forensic investigators, who are in a constant battle to stay one step ahead of the increasingly connected criminal.

Yuval Ben Moshe Yuval Ben-Moshe, senior forensics technical director at Cellebrite

(977)

Share

Authors – Book Reviewers – Product Reviewers – Bloggers – Evangelists

Digital Forensics Magazine is always on the look out for new talent and content and as the number one magazine for all matters Digital Forensics we are looking to expand our list of contributors. If you feel that you have something to contribute to the magazine in one of the following categories, contact us via 360@digitalforensicsmagazine.com and join the ever-growing team of international contributors who are leading the discussions.

/Authors
If you have an idea for an article, which you would like to discuss, or if you want to become a regular contributor, we want to hear from you. The field of Digital Forensics is vast and with the ever-increasing use of technology in so many aspects of daily life, not previously envisaged, the need for the Digital Forensic investigator to go beyond the hard disk and the mobile phone requires new tools and techniques. If you are involved in Digital Forensics or related research, developing new tools to solve a particular problem (especially new technology), a learning experience from a case study or just want to share your ideas and thoughts we would like to hear from you. It does not matter if you have not written before; we will work with you to craft your idea into a publishable article using our team of experienced authors and editors. If this is you then email us at 360@digitalforensicsmagazine.com or submit your article idea via the website www.digitalforensicsmagazine.com

/Book Reviewers
As we see the increasing and innovative use of technology, the need to secure and investigate said technology is increasing. As a result we see an increasing number of books being published that require review and comment. Working with the leading publishers Digital Forensics Magazine obtains these books to allow us to review and comment on. These reviews are then covered in the magazine and carried on the DFM Blog. Once selected you will be sent a list of books available for review, you then choose a title that you like and we will send you the book. You read the book and then fill out a review form to be sent back to DFM. If you would like to become a book reviewer for Digital Forensics Magazine contact us at 360@digitalforensicsmagazine.com with a CV to demonstrate that you have the required knowledge and experience to be a book reviewer.

/Product Reviewers
Digital Forensics Magazine regularly carries articles on various supporting investigative technologies and we have a number of companies that have asked us if we would consider reviewing their products. This is not a rubber stamping exercise, this is an in-depth review looking at aspects such as ease of installation, ease of use, information gained, usefulness of the product, supporting documentation etc. etc. To become a product reviewer you will need to be a suitably qualified Digital Forensics Investigator who has knowledge of the disciplines in which the technology operates. If you would like to be a product reviewer contact us at 360@digitalforensicsmagazine.com with a CV and a statement of why you believe you have the credentials to become a product reviewer.

/Bloggers
The Digital Forensics Magazine blog is an outlet for news, commentary, ideas and even the occasional rant. We are looking for Digital Forensic researchers, investigators or even those with just an interest in the subject to join our growing band of regular contributors to the blog site to provide interesting and stimulating content. The content can be wacky as well as serious, however it must be related in some way to Digital Forensics and will be checked and edited prior to publication. If you would like to become a regular contributor to the digital forensics magazine blog then contact us at 360@digitalforensicsmagazine.com

/Evangelists
Digital Forensics Magazine is a global magazine printed in English and distributed to over 40 countries including those in South Africa, South America, Australasia, Eastern Europe as well as in the UK and USA. The cost of promotion to such a large audience in all of these geographical areas is beyond the budgets of the magazine, so we are on the look out for evangelists; those people who believe passionately about Digital Forensics and are active in their own communities. DFM Evangelists receive discount vouchers to pass onto their communities as well as having direct access to the marketing team at DFM who will help them promote Digital Forensics related conferences, events and activities in their region. If you are interested in becoming a Digital Forensics Magazine Evangelist contact us at 360@digitalforensicsmagazine.com.

Digital Forensics Magazine prides itself on not just being a magazine, but also for being a source of quality, valuable, and useful information for the Digital Forensics Profession. Our goal is to bridge the gap between the academic journal and the traditional magazine. We want to hear from you on what is good or bad as well as what you would like us to include so please provide your comments to us via 360@digitalforensicsmagazine.com and if you want to get involved in one of the activities outlined we would welcome you to the growing band of professionals who contribute to the growth of the magazine.

