by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : July 2014
GCN JULY 2014 • GCN.COM 21 seen by anyone with access to a phone, fo- rensics tools also should provide metadata that can help turn extracted information into evidence. Cellebrite's forensics divi- sion was established in 2007, and UFED was developed to handle these require- ments. Extracting the data from a device is only the first step in the forensics process. Someone has to make sense of it beyond looking at an address book and call logs. Dell has developed the Mobile Digital Forensics platform, which can provide a quick first look at digital evidence at the crime scene before devices are passed on to the lab for more complete analysis. ("Mobile" here refers to the software, not the target device, because it can be used by investigators in the field.) AUTOPSY Autopsy, the open source platform, is a tool that is intended to support complete analysis in the lab and incorporates many modules for specific tasks. It began as a project to provide a common user inter- face for the limited, often clunky com- mand-line tools being used by labs, most of them supporting Linux and Mac oper- ating systems rather than Windows. But most law enforcement agencies use Windows-based systems, Carrier said. About five years ago it was decided to expand Autopsy to support Windows as well as add capabilities. "The idea was, wouldn't it be great if there was a plat- form that you could write plug-in mod- ules for instead of standalone tools," Car- rier said. Built with funding from the Army, Au- topsy 3 was introduced about two years ago and is available as a free download from Basis. Once a mobile device has been imaged, the bits are fed into the software engine and reconstructed to produce data and, eventually, information and evidence. The type of evidence recovered depends on what modules are being used. Last year Basis approached DHS with an offer to develop new modules to meet specific law enforcement needs. One of the first new modules being developed will produce a timeline analysis of what a device -- and its user -- has been doing. "Timelines are really hard to do well," Carrier said. There are tools that can con- SMARTPHONE A SEARCHABLE WALLET? SUPREME COURT RULES. Smartphones contain a wealth of information that can translate into evidence in civil and criminal court cases, and law enforcement agen- cies increasingly are mining this data in their investiga- tions. "If law enforcement or the government want to see your data, they can see it," said Joe Trickey, federal marketing manager for Dell, which has developed its own solution for helping investiga- tors get access digital data, the Mobile Digital Forensics platform. "Nothing is invul- nerable at this point, given enough time." Which raised the question, how much access should police have to the personal data contained on smart- phones? That data is far di erent from what people traditionally have carried on their persons, said John Car- ney, chief technology o cer of Carney Forensics. "A smartphone is our alter ego," Carney said. It can tell where we have been, what we have been doing and when we did it. "The expecta- tion of privacy is di erent." The question of police access was taken up by the Supreme Court this spring in Riley v. California, the case of a San Diego college student whose Samsung phone was seized by police when he was pulled over for driving with expired license plate tags. Evidence from the phone was used to convict him of partici- pating in a shooting. Was the evidence admissible? David Riley s attorney, Je rey L. Fisher, said no. Per- sonal belongings and papers have always been protected from warrantless search, he argued. "That protec- tion should not evaporate . . . because we have the technological development of smartphones that have resulted in people carrying that information in their pockets." The state did not agree. The California solicitor general said that physical photo- graphs in a suspect s pocket at the time of arrest have always been fair game for police. "What would have been reasonable in that situation does not become constitutionally unreason- able simply because Mr. Riley instead carried his photo- graphs in digital form on a smartphone." Even so, in a unanimous decision in June, the United States Supreme Court dis- agreed with California, ruling that police cannot search the contents of a suspect s cel- lular phone without a search warrant. The Court said "cell phones di er in both a quan- titative and qualitative sense from other objects that might be kept on an arrestee s per- son," such as a wallet, which can be searched during an arrest. "The fact that technol- ogy now allows an individual to carry such information in his hand does not make the information any less worthy of the protection for which the founders fought." -- William Jackson struct activity timelines, but they incor- porate a limited number of data sources and are hard to use. The new module will use more types of data and is intended to be user friendly. The second module to be developed under the DHS contact is for image analy- sis. The challenge with images coming off modern devices is the sheer number of them. "You can go through them, but it's kind of tedious," Carrier said. And if time is of the essence, as in the search for a pos- sible victim, it can take too long. Even when the search process is au- tomated, "there is still a human in the loop" making decisions about an image, but searching and classification can go much more quickly. A database of hashes for known images can be used to quickly search for or eliminate some pictures, speeding up the process. One new feature of the module is that it provides results to the user as they are found during the search, rather than waiting until the end of the search, which can speed up detec- tion when minutes might count. •