Table of Contents
Contents
Mobile Technology Overview.. 3
How Cellular Networks Operate. 4
Mobile Communication with Cell Sites. 5
Cellular to Cellular Communication. 5
Communication with Base Switching Subsystem.. 6
The Technology of Mobile Networks. 7
Other Wireless Technologies. 8
Trends in Mobile Technology. 9
Handset Transmission Types. 10
Laws, Regulations, and the Forensic Handling of Mobile Devices. 13
Laws and Regulations Governing the Search and Seizure of Mobile Devices. 13
Mobile Device Forensic Process. 14
Considerations for Handling. 14
Analysis and Presentation of Forensic Information. 16
Techniques for Working through Security Measures. 16
Biggest Threat in Mobile Forensics. 19
In today’s society, smartphones are considered a fundamental aspect of day-to-day activities, and it has become nearly unbearable to run across an individual without using a smart cell phone. Virtually every individual and cooperation is reliant upon smartphones to accomplish specific duties. Moreover, persons utilize smart mobile gadgets to plan undertakings, cater to bills, reply to emails, and access social media platforms. As a result, in most cases, forensic investigators view mobile gadgets as the only evidence that holds information pertinent to a specific case. This makes comprehending mobile incident response and investigation imperative to comprehend. The research paper seeks to provide a mobile technology overview, trends in mobile technology, laws, regulations and Forensic Handling of Mobile Devices, analysis and presentation of forensic informationbiggest threat posed by cybercriminals using mobile technology.
Mobile technology as the term signifies alludes technology that is moveable and effortlessly carried around and utilised to undertake various tasks such as internet browsing, GPS, playing games, making telephone calls, and sending text messages among others. The transferability and multifunctionality of mobile technology makes it indispensable within a modern workstation. Mobile technology’s flexibility provides a wide range of advantages, but similarly comes with substantial threats, for instance, cyber-attacks through the mobile network or devices. Communication in mobile technology is accomplished by using digital cellular systems. The two most prevailingtypes of digital cellular systems are identified as Code Division Multiple Access and Global System for Mobile Communications networks. Additional commonly identified t comprise of Time Division Multiple Access (TDMA) and Integrated Digital Enhanced Network.
Cellular networks link with other systems along with cabled telephone interchanges and switches. Service providers such as Global System for Mobile Communication, Long-Term Evolution, Time Division Multiple Access, Frequency Division Multiple Access, and Code Division Multiple Access normally share the network frequencies. Regarding the TDMA, every call is positionedon aparticular duration on a precise frequency. Based on CDMA, it allocates codes to every device that might be distributed across the various frequencies. On the other hand, the FDMA positions every gadget on discrete frequencies. The Long-Term evolution is considered as a worldwide standard for purposes of 4G wireless connectivity. The CDMA is mainly incorporated by Verizon, Sprint, and US Cellular, whereas corporations such as T-Mobile, AT&T, amongst other renowned corporations, utilize the GSM. The CDMA makes use of a network-based whitelist to ascertain the purchase and registration of the gadget.
On the other hand, the GSM utilizes sim cards to store client data (Banerjee, 2018). The network’s quality is assessedbased on speed, signal reception and quality of the call. The GSM and CDMA are regarded as elements of multiple access technology.A cellular network’s structure outweighs the technology integrated based on the aspect of call quality. Cellular networks bear several merits, including reduced interference, additional coverage areas, reduced use of power, and enhanced capacity.
Cellular systems offer coverage founded on splitting up a big topographical service area into minor coverage areas identified as cells. As a handset interchanges from a cell to another, a cellular organization necessitates dynamic monitoring of active networks and efficiently dispatched between cells to sustain the link. To oversee the cellular network structure, offersubscription services, and preciselyinvoice subscriber financial records, informationregarding service contract and related service undertakings is documented and upheld by the systemgrid.Although cellular systemsvary in technology, they are organisedcorrespondingly to one another. The fundamental elements are the radio transceiver equipment that interconnects with handsets, the regulator that handles the transceiver equipment and executes frequency allocation, and the switching structure for the cellular grid.
