Issue 10 - Out now!

Here's a quick review of some of the main articles within Issue 10

If you have anything to do with digital forensics, issue 10 is something that you will want. Subscribe today to ensure you get digital access, or if you want, subscribe to the print edition. Find out more at our subscriptions pages.

Here's just a few of the things inside issue 10...

Potential legal hurdles in mobile phone forensics
In this Intermediate level article, the team take a look at the legal hurdles when investigating mobile devices, written by Scott Zimmerman.

As the capabilities of mobile phones have improved, the niche of mobile phone forensics has grown to become a legitimately discrete industry. This was a necessity: mobile phones are similar to desktop and laptop computers in a number of ways, they have CPUs, RAM, local data storage, and connectivity; but they differ enough that traditional forensics tools for PCs are no longer suitable. As with many new industries, the field is subject to a mix of old rules, new rules, and grey areas in which not all of the rules have been established. Topics like evidentiary requirements and evidence handling, for example, will remain largely the same but the technical nuances are impressively different. In issue 10 we’re going to look at two areas that are a mix of old, new, and grey.

Mobile Phone Challenges
The Nokia 5110, released in 1998, became one of the first mobile phones supporting data exchange with a computer. Rather than using a standard AT+ protocol for the data exchange it offered a special Nokia proprietary protocol. The device had no internal memory for storing user data and allowed retrieval of a list of SIM contacts, SMS messages and a call log. Extracting data from the phone could take less than a minute. Modern devices equipped with 64 gigabytes of internal memory now pose an entirely different challenge to forensic practitioners.

This intermediate level feature article is all about how the fast growth of number and variety of mobile phones demands new skills from the digital forensic examiner, by Oleg Davydov.

Circumventing & Cracking the Android 3Ps - Patterns, PINs and Passwords.
If you’ve even begun the journey into mobile device forensics, you’ve already likely encountered the dreaded “lock screen” on a device secured by a pattern, PIN or password. This article provides background on how Android implements the lock screens and techniques for circumventing and cracking them. Like many forensic techniques, this information could be used for nefarious purposes; however, our intentions are to empower practitioners who use forensics for legal purposes. Andrew Hoog & Thomas Cannon combined on this advanced level article.

Traceback
Unwanted spam mail slips through the best-prepared filters to snare unwary recipients. Websites and servers are often bombed with denial of service (DOS and DDOS) attacks leaving owners with costs and damages. These scenarios beg the question: Why can’t we catch the offenders? Often the attention goes to the security actions of filtering email and preventing the impact of an attack, often at great cost to the system services. The ability to trace back AND to collect evidence is very much in the “too hard” basket. In part the Internet is seen as open ended and extending beyond the reach of jurisdictional boundaries with the implication that costs and complexities are prohibitive. Perceptions also drive expectations that attack and fraud are inevitable consequences of openness and the capability of global communications. So what can be done? And what are the real barriers to holding offenders to account? Find out in Issue 10.

Plus all the regular features, news, Robservations, our legal section and Apple Autopsy...

Login to read online or Subscribe today!