CST 640 BUC Mobile Incident Response and Investigations Discussion

Content Type

User Generated

User

ZhzzlP2010

Subject

Computer Science

Course

CST 640

School

Bethesda University of California

Department

CST

Description

Mobile Incident Response and Investigations

[Sheriff, looking at a cracked cellphone on the ground, speaking to you]: Another mobile. That's all we're seeing these days.

We're spending a fortune sending these out for analysis.

We really need to get our own folks up to speed on handling them.

Listen, this is what we picked up last night on 34th.

Frankly, the last time our investigators did a mobile analysis, it didn't go so well.

You've had a lot of experience with mobile forensics.

How about jotting down some pointers for us?

[Narrator]: The sheriff has asked for a white paper on mobile forensics.

As lead investigator, you are most qualified to address the subject.

You get the four major topics down on paper and begin writing.

The mobile platform is experiencing explosive growth, and with that growth comes cyber-incident analysis and response challenges. There are several thousand types of mobile devices, with many types of interfaces, operating systems, and connectivity options. This type of environment has many implications for an incident responder. The number of devices makes it impossible to be well-versed in each one, complicating analyses. The sheer number of devices also creates a massive expense simply trying to stay abreast of the major players in the market. Complicating this further is that mobile devices can be the target of a security incident, but mobile devices can also prove to be a means to coordinate, support, or execute an attack. The nature of mobile devices presents other challenges as well, including the ability to remotely access devices and the ability to remotely wipe out evidence, an evidence destruction process that can occur rapidly in a flash memory environment.

Mobile forensics is an increasingly complex environment for investigators because of the rapid rate of innovation and adoption of new technologies, applications, and hardware. Smartphones are being used in so many ways that they have become a central focus in digital forensic investigations. The mobile platform is a forensic challenge because of the number of third-party applications found on many devices and the rapidly evolving security measures employed by device manufacturers and application developers.