Communication between handsets is reliant upon a frequency between the base stations and the mobile gadgets. Turning on a cell phone initiates the search for an SID within the regulatornetwork and subsequently requesting an MTSO. An available radio frequency is allocated to a gadget originating from a cell tower. The MTSO picks a repetition that matches the telephone and would utilize that telephone to accept the call. The MTSO communicates with the telephone over the controllingbase to ascertain the types of frequency to use. Once the phone and tower switch are configured to the specific frequencies, the call is then facilitated. The base stations would consolidate with each other through the MTSO. The telephone will receive a signal within a control station indicating the need to alter the frequencies and alter the telephone to a new cell phone.
A mobile switching centre is considered the fundamental element of a system that interchanges the network switching subsystem. Preparations should be made for a handset to remain persistent on the radio frequency during movement. As a user shifts, the handset is swapped from a specific tower to another in handoffs. The mast then directs a request to a handset to handoff if a signal is truncated whereby the operations are progressively ineffective. The mobile switching centre is an essential network element that regulates the subsystem network switching essentials (Khadoor, 2016). The MSC might be viewed as the cell network switching subsystem principal that is most strongly linked to the call set-up, transmitting, and release. Moreover, the mobile switching centre functions as the administrator for the conveyance to wireless base stations, the information storage for the subscriber station, services, and invoicing.
The base switching subsystem is regarded as part of a conventionalmobile handset display that directs undertakings and movements between a handset and system subsystem.Moreover, base transceiver stations (BTSs) involve radio transmittance receivers used to describe the cell phones within a GSM network.Moreover, BSS confirms the transcoding of discourse networks, the dedication of radio frequencies to handsets, broadcast and collection over the air interface and numerous diverse errands recognized by the radio system. Nonetheless, the base handset station consists of transmitting gear, obtaining the radio signals and programming hardware meant for decoding connections with the base controller. The BSC typically regulates a base transceiver station through the base station control function (Khadoor, 2016). The BCF presents the processes and sustenance to the connection with the system administration structure that similarly directs operative conditions of every TRX.
Mobile device platforms founded on multi-dimensional industries are reliant on the impactgotten through the design. Mobile technology consists of diverse access technologies for assorted frameworks for cellular, information networks, and digital broadcast structures.The cellular network infrastructure comprises base stations, base station controllers, mobile gadgets, radio network regulators, and the users. In addition, mobile switching centres are generated to link cell phones to cabled telecommunication grids.
Form Factors
Hand-held mobile gadgets are developed with an array of physical components and designs. Itdefines the outline, dimension, and gadget design and its elements to differentiateit from other, comparable mobile handsets. For example, the convention cellular device might be in the form of a bar, a brick, a phablet, a slate, a slider, or a flip. Extrainnovativegadgetsmight have additional components such as dual displays, timepieces, revolves, and multi-screens.
Smart Devices
The world-wideupsurge of smart connectivity has resulted in market floodingof products such as smartphones, tablets, iPods, iPads, and other kinds of mobile gadgets to attain the demands of various stakeholders. They include governments, education, social networking, business, science and geology, environmental and climateapparatuses, and individual tools. Moreover, mobile smart devices are utilized as a learning tool in simulated and traditional education atmospheres, showbiz, social channel, and backing business operations (Macwan, 2017).Smart gadgets are mainly considered part of the BYOD plan for renowned corporations and gadgets meant for private use.
Wireless technologies incorporate a wide range of simulated applications in theInternet-of-Things (IoT) and the cloud, Wi-Fi, along with the information technology hardware elements.The technological aspects facilitate exchanging information between gadgets and TCP/IP networks for persons and machines to machine communications (Link Lab, 2015). The IEEE Wi-Fi utilizes radio frequencies to facilitate the communication between two devices. This technology makes use of interface internet switches to appliancessuch as personal computers, telephones and tablets. Also, it may make use of any two equipment sections. Wi-Fi is a compact remote system that maintains its functionality of the 802.11 mechanisms.
The IEEE ZigBee is an open global standard and is developed to be used as part of machine to machine structures in large scale industrial applications. The invention has a low inactivity necessity cycle and allows items to intensify battery life. The ZigBee provides a 128-piece AES encoding. Moreover, ZigBee has been consistent, and scholars seek to execute ZigBee in smart locks, regulators, and household robots.
Bluetooth Low Energy and Bluetooth are detached advances used to facilitate interchange over a short distance. In most cases, the technology is used as part of the gadgets linked to the client’s handset and tablet. According toLink Lab (2015), Bluetooth low energy makes use of minimal power compared to a typical Bluetooth and is employed as part of the equipment. For instance, gadgets such as smart wristwatches, health trackers amongst other appliancesconvey data without trading off the battery regulator in a clientele’s handset. Bluetooth wireless technologies disseminate information across short spaces, mainly in tablets and cellular handsets. This would make sure that the Bluetooth appliances function and offer a suitable alternative to consumers.
Over the years, the evolvement of mobile handset communication has been considered to be outstanding. Various private entities, retail, academic and government entities have been greatly overwhelmed by the platforms, functionalities and applications. According toIsmail (2015), the overall worldwide traffic based on mobile information recorded a surge of 63% from 2015 to the end of 2016, from 4.4 Exabyte utilized every month in 2015 to 7.2 Exabyte utilized each month at the end of 2016. Furthermore, nearly 344 million smartphones were despatcheduniversallywithin the first quarter of 2017, and the smartphone gadgets continue to surge in prosperity. As more of the universal populace gains possession of a mobile communication handset, misappropriation or exploitation cases have also significantly increased.
Mobile device forensics has developed as a criminal investigations field after the expansion of other fields in digital forensics. The incorporation of cameras and video recorders, accessibility to internet sites, and contentious applications created an opportunity to grow criminal deeds using a cell phone.According to Ali et al. (2017) the Mobile Forensics Metamodel (MFM) iscustomary guideline for mobile forensic sleuths as it offers more amalgamated tactics and steady results. Evidence authentication is accomplished by frequency-based choice and contrast through the use of validation prototypes. The confidence levels in the reliability of the information gathered are assessed as the concept’s frequency, divided by the overall model set of information, multiply by 100% (Brian & Jung, 2013). Federal jurisdictional frameworks have similarly interposed and dispensed guidelines and regulations for the use of handsetsand the management of information and folders on mobile gadgets.
A host of smartphone manufacturers sought to institute operating systems compatible with smartphone gadgets to take in the Symbian established for Psion Personal Digital Assistants at the start of the fresh era. Most digital cellular gadgets are mainly reliant on frequency-shift keying (FSK) to conveyinformation over AMPS. The FSK incorporates 0’s and 1’s as frequencies, regularly changing between frequencies to broadcast between the mobile phone handset to the tower. According to Duarte et al. (2014),a frequency is are accessed and utilized in diverse methods, founded on whether the gadget makes use of the CDMA TDMA or FDMA. The frequency rangesplit into unvarying bandwidth bits in voice frequenciesincorporating FDMA for analogue frequencies. The TDMA bandwidth is fragmented into three methodsbased on time and is mainly utilized by the Telecommunications Industry Association for IS-54 and the Electronics Industry Alliance.Mobile Operating Systems
Software applications developed for smartphones have resulted in a significant revolution of simulated atmospheres, powerful operating systems and essential operating systems from a defectively characterized system to an extremely structured systematic section of information communication technology.Mobile phone innovative operating systems consist of Symbian platform, developed by Nokia, which initiated the Nokia 6110 in 1997 with mobile phone games, a diary, a pager and a currency converter. The platforms have subsequentlydeveloped to encompass open-source mobile communications technologies for Android smartphonesand Linux-based and Symbian gadgets in recent years.
According to Cooper (2013),the first mobile communication device operating systems were initially developed by Symbian and Microsoft windows. Every mobile operating system has its own recognized environment and auxiliary necessities. The operating systems include hardware elements, safety aspects particular to a specific device, and abilities that impact performance.
Apple’s IOS was developedfor use on Apple products only. The structure issupported on various Apple devices, including the iPhone, IPad, iPad2 and iPod Touch. The iOS structure is reachable to every fabricated gadget, and the organization does not licence the operating system used by other equipment developed by other companies. The Apple iOS platform altered the mobile communications sector.
The Blackberry OS is a transferrablestructuredeveloped by Research in Motion to be usedin the company’srenowned Blackberry devices. The Blackberry providesharmonization with Microsoft Exchange, Lotus Domino, Novell Group Wise email and diverseencodingduring the utilization of Blackberry Enterprise Server.
According to Duc (2017), Continuous Improvement Plan (CIP) was intended to offer detail or stress on matters that become thought-provoking and necessitate extra tracing and information management procedures. The utmosttrial in mobile incident response is considered the mark between the law and the proceduresimplemented bycriminal investigation teams. The course of legitimaterepossession of mobile strategies and information for proof has augmented in intricacytogether with the plan of modern mobile technology gadgets and systems. The forensics team is compelled to displaylaw and standard awareness, understand the types of mobile technology, andlay down conventionsby the concerned bodies. Ambiguity would be a constantproblembased onenvironment and platform compatibility in gadgets and network information tracing. Most of the well-known brands record mobile gadgets with product ids and companybarcodes. The sheer bulk of producers, carriers, and users has been devastating for the intricate forensic investigations. Some of the information valuable to a forensic inquiry is certainly not saved on the gadget but in the cloud by the device’s operating system or third party. Acquiring this information is not only challenging but might similarly carry legal constraints depending on the cloud’s location.
IT research scholars are exploring tools for network information analysis that are particularly intended for crimeinquiries. For example, Ferrara et al. (2014)addressed LogAnalysis for network information enquiry against the growth of commercial network apparatuses, for instance, COPLINK, Analyst’s Notebook and Xanalysis Link Explorer along with POLESTAR and Sandbox.
According to Cisco (2017), the world-wide mobile information traffic will surpass 48 Exabyte every month and half of a zettabyte for overall yearly network traffic. Second, the overall mobile connectivity will be characterized by a 53% share of 4G connectivity. Third, worldwide mobile information traffic will experience a surge of approximately 700% between 2016 and 2021, and that more than 75% of mobile information traffic would in video form. Lastly, mobile information traffic would characterize 20% of the over-all IP traffic.
To attain specific purposes, operating systemsintegrated into mobile gadgets use embedded components, for instance, to utilize software applications or to link to a system. Someforms of solid-state memory are utilized to incorporate random access memory, read-only memory, programmable ROM, and ferroelectric random access memory. There are numerous reasons why data retrieval in the embedded gadget might be essential. Proof of crimes, information linked to vehicular accidents, faults that mainly consist of business processes, and the need for visual documentation. Regarding forensic exploration of other technologies, every phase, undertakings, or procedures in the forensic inquiry should be recorded in writing, accompanied by photos, drawings, and videos if possible.
The process of conducting mobile forensics involves safeguarding information and the gadget, data examination, and the development of reports. Techniques pertaining to collecting data mainly comprise of manual, pseudo-physical, and circuit read acquirements. In the first stage of forensic inquiry, alphanumericpaths are executed, while in a forensics test centre with restricted resources, the most likely digital hints are explored. The standards for forensic research of embedded structures comprise the likelihood of digital hints that are pertinent, the level of industry backing apparatuses, and the prospective for dispositions devoid of the prerequisite for dedicated machinery or understanding. Various duplicates might be generated using a device originating from a similar brand company. The forensic reliability of the embedded gadget is considered to measure how much the initial information has been altered during the entire procedure.
Computer-related delinquencies are put on trial founded ondemonstrations of digital proofacquired within the confines of the law.Digital forensics groups, particularly digital forensic exploration, is the main focuspertaining to Fourth Amendment to the United States Constitution law for pursuit and confiscation, together with codified discretionregulations in the 1984 Police and Criminal Evidence Act (PACE) and the Stored Communication Act. Moreover, the ISO describes what institutes intellectual property, certification, and electronic information based on the perspective of data safety. ISO/IEC 27002; sec. 6 states thatsmartphones, PCs and phablets, telework apparatuses, web toys, and USB necessitatesafetyprotocols. Beyond the act, the Chain of Custody technique is employed to outline the repossession of mobile devices, obtain the information, and offer the essential certification of the occurrences.
The Chain of Custody determines the processes that should be undertaken to ascertain evidence for which a summon or a searching warrant has been dispensed. The data might be gathered devoid of summons or authorization “if the inspecting officer might openly perceive the evidence and to outright accessibility, it based on the plain view principle(Jarrett & Bailie, 2015). The proof is marked, allocated a case digit, take pictures of, and kept in electronic storage and physical wrapped containers. According to Ferrara et al. (2018), a cellular call network may be considered asfixed, and consequently, the network frameworkmay be prone to significant modifications. To recompense for time-basedrestraints, the forensic detectivesshould implement social dynamics linkedto theinformationand evidence elucidation.
Various bodies, among them the Digital Forensics Certification Board, ComputerForensics Laboratory, exhibit custodians, and digital forensics task force all take part in digital forensics exploration and evaluation. According to Jarrett & Bailie (2015), mobile forensics investigation is considered anincessant procedure fullof undertakings that link together at diverse areas within the procedure. The data is managed by forensic experts, proficient experts, law enforcement officers, among other first responders.In the acquisition phase, information is obtainedfrom gadgets using forensic tools, characteristically in a forensic laboratory and categorized as either impulsive or non-volatile. Based on the reporting phase, data is presented by the forensic investigator as proof in a criminal lawsuit. Based on the examination phase, the information is examined for authentication. The entire handlingof the evidence is chronicled as a casework record.
The forensic enquirywould characteristically include duplicates of the information kept on the device’s hardware. Common device cracking tools include international mobile subscriber identities (IMSI) catchers, for instance, stingrays, XRY, Oxygen Forensic, Tarantula, MOBILedit, Paraben’s Device Seizure, and Cellebrite. The IMSI establishes the handset based on nation’s code where the handset originated from, the system encryption, and the documentation digit allocated to the device that acts as the identifier. Stingrays are cell site emulators produced by Harris Corporation that identifies the cell phone’s position and sweeps the information on cellular gadgets within the cell tower’s range (Crimesider. 2017). According to Macwan (2017),a magistrate in New York ruled that a snooping warrant should be acquired from a magistrate to utilize stingrays; instead of the standard of realistic doubt of delinquency. Even though advocates, legal aid organizations, and civil rights groups disapprove of stingray gadgets, cases ranging from theft to assassination have been resolved by integrating the said technique.
Forensic imaging apparatuses used in search and confiscation are vital to mobile forensic investigations. Nonetheless, the tools should be sanctioned by a court of law (Jarrett & Bailie, 2015). Tools used in forensic investigation includes drive duplicators, pc toolkits, target HDDs, digital cameras and video recorders, Encase software, Raid storage; ESD mat and strap; and Windump.
Locating evidence from the mobile handset is a noteworthy contemplation for mobile forensic investigations. Employee undertakings may be traced and time-stamped by incorporating a user device tracker (UDT) that leads investigators to the required evidence. The switch port management apparatus located within the UDT traces a user’s alphanumeric footprint by using names, internet protocol addresses and Media Access Control (MAC) addresses in real-time. The traced information may still be considered useful despite the device’s disconnection from the network.
According to Macwan (2017), mobile handsets consist of a system-level microprocessor that diminishes the supporting chip necessities. The information file is stored in several areas, such as the SIM card memory, RAM and ROM. File-based methods to analyze forensic data locate the information, ascertain it, and extract and initiate the processing measure of files pointed by the file system metadata. Bulk data analysis methods ascertain and obtain the files devoid of the file system metadata.
The forensic investigation presents information from the call records, contact lists, social media activity records, secret code, multimedia information, erased information, system and user documents, locality info, and the communication network. According to Ayers Brothers and Jansen (2014), a handset might facilitate a criminal act as a messaging tool during the perpetration of a crime, as a storage device that offers evidence of a committed crime and as a source of victim data. A live analysis is likely to harm the data’s integrity. Nonetheless, programs that retrieve dumped information are vital in most instances. The Personal Unblocking Key (PUK) might be utilized to access the gadget compared to the PIN. Handset lock codes might also be presented by producers, therefore being activated when a gadget is on. Automated tools to circumvent the login necessities are progressing within the communication industry. Installation of the SIMin smart card readers might allow physical links to computer terminals through GSM SIM access mechanisms.
Criminals incorporate social engineering and mobile susceptibility discovery apparatuses for spasms on unsafe APIs that are increasingly progressive. According to Macwan (2017), nearly seven of every ten smartphone applications convey information to third-party entities. Notwithstