Aspect of acquiring digital evidence from mobile devices

Aspect of acquiring digital evidence from mobile devices

Aspect of acquiring digital evidence from mobile devices

Discuss what you believe to be the most difficult aspect of acquiring digital evidence from mobile devices in an investigation. Discuss two ways in which this difficulty might be overcome by investigators.

What are some issues that should be considered in acquiring digital evidence from the Cloud?

Reply to this question (Amber):

Since mobile devices are constantly with their owners, they can experience a decent amount of wear and tear. Screens are much larger now than in previous years. Many people have cracked, shattered, or overall broken screens. I imagine it would be pretty difficult to recover information from a phone that may be unable to turn on. It could be equally as hard if the screen is nonresponsive. Since this is a prevalent issue, I believe that this is the most difficult aspect of retrieving evidence from mobile devices. This issue would make manual acquisition of the device impossible (Sheward, 2018, p. 184). Investigators could possibly use a Joint Test Action Group (JTAG) port on a phone (Sheward, 2018, p. 184). This allows investigators to remove data from a mobile device’s memory (Sheward, 2018, p. 184). This however is a very labor-intensive technique (Sheward, 2018, p. 184). Also, this technique does not unencrypt data (Sheward, 2018, p. 184). Also, not all phones have the port required for this technique (Sheward, 2018, p. 184). Investigators may also use a method known as ‘chip off’ (Sheward, 2018, p. 184). This technique simply removes the memory chip from the mobile device and places it within another board (Sheward, 2018, p. 184). Then they use software to look through the memory chip (Sheward, 2018, p. 184). However, this is also a time-intensive process, and is also vulnerable to encrypted data (Sheward, 2018, p. 184). The amount of time consumed as well as the potential for failure when met with encryption with these techniques further the reason that I feel damaged phones is the most difficult aspect.

Some courts require subpoenas or warrants to access evidence from cloud-based services. Cloud based warrants can become a pretty sticky situation. For instance, warrants necessitate the need for specific location (Cauthen, 2014). However, data in the cloud may not have a specific location (Cauthen, 2014). Even if the data is found in one server, related data may exist on servers that do not reside within the United States (Dykstra & Sherman, 2011, p. 49). Cloud providers themselves may not know exactly where the data can be found either (Cauthen, 2014). Even if the cloud service provider can find the requested information, they may not be able to ‘read’ it (Cauthen, 2014). Some businesses send information that is already encrypted to the cloud (Cauthen, 2014). This can make it almost impossible for the data to be read outside of the company (Cauthen, 2014).

Cauthen, J. (2014, October 14). Executing search warrants in the cloud. Retrieved from Federal Bureau of Investigations: https://leb.fbi.gov/articles/featured-articles/exe…

Dykstra, J., & Sherman, A. (2011, May 25). Understanding issues in cloud forensics: Two hypothetical case studies. Annual ADFSL Conference on Digital Forensics, Security and Law. Retrieved from https://commons.erau.edu/cgi/viewcontent.cgi?artic…

Sheward, M. (2018). Hands-on incident response and digital forensics. BCS, The Chartered Institute for IT. Retrieved from https://eds-b-ebscohost-com.ezproxy.umgc.edu/eds/e…

 

Open chat
WhatsApp chat +1 908-954-5454
We are online
Our papers are plagiarism-free, and our service is private and confidential. Do you need any writing help?