(3168)

Share

Cellebrite’s Panel of Leading Industry Experts Identify Mobile Forensics Trends for 2013

Petah Tikva, Israel, January 23, 2013 – As 2013 gets underway, Cellebrite, the leading provider of mobile forensic and mobile data transfer solutions, has announced a list of top trends in mobile forensics that will shape the year ahead.

To gather this list, Cellebrite interviewed a number of prominent experts from law enforcement, corporations and universities, as well as industry analysts, familiar with mobile forensics, information security and e-discovery and the most advanced mobile forensic products available today. They highlighted the following nine trends as the most critical for investigative and legal professionals to prepare for the upcoming year:

1. BYOD impacts the forensics industry. While “Bring Your Own Device” (BYOD) seemed to infiltrate the enterprise in 2012, the mobile forensics industry will confront the impact of this growing trend in the year ahead. BYOD adoption across the enterprise means that forensics professionals will encounter a greater number of compromised phones. According to John Carney, Chief Technology Officer, Carney Forensics, “For e-discovery experts, BYOD will mean contending with more devices that contain both personal and corporate evidence as well as an increase in legal challenges related to device access and privacy during corporate investigations.”

2. Critical data: there’s an app for that. According to a 2012 Nielsen report, the average smartphone user has approximately 41 apps installed on a single device. “Whether it’s mobile messaging, personal navigation, social media or improving productivity – apps are going to dominate smartphones and tablets in 2013,” said Carney. “The ability to extract critical data stored in apps will become the new measuring stick by which investigators gauge the superiority of mobile forensics tools.”

3. Smarter phones mean tougher encryption. “Expect to see more encryption of data on smartphones to protect personal privacy and corporate data, which will make forensic examination more challenging,” said Eoghan Casey, founding partner at CASEITE. Password technology, too, has advanced; pattern-screen locks have hindered forensic data extraction efforts. In 2013, look for mobile forensics tools to continue to find ways to bypass a greater number of passwords and device locks, as well as address advanced encryption technology.

4. Investigators can’t put all their eggs into one mobile operating system. Though Android took 75 per cent of the market in Q3 of 2012, for mobile forensics professionals, market share isn’t everything. As Paul Henry, security and forensics analyst, vNet Security, noted, “While Android is the predominant operating system, the bulk of the bandwidth is still taking place on Apple devices, making them critical to many investigations.” In addition, despite BlackBerry’s decline in recent years, Carney said: “Their popularity for over a decade will make them an important legacy device pertinent to investigations for years to come.”

5. Windows 8 is the wildcard. Notwithstanding all the attention garnered by Android and Apple, the real wildcard for 2013 will be the rise of Microsoft in the mobile device market. While questions remain regarding how prevalent Microsoft devices will become, Cellebrite’s panel of experts predicts that the need for mobile forensic tools providing support for Windows 8 will increase in the New Year.

6. Mobile devices advance as witnesses. Look for mobile devices and the data they contain to take centre stage in both civil and criminal investigations in the year ahead. “Civil litigators are discovering that mobile device evidence is just as important as digital documents and email evidence,” said Carney. According to Heather Mahalik, mobile forensics technical lead at Basis Technology, “Now, more than ever before, e-discovery experts need comprehensive training in order to ensure the proper extraction of all relevant data from mobile devices.”

7. The regulatory and legislative landscape remains uncertain. “Lawmakers and judges are looking at cell phones much more critically than they did computers,” said Gary Kessler, associate professor, Embry-Riddle Aeronautical University and a member of the ICAC North Florida Task Force. “However, because few understand the nature of the technology, they are erring greatly on the side of caution. This speaks to the need for greater education regarding the scope and possibilities of mobile forensics and what it means for privacy and pre-trial discovery.”

8. Mobile malware’s incidence will rise. In 2013, look for malware on smartphone platforms and tablets to increase exponentially, particularly on Android devices. According to Cindy Murphy, detective, computer crimes/computer forensics, Madison Wisconsin Police Department, “The intended uses of mobile malware will be very similar to non-mobile malware – steal money, steal information and invade privacy. For law enforcement and forensics professionals, mobile malware means dealing with potentially compromised devices that may help perpetrators cover their tracks, making it increasingly difficult for investigators to meet the threshold of reasonable doubt.”

9. Data breaches via mobile will rise. “Mobile forensics vendors should resolve to provide stronger capabilities for enterprise wide smartphone investigations to support the investigation of data breaches targeting smartphones and the needs of e-discovery,” said Casey. Malware together with large-scale targeted intrusions into smartphones (targeting sensitive data) will raise enterprises’ risks for data destruction, denial of service, data theft and espionage.

“From the increasing use of mobile evidence to challenges stemming from the rise in tougher encryption methods, there are a number of areas that will demand the attention of mobile forensics professionals in the year ahead,” said Ron Serber, Cellebrite co-CEO. “As the industry continues to evolve, it will be critical for the law enforcement community, as well as the enterprise, to invest in proper training and ensure that their budgets allow them to meet the growing demand for comprehensive device analysis and data extraction.”

Cellebrite’s UFED provides cutting-edge solutions for physical, logical and file system extraction of data and passwords from thousands of legacy and feature phones, smartphones, portable GPS devices, and tablets with ground-breaking physical extraction capabilities for the world’s most popular platforms – BlackBerry®, iOS, Android, Nokia, Windows Mobile, Symbian and Palm and more. The extraction of vital evidentiary data includes call logs, phonebook, text messages (SMS), pictures, videos, audio files, ESN IMEI, ICCID and IMSI information and more.

Cellebrite’s panel of experts included:
· Eoghan Casey, Founding Partner, CASEITE
· John Carney, Chief Technology Officer, Carney Forensics; Attorney at Law, Carney Law Office
· Paul Henry, Leading Security and Forensics Analyst, Principle at vNet Security; Vice President at Florida Association of Computer Crime Investigators; SANS Senior Instructor
· Gary Kessler, Associate Professor, Embry-Riddle Aeronautical University; ICAC Northern Florida Task Force
· Heather Mahalik, Mobile Forensics Technical Lead, Basis Technology; SANS Certified Instructor
· Cindy Murphy, Detective Computer Crimes/Computer Forensics, Madison Wisconsin Police Department
· Ron Serber, co-CEO, Cellebrite

http://www.cellebrite.com/collateral/WhitePaper_MF_2013_Trends.pdf

cellebrite-logo

(3036)

Share

Issue 5 is Here

Hi folks,

Issue 5 of Digital Forensics Magazine is here. This time we’ve put together some great content on topics as far reaching as criminal profiling and volatile memory heap analysis; as well as the usual Legal section, From the Lab, and Angus Marshall’s IRQ column. We also welcome the world-famous, forensics commander-in-chief, a.k.a. Rob Lee, as one of our regulars who will be taking forward his own column in each and every issue from now on (now that’s value for money!). Also, we’ve introduced another new column to our format, this time concentrating on Mac Forensics (entitled Apple Autopsy) and at the helm of that section we welcome Sean Morrissey of Katana Forensic (and the brains behind the Lantern iOS forensics product and the forthcoming book from Apress on iOS forensics).

This is also the first of a series of special issues we’re putting together that focus on very specific themes of forensics. This idea came from a variety of 360 feedback letters and we believe it is a fantastic way of ensuring you get the biggest bang for you buck from your subscription. Issue 5 focuses on all aspects of Training & Education, opening the Pandora’s box of all the difficult issues of professionalism that you face every day.

Finally, we hope that you enjoy this issue of Digital Forensics Magazine, and please spread the word as we’ve really enjoyed our first year and want to make sure we continue publishing long into the future. We welcome all comments to our 360 department and will attempt to answer all your letters as quickly as possible.

Bye for now!

Ed

(587)

Share

Digital Forensics Survey Help

Hi everyone,

Our publisher, Tony Campbell, is running a survey as part of his MSc research project, looking into correlations between iPhone usage and configuration, and personality. If anyone can contribute to this research project by taking the survey, Tony would be very grateful. The obvious pre-requisite is that you are an iPhone user.

The survey can be found at http://dfprofile.com/surveys/index.php?sid=46853&lang=en

Ed

(574)

Share