Nearly every adult in the US owns at least one mobile device, making them relevant in virtually all disputes and investigations. Data from mobile devices is often a fruitful source, but accessing this data is increasingly challenging due to evolving technologies, applications and services.
For professionals involved in disputes and investigations, staying on top of trends related to mobile devices is critical. Michael D’Angelo, our lead investigator for the US and Latin America, spoke about staying on top of trends in the ACEDS DC Chapter webinar on ‘Updated Trends Around Digital Forensics on Mobile Devices’.
Here are some key highlights from the webinar.
Typical complexities
There are three main considerations when dealing with mobile devices: variations between devices, data issues and privacy.
Variation between devices
Mobile devices vary in applications, security settings, operating systems (OS), manufacturers and service providers. This variability affects the success rates of imaging devices. Device and application updates create problems as well. Updates can lead to changes in data storage locations and methods and add ephemeral messaging or enhanced encryption protocol features.
Advancements in user privacy also pose significant challenges for forensic data collection and downstream discovery. Accessing data on newer mobile devices without pins or passcodes is nearly impossible. And applications have been enhancing their security layers, with features like iTunes backup encryption adding an extra layer of protection. Tools like Samsung KNOX further complicate data access by separating personal and business data.
Another complicating factor is the range of connections used by mobile devices: Airdrop, USB, Android Share, NFC, Wi-Fi and Bluetooth. These are all challenging to isolate or disconnect – but doing so is crucial to avoid data changes, updates or remote deletions.
Data issues
Data can change with application launches, device restarts, notifications and updates. Data can also change daily with OS and individual app updates, which can reconfigure the technologies and impact data storage and availability.
Digital forensics requires long collection times, especially for on-site or covert collections. The increased usage of smartphones is making collection times even longer, as there is an ever-growing amount of data to collect.
Privacy
Mobile device encryption: emerging issues and complexities
File-based encryption (FBE)
Most devices now use FBE, which locks user data until unlocked at startup. Some manufacturers are adding password requirements at startup, making data access more difficult.
End-to-end encryption
Encrypting individual messages and making them inaccessible without proper authorisation is becoming standard in messaging applications. Not only do the applications sit behind a security layer, but individual messages within a conversation are encrypted and often inaccessible.
Rapid updates and new models
Mobile device manufacturers, application developers and operating systems are releasing updates and new models at increasingly faster rates. This accelerated pace creates challenges for digital forensic analysts who need to know and understand the changes that are occurring, particularly their effect on data, where data is stored and new security enhancements that may be in play.
Data synchronisation and formats
Third-party apps store data in proprietary formats that are not standardised across devices or platforms. Forensic tools must be specifically designed to handle these proprietary formats, which can vary widely between apps and versions.
Artificial intelligence (AI): changing the game
AI is becoming more integrated into products and services. Everyday users are already taking advantage of AI features. This integration and adaptation will likely grow drastically in the coming years.
Some emerging issues from a litigation and investigation viewpoint:
- Leaking of corporate data through AI summarisation/querying
- Originality of data due to summarisation and tools like image generation or editing
- Automatic summarisation of phone calls or meetings hosted online – the accuracy of those notes as well as potential privacy violations
- Inadvertent sharing of personally identifiable information (PII)
Evolving AI features
New AI editing features can edit and transform data seamlessly, calling into question authenticity, origin, and user intent. This creates major challenges in verifying the integrity and context of digital evidence, making it harder to accurately attribute actions and content.
AI features to watch:
- Mobile AI services
- Generative text
- Facial recognition
- Text recognition
- AI-created media
- Email summaries
Mobile devices: what’s to come?
- States and federal governments are increasingly interested in new data protection and privacy laws, leading to more scrutiny and responsibilities for businesses.
- AI systems in mobile devices will bring more daily automation, raising questions about human vs automated actions.
- Mobile devices will standardise peer-to-peer communication and improve satellite connectivity, making internet access universal and cheaper.
- Trust indicators will enhance information safety, while generative AI will emphasise data security and privacy.
- Mobile devices are on their way to becoming as sophisticated as computers, potentially becoming the primary device for all personal and professional needs.
Speak to one of our experts in the Discovery + Data Insights team