SUMMER 2014 www.DFInews.com 17
not on a network server with your mobile provider or your company.
Advancements in the way we communicate are
creating new types of mobile data. The communication methods extend beyond standard SMS/
MMS and e-mail to application-based communication. The increased SMS transmission costs,
cross platform usage, and the adoption of social
media and applications are driving alternative
options. Today 70% of smart device users use
alternative forms of messaging via applications.
In today’s Big Data world, the ability to search
and recover mobile data from applications on
smart devices is difficult and often limited using
the current mobile solutions. Research shows
that only 5 to 10% of the entire user data area is
examined by typical mobile forensics tools. This
leaves 95% of application data unanalyzed, and
a lot of times uncollected. Most MDM solutions
used by corporations for threat detection and
device governance do not manage or analyze the
personal applications in a BYOD scenario. The
net result shows that most organizations have
minimal insight into their mobile application
data and the overall mobile data set.
Current software tools simply extract contacts,
SMS/MMS, call logs, media, and possibly e-mail.
Some go as far as capturing URL and browser
data, Wi-Fi information, and some applications.
As for analyzing applications data, most solutions
allow the parsing of select applications, limited
to about .002% of all applications available. In
other words, the average forensic tool supports
about 30 applications out of a total of 1.6 million
iOS and Android apps. Of those 30 applica-
tions, the forensic solution is at the mercy of the
developers’ upgrades, schema changes, and table
changes. With these ongoing updates, the appli-
cation is no longer supported by the forensic tool
and further technical development is needed.
Another mobile challenge finds forensic
applications lacking the capabilities in looking
for IP addresses, data traffic, or other metadata.
This becomes the Achilles heel for investiga-
tors. Their fleet of mobile devices is susceptible
to potential malware and threats, resulting in
a greater need for incident response (IR) tools.
Most investigators lack the IR expertise and tools
to resolve issues and scan for unknown, critical
threats. If undetected, the malware infected
device sets up additional vulnerabilities across
the company’s networks and environments. Add
to that the difficulty in detecting, collecting, and
analyzing mobile data then incorporating it into
the overall incident response investigation.
With the explosive increase in mobile usage
and applications, mobile data grows exponentially. So, what can organizations do to advance
their mobile forensics in order to manage the
vast amounts of important mobile data? First,
organizations need to invest in advanced mobile
forensic solutions to handle the most sophisticated investigations and analyze the plethora of
data on the mobile devices, applications, communications apps, and social media. New forensic
strategies, solutions, and advanced training of
examiners must be implemented and ranked as
an organization’s highest priority. Forensic tools
must include new capabilities to process the volume of mobile data that is stored and transmitted
as well as the volume of devices encountered.
Lee Reiber is Vice President of Mobile Forensic
Solutions for the AccessData Group.
Research shows that only 5 to
10% of the entire user data area is
examined by typical mobile forensics
tools. This leaves 95% of application
data unanalyzed, and a lot of times
Watch Lee Reiber’s recent
webinars on demand