Unformatted Attachment Preview

Transcript Mobile Incident Response and Investigations [Sheriff, looking at a cracked cellphone on the ground, speaking to you]: Another mobile. That's all we're seeing these days. We're spending a fortune sending these out for analysis. We really need to get our own folks up to speed on handling them. Listen, this is what we picked up last night on 34th. Frankly, the last time our investigators did a mobile analysis, it didn't go so well. You've had a lot of experience with mobile forensics. How about jotting down some pointers for us? [Narrator]: The sheriff has asked for a white paper on mobile forensics. As lead investigator, you are most qualified to address the subject. You get the four major topics down on paper and begin writing. The mobile platform is experiencing explosive growth, and with that growth comes cyber-incident analysis and response challenges. There are several thousand types of mobile devices, with many types of interfaces, operating systems, and connectivity options. This type of environment has many implications for an incident responder. The number of devices makes it impossible to be well-versed in each one, complicating analyses. The sheer number of devices also creates a massive expense simply trying to stay abreast of the major players in the market. Complicating this further is that mobile devices can be the target of a security incident, but mobile devices can also prove to be a means to coordinate, support, or execute an attack. The nature of mobile devices presents other challenges as well, including the ability to remotely access devices and the ability to remotely wipe out evidence, an evidence destruction process that can occur rapidly in a flash memory environment. Mobile forensics is an increasingly complex environment for investigators because of the rapid rate of innovation and adoption of new technologies, applications, and hardware. Smartphones are being used in so many ways that they have become a central focus in digital forensic investigations. The mobile platform is a forensic challenge because of the number of third-party applications found on many devices and the rapidly evolving security measures employed by device manufacturers and application developers. In this project, you will write a 13- to 21-page white paper that describes the current state of mobile incident response and investigation. The context is that as a forensic investigator, you are providing an objective overview of mobile technology and digital forensic and incident response capabilities for a law enforcement unit that has limited experience and capability with mobile forensics. Your white paper will describe mobile investigative challenges and the techniques and technologies available to perform mobile forensic examinations. You will also provide your perspective on the future of mobile forensics—the biggest threat to mobile forensics in years to come, and the biggest opportunity for investigators of mobile cybercrime. The most successful papers will include references to resources outside of the classroom. There are six steps in this project. Each step focuses on one required element of the paper to be submitted at the end of this project. In Step 1, you will provide an overview of mobile technologies and cellular networks. Competencies Your work will be evaluated using the competencies listed below. • • • • • • • • • • 1.3: Provide sufficient, correctly cited support that substantiates the writer's ideas. 1.5: Use sentence structure appropriate to the task, message and audience. 1.6: Follow conventions of Standard Written English. 1.7: Create neat and professional looking documents appropriate for the project or presentation. 2.1: Identify and clearly explain the issue, question, or problem under critical consideration. 5.1: Demonstrate best practices in organizing a digital forensic investigation. 6.1: Perform report creation, affidavit creation, and preparation to testify. 6.2: Demonstrate ability to investigate mobile technology. Step 1: Conduct a Mobile Technology Overview You're ready to begin writing the white paper. The sheriff has stated that the first section should be an overview of how cellular networks operate. You decide to provide an overview of cellular networks: how mobile phones communicate with cell sites, cellular-to-cellular communication, mobile switching centers, and the base switching subsystem. You also want to cover the technology of mobile networks, including form factors of smart devices and other wireless technologies. • • • • • • • • Submit the results of your research (three to five pages) to the sheriff (your instructor) for review and ungraded feedback. Incorporate any suggested changes. Your overview will serve as the introduction to the 13- to 21-page white paper for this project. Since mobile technologies are constantly changing, you decide to address trends in mobile technology in the next section of your paper. You know that NIST 800-101, Revision 1, will provide a good starting point on all these topics. Step 2: Describe Trends in Mobile Technology With the overview drafted, you now need to describe trends in mobile technology. For this step, you will address handset transmission types, mobile operating systems, challenges with mobile technology, and mobile device threats. The "trends" section would not be complete without addressing the latest in embedded device forensics. Review this three- to five-page section of your paper for accuracy and completeness; it will serve as the second section of the final white paper. Once you have developed this section, you are ready to move on to considerations for the forensic handling of mobile devices. Step 3: Discuss Laws, Regulations, and the Forensic Handling of Mobile Devices After detailing trends in mobile technology, your next step is to discuss laws and regulations governing the search and seizure of mobile devices under the Fourth Amendment to the US Constitution, including describing the mobile device forensics process, considerations for effectively handling mobile devices • • • • • • • • during an investigation, use of proper investigative techniques, types of mobile forensics tools available, and identifying where digital forensics evidence may be found on mobile devices. It is important for you to research electronic seizure practices for complying with the Fourth Amendment when searching and seizing mobile devices. Cite reference sources in your final white paper discussion. These subjects are important because mobile devices present unique challenges when it comes to handling and analysis, and court cases are won or lost based on the arresting officer’s understanding of legal technicalities. Review this three- to fivepage section of your paper for accuracy and completeness; it will serve as the third section of the final white paper. Upon completion of this section, you will be ready to move on to the next section of your paper: forensic tools and investigative techniques. Step 4: Describe How to Analyze and Present Forensic Information You have discussed your research on laws, regulations, and forensic handling. You are now ready to create the fourth section of the white paper, where you describe the analysis and presentation of forensic information. Based on your training, you know you will need to include mobile file system analysis, techniques for bypassing security measures, and third-party applications in this section. In addition, you will address data carving, file system, and compound file analysis and the presentation of a case report. Review this three- to five-page section of your paper for accuracy and completeness; it will serve as the fourth section of the final white paper. You are ready to move on to a final, less-objective summary of your research on the evolving field of mobile forensics. • • • Step 5: List the Biggest Threat and Most Promising Technology In the previous four steps, you have reported on a variety of topics relating to mobile forensics. You have read and reported on technologies, trends, laws, and regulations, handling, and analysis of mobile data. For the final section of your paper, the sheriff has asked for your perspective on the biggest threat posed by cyber criminals using mobile technology, and a technology that promises a solution. Reflect on your in-class and outside readings, as well as your personal and professional experience, to respond to these questions. There are no right or wrong answers, but you should provide references for your observations. You will be attaching this one-page section to the white paper. Step 6: Submit Completed White Paper: Mobile Incident Response and Investigations You have collected the information needed to inform your department's future decisions regarding mobile forensics. In this step, you will combine the five sections that you’ve written into a single, cohesive white paper. Your 13- to 21-page paper should be doublespaced, excluding images and references. Use 12-point font and APA format. Include the following five sections: 1. Overview of mobile technology, including network operations and mobile technologies 2. Description of trends in mobile technology, including handset transmission types and embedded device forensics, as well as operating systems, applications, and challenges and threats to forensic investigations 3. Laws, regulations, and considerations for the forensic handling of mobile devices 4. Analysis and presentation of forensic information including file system analysis, techniques for working through security measures, third-party applications, and other forms of mobile data analysis 5. Personal perspective on the greatest biggest threat and greatest opportunity/most promising technology in mobile forensics, based on in-class and outside readings, as well as personal/professional experience Upon completion of the steps, submit the white paper on Mobile Incident Response and Investigations to the sheriff (your instructor) for evaluation. Check Your Evaluation Criteria Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them. To view the complete grading rubric, click My Tools, select Assignments from the drop-down menu, and then click the project title. • • • 1.3: Provide sufficient, correctly cited support that substantiates the writer's ideas. 1.5: Use sentence structure appropriate to the task, message and audience. 1.6: Follow conventions of Standard Written English. • • • • • 1.7: Create neat and professional looking documents appropriate for the project or presentation. 2.1: Identify and clearly explain the issue, question, or problem under critical consideration. 5.1: Demonstrate best practices in organizing a digital forensic investigation. 6.1: Perform report creation, affidavit creation, and preparation to testify. 6.2: Demonstrate ability to investigate mobile technology.
Purchase answer to see full attachment

Explanation & Answer:

13 Pages

Tags: mobile technology Mobile Incident advances in communication

User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

View attached explanation and answer. Let me know if you have any questions.

1

Mobile Incident Response and Investigations
Student Name
Course Name
Instructor
Institution
Date

2

Mobile Incident Response and Investigations
Introduction
Mobile technology has grown substantially in the last few decades due to technological
advances in communication. It is projected that by 2030, mobile phone subscribers and users will
exceed 7 billion, implying that 67 percent of the global population would be connected in one
way or another. Research indicates that it is projected that of the 7 billion users, more than 50
percent of the gadgets would be deemed as smart devices or mobile phones (Aminnezhad &
Dehghantanha, 2014). With nearly 70 percent of the global populace having some mobile tool,
the likelihood of a mobile gadget being established in a crime area is probable to happen. The
mobile device would be the only evidence that forensic analysts would have that could
potentially have relevant data that would assist in the investigation process. Hence, it is essential
for forensic investigators to have a firm and informed comprehension of the mobile incident
response, and the analysis method. Cellular networks are instrumental since they have high
speed, exceedingly high-capability data and mobile, which support diverse cellular devices.
These networks have protracted mobile phone capacities and roaming capacities that boost
cellular tools. Many people globally are now utilizing mobile networks for business and
communication purposes due to the growing smart devices. Cellular networks utilize radio
signals through call centers utilized by wireless phone providers to promote network coverage.
Cell towers are used by network providers to provide their clients with stable network.
The radio waves from service providers are transmitted to mobile phone and captured by
antennae, where the cell tower is responsible for transmitting the signals to the switching center
following signal reception. The most common mobile phone cellular networks include Global

3

System of Mobile Communications (GSM), which is a 2G network tech that utilizes digital
signals and voice channels. Consequently, the data transmission apps might be extensively
executed. GSM network is complemented with the Mobile Switching Center (MSC) that
supports the transmission of networks to mobile networks. The networks are crucial in enhancing
forensic investigation because the knowledge concerning the transmission of network will help
forensic investigators to capture crucial data that will function as evidence to unearth a crime on
mobile phone. MSC is situated between the center and the public switched telephone systems or
PSTN that works as intermediary for mobile communications from the switching center. Mobile
phone networks are significant in supporting forensic investigation capabilities that enhances the
forensic investigators by permitting the smart devices and software through distributing
computing environments.
The paper will deliver the method needed for forensic investigation to offer the company
understanding from a forensic investigator’s viewpoint. The paper aims to define how a cell or
mobile phones communicate via cell use using towers, investigating presenting mobile
technology trends, review of laws and regulations applicable for forensic handling of mobile
devices, and challenges confronting the analysis of these devices.
Step 1: Mobile Technology Overview
Mobile devices explosion is on the rise with the global cellular user base growing every
day. While mobile phone devices outstrip computers in the market, mobile phone forensics has
not surpassed that of computers. Even whilst equating sales of smart phones that have some
personal digital assistant (PDA) capacities, to the sale numbers of the definite mobile tools,
mobile phone devices sale carry on to increased whilst personal digital assistant numbers carry

4

on to decrease. The data obtained from mobile phone devices may be utilized as evidence in
crimes, like fraud and identity theft. Mobile phone apps are designed with rapid speed.
Spreadsheets, word processors besides database-based apps have previously been ported to
mobile phones. They have the capacity to store, as well as print digital records changed these
mobile phones into a message center (Aminnezhad & Dehghantanha, 2014). Short message
service (SMS) messages too converted mobile devices into a message center.
Mobile phones are active systems, which present problems from a forensic view point.
Moreover, new prototypes of mobile phones are being created worldwide, with specialists
advancing that five novel phones are delivered to the market weekly. The increasing figures and
difference of mobile phones makes it hard to design a distinct procedure or device to deal with
challenges. Further to the increasing number of mobile phones along with platforms, comprising
android systems, Windows, Blackberry, and Apple iPhone, there are huge number of low-end
mobile phones utilizing legacy operating systems. Additionally, there exist certain distinctive
reflections when conserving mobile phones as an origin of proof needed to be presented to the
court of law (Sharma et al., 2019). The electronic proof evidence in phone devices may be lost
totally since it is vulnerable to be overwritten by novel data or isolated obliteration commands it
gets over wireless networks. Moreover, to mine data, it is essential to network with the mobile
device, regularly changing the system’s condition. Like other compute systems, networking with
a mobile phone may terminate or change evidence needed to convict a suspect. Fortunately, by
adhering the procedures of proper forensic investigation, it will feasible to acquire useful
forensic proof from phone devices in an effective way satisfactory to the court system.

5

The miniaturization of electronics, besides advancement in battery technologies have
brought in an era where it is conceivable to carry around what traditionally would seem portable
that have been considered a supercomputer in people’s pockets (Barmpatsalou et al., 2018). In
just a few decades, together with their bigger tablet counterparts, they have become
indispensable and made it easy to remain connected to the workplace, friends, and family
anywhere. Mobile devices is advancement that primarily uses cellular communication. Computer
databank is another point of development in the collecting forensic evidence from mobile
phones, which has significantly changed the worth of forensic process in the justice process.
Throughout history, and till the 1980s, forensic investigator was obliged to develop a reference
standard before collecting evidence through fingerprints. The fingerprints was useful for the
investigator to collect the evidence to convict a suspect in the court system (Sheppard, Fieldhous
& Cassella, 2020). Moreover, the manual process of filling records and systems were not
beneficial in matching the fingerprints with the suspect as it would not be applicable in collecting
and analyzing evidence from mobile phones. Similarly, forensic investigators required biological
sample materials from the suspect before blood from the crime scene is considered for possible
evidence for alleged crime. The examiners will mainly helpless in recognizing the weapon that
was used to commit the crime.
More than two decades ago, mobile technology was non-existent; however, nowadays,
mobile phone technology has become a requirement. Since then, mobile technology has changed
from simple SMS and calling gadgets into universal workability for everyday activities. The
technology of producing mobile is growing faster because of technological advances around the
world. The mobile phones available in the market today may perform more sophisticated tasks

6

that some portable computers (PCs) cannot (Cichonski et al., 2013). However, the central
conception on what the cell phone was fashioned has not transformed; the gadget still utilizes
radio signals to connect with towers that supply signals over a vast region.
The mobile technology world has evolved every year due to advancements in technology
that require change. A mobile phone may be described as a handheld telephone device that
accesses cellular radio signals and systems to communicate through wireless means over an
extensive area coverage. Though John F. Mitchell and Martin Cooper introduced the original
handset that enabled the world to make phone calls, the initial commercially accessible mobile
phone was not released until 1983. For many decades, mobile technology has upgraded and
expanded the role of mobile phone communication to the types that carry a small computer in the
pocket (Aminnezhad & Dehghantanha, 2014). Therefore, a handheld gadget or device was
invented during the 1980s for communication purposes, and the modern mini-computers still
utilize radio signals with towers or satellites that offer signals over a wider region or network.
The most common digital network systems are: Code Division Multiple Access
(CDMA), or IS-95, and Global System for Mobile Communications (GSM). The central
difference between the networks is that GSM may be utilized globally devoid of change of SIM
(a functionality built-in the hardware). In contrast, CDMA phone network would only function in
America and should be updated to work globally. Qualcomm developed a CDMA network,
which utilizes a spread spectrum radio connection that distributes digitalized information
utilizing all the accessible bandwidth (Baig et al., 2017). The universal cell phone carriers for
CMDA are Verizon and Sprint. On the other side, the GSM cellular network was created in
Europe and may be used globally by Nokia and Erikson. GSM will interface with Time Division

7

Multiple Access (TDMA) technology, which communicates differently than CDMA. The
Integrated Digital Enhanced Network (iDEN) is another mobile technology that uses a
proprietary protocol invented by Motorola.
The cellular networks supply specific coverage founded on dividing a huge geographical
service region into smaller regions of coverage referred to as cells. Based on the NIST special
publication 800-101 revision 1, as a mobile phone shifts from a single cell to a different one, cell
configuration needs lively linked to being managed and efficiently transmitted between cells to
sustain the link (Cichonski et al., 2013). Accordingly, to administer the cellular net, offer user
services, and correctly bill user accounts, information concerning the service provider agreement
besides linked service actions is netted and s...