Getting forensics data off smartphones, tablets can be tough, experts say

By , Network World |  Security, digital forensics

This comes at a time when both corporate examiners who conduct this forensics work, as well as law enforcement, have greater need than ever to get accurate, complete images off mobile devices as part of an investigation that will hold up under legal scrutiny.

Hayes notes that law enforcement officials are known to be meeting with Apple and manufacturers of Android mobile devices to talk about the issues. So far there's been little indication of any answers, he says.

Andrew Hoog, co-founder and chief investigative officer at Chicago-based startup viaForensics, which specializes in mobile-device forensics services, agrees that the fragmentation of the Android operating system -- there are now well over 800 Android devices without the same OS -- contributes to the forensics problem. Android is generally easier to break into than Apple iOS, though, he adds.

Jailbroken Apple iOS devices are easier to do forensics on than ones not jailbroken, he notes, but points out that Apple's iOS 6 is now presenting "a big barrier" because Apple's security has so far been quite good, and viaForensics, which has a tool called Extract, hasn't broken through the passcode control and the encryption. "We cracked Android encryption," he adds.

The Department of Homeland Security has recognized that there are insufficient tools for mobile-device forensics, and viaForensics picked up some funding toward that. The startup has open-sourced some technology and commercial products are coming out, such as a planned agent software for Android that could be used as a forensics tool.

Hoog says he's involved in several cases with businesses trying to get into mobile devices to find out about possible data theft, for example. The BYOD trend, in which employees uses their own mobile devices at work, is really complicating forensics work, he emphasizes. "You don't have ownership of that device," he says, and by allowing BYOD, the business may have "lost control. And you can't just grab control -- you need policies that include security and auditing of the device."

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email:

Read more about wide area network in Network World's Wide Area Network section.

Originally published on Network World |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

Ask a Question