Trying to get computer forensics data out of smartphones and tablets in order to conduct investigations is hard -- often much harder than on PCs, laptops, or Macs -- and experts say that forensics tools need to improve.
"The investigation tools for mobile are not at the same level of granularity you can get on tools for desktops," says David Nardoni, director of mobile-device investigations at consultancy Pricewaterhousecooper. Other experts agree, and also note that the BYOD trend only adds to the problem.
[ Security expert Roger A. Grimes offers a guided tour of the latest threats and explains what you can do to stop them in "Fight Today's Malware," InfoWorld's Shop Talk video. | Keep up with key security issues with InfoWorld's Security Adviser blog and Security Central newsletter. ]
Forensics experts say they want to do both "physical" and "logical" acquisition of data. This means grabbing operating system files, device memory, and other technical information, plus personal email or documents or phone data. They typically need a PIN code to access the device. But the state of the art in computer forensics tools and the proliferation of mobile devices all makes this hard. And unlike with Windows-based computers, for example, you can't just take out the hard drive, they note.
There are mobile-device forensics tools out there, such as Ufed from Cellebrite, the Katana Forensics tool Lantern, Blacklight Forensics Software, Paraben's Device Seizure, and Micro Sytemation's XRY. But they aren't comprehensive in the exact make and model of Google Android, Apple iOS device, or other mobile device models they can tackle, says Darren Hayes, a professor at Pace University who teaches computer forensics courses.
It's all a bit hit-and-miss, and Hayes estimates that less than 40 percent of the smartphone models out there today can be imaged. The way that Android manufacturers have fragmented that operating system is a factor, and on the Apple iOS side, the security is proving so effective that bypassing the PIN is a challenge for investigators, he notes.
This comes at a time when both corporate examiners who conduct this forensics work, as well as law enforcement, have greater need than ever to get accurate, complete images off mobile devices as part of an investigation that will hold up under legal scrutiny.
Hayes notes that law enforcement officials are known to be meeting with Apple and manufacturers of Android mobile devices to talk about the issues. So far there's been little indication of any answers, he says.