Feeds

Mobile forensics turns up heat on suspects

Hunt for deleted data escalates

The Essential Guide to IT Transformation

The latest version of the top computer forensics package will be the first to include a mobile phone component. The move signals how vital mobile data has become to many prosecutions.

Police forces in the UK and worldwide already use Guidance Software's EnCase computer forensics package, most famously in the interminable cash for honours investigation. Now the firm is set to announce an expansion into mobile with a package it's calling Neutrino.

The ongoing trial of the alleged failed 21/7 bombers has seen mobile phone evidence used extensively. In 2002 linguistics experts were brought in to give evidence during the Danielle Jones murder trial, when it was shown her uncle had used her phone to dupe family into believing she was still alive.

A police source told us: "It's [a suspect's mobile phone] one of the first things we look for in serious crimes these days."

Brian Karney, Guidance's product management director, told El Reg: "Your whole life's on there. Everything about you. The SIM card, the memory, it's all in there and we can go in and get." The package allows access to call logs, stored files, SIM information, JAVA programs, and crucially, deleted data.

As documented on The Register last year, the lack of standards in mobile software can make investigation tricky. Neutrino will be subject to this barrier just like market incumbents like Swedish firm Micro Systemation's .XRY package, launching with support for around 50 Nokia, Motorola, Sony Ericsson, and Siemens handset, with more to follow later.

A further stumbling block comes with the deleted content. At the moment deleted data from the SIM is simple to retrieve and there are many programs able to do it. The big stumbling block is data on the phone. Guidance says Neutrino will be able to access this precious unallocated space on selected Nokia handsets to begin with, but has a team working on adding more in future. Configurable hardware packaged with the program should enable the firm's coders to find and tweak power and other settings to unearth data.

Police have no problem trawling computer systems for deleted data given the relatively few file systems and protocols compared to mobile handsets; it can even kick the door in over the network. Alas no such luck in mobile forensics; as well as the software issue, investigators need physical access to the device and even the array of exotic connector cables can add to headaches for field investigators.

Mobile forensics expert Kevin Mansell, who works with police to train investigators and runs his own consultancy, Control-F, said: "There's been a lot of chatter about it, because it's from Guidance. New versions of EnCase are always big news in computer forensics - it's nearly a standard, but it's fair to say there's a wait and see attitude about Neutrino. They have to prove themselves."

However powerful a tool, sources within mobile forensics expect take-up of Neutrino to be slow. Most in the field are active in criminal investigations, and say they have precious little time to evaluate new software.

Guidance said it would press ahead with diversifying its product range into more and more devices, with several new platforms in the pipeline. Karney said: "Mobile phones, iPods, PDAs, you name it...chips in people's brains. We're in it." ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.