by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : July 2014
DIGITAL FORENSICS 20 GCN JULY 2014 • GCN.COM is easy," Trickey said. "It's the cable connec- tions that are hard. You have to stock those and keep the inventory up." Anybody who has had to untangle a mass of cords while looking for the right connector for a phone, tablet or other de- vice might be tempted to agree with Trick- ey. But there are far greater challenges. More devices are password protected and more data is being encrypted, complicat- ing access to the data. And analyzing the data once it's been extracted can be a daunting task. Investigating a single de- vice can require up to a terabyte of space, and the tools for analyzing that data often are not cheap. A market leader among mobile foren- sics tools is the Universal Forensic Extrac- tion Device (UFED) from Cellebrite. Main- taining this tool requires the company to manage more than 10,000 phone profiles. "That is a lot of work," said Cellebrite CEO Jim Grady, and is a barrier to entry that has kept the market for forensics tools relatively small. As in other areas of IT, however, open source software is now emerging as a vi- able alternative to proprietary commer- cial products. Basis Technology, which maintains the Autopsy open source digital forensics platform, last fall signed a deal with the Homeland Security Department to develop modules for the platform ex- pressly to meet the needs of law enforce- ment. The first new modules developed under the one-year contract, for image and time- line analysis, were in beta testing in May and are expected to be released this sum- mer. "There is a lot of interest in govern- ment in open source," said Brian Carrier, vice president of digital forensics at Basis. "It's easy to use and it's cheap." Cellebrite claims a 50 percent share of the market for its UFED tool, which -- as its name implies -- is used to extract data from a device. Part of the company's suc- cess in keeping up with the rapid evolu- tion of mobile devices is its relationship with vendors, who often provide the company new phones prior to release. Cellebrite began in 1999 by supporting the military's need to extract data from cell phones in the field for field intelligence and situational awareness. The extraction tool was commercialized about five years later to support phone retailers who needed a way to quickly transfer data from a custom- er's old phone to a new one. Later, the company pushed into law en- forcement forensics when it discovered that police also were using its tool to collect evidence from phones. But it had drawbacks for forensics work. For one thing, there were no safeguards against damaging or changing data be- ing extracted or against making changes to the target device, and there were no provisions for examining the data. But to be useful as evidence, investigators not only have to be able to transfer data, they must be able to reconstruct file systems for analysis and recover data that has been deleted or erased. In addition to visible data that can be The growing use of encryption to protect data and passwords and biometrics to control access to mobile devices raises barriers for forensics examiners. Getting past these protections depends on the type of phone and how it is being protected. Carney rates the Nokia Lumia 920 Windows phones with full device encryption one of the most secure on the market. Fortunately for him, it only accounts for about 3 percent of the smartphone market. Apple iPhones with iOS4 or higher also incorporate better encryption. "We have to work harder to get deeper," he said. Breaking PINs, passwords and passcodes depends on the phone and the strength of the code. A simple four-digit PIN could be broken by brute force, running through all 9,999 possible code combinations. "But the operating system has to allow that many attempts," Carney said. In some instances, vendors and manufactur- ers can help investiga- tors who run into troubl getting into a phone,-- if the paperwork is in orde With a search warrant or subpoena, Apple, for example, "can extract certain categories of active data from passcode-locked iOS devices," the company says in its legal process guidelines. But it cannot provide a passcode. Accessible data includes only unen- crypted, active user-generated files contained in Apple's native apps on devices running iOS 4 or higher. Recoverable files include SMS messages, audio, photos, videos, contacts and call history. Apple can't get at email, calendar entries or data from third-party apps. Encryption is a significant hurdle in the investigative process. According to NIST, encrypted phones such as Android and iOS devices, should be "triage processed at the scene if they are found in an unlocked state," as the data might not be available if the battery runs out or its screen locks. "Deploying the use of field forensics tools to either acquire the device, or establish a trusted relationship with the device, will ensure that the data an be accessed at a later time, fter the device has locked," the gency says. CRACKING ENCRYPTION e f er. a d c a a