"When it comes to mobile devices, we are constantly trying to get a hold of devices as soon as possible to take a look at what's changed," Nardoni says. "We tell our customers: Before adopting the latest and greatest, make sure that your process and approach is going to be able to adhere to any device you want to use."
Speaking in a broader context about BYOD, Brian Katz, head of mobility engineering at pharmaceutical firm Sanofi, says it is important that organizations pick and choose which devices it will support in its corporate environment, even if it allows BYOD.
"You don't need a BYOD strategy," Katz says while speaking at CITE Forum in New York last week. "Anybody who says you do is trying to sell you something. BYOD is who owns the device. What you care about is what they do with the device regardless of who owns it. I'm a big proponent of managed BYOD. You don't say 'bring whatever you want.' Based upon the controls built into the device, you get certain levels of access. We don't look at LG because LG doesn't have security controls that we can manage."
Speaking at the same event, Steve Damadeo, IT operations manager at industrial control and automation firm Festo, agrees.
"You need to be selective about what you do allow," he says. "We block all Android devices for now because of some of the security concerns that have come up and ease of management."
Train Your IT Teams in the Tools
New security features are often the biggest problem for mobile forensic investigators, Nardoni says. A new version of a device or operating system may fully encrypt the disk, prevent investigators from bypassing a passcode or even stop them from imaging the device completely. Vendors of mobile forensics tools continue to make progress on all these fronts, Nardoni says, but they are still far from the sophistication and granularity offered by PC forensics tools.
Most tools these days can handle logical acquisition of data (resident email, contacts, etc.) from the device, but physical extraction of things like deleted SMS messages, actual files and folders, etc. is often trickier. Even tools that are capable of physical extraction tend to be specialized for a particular task.
"It's not a one tool fits all solution," Nardoni says. "It's really important to focus on which tool is going to give you the most complete picture of what you're trying to investigate. Maybe this one will pull the email, this one will pull the contacts and SMS and this one will pull the Internet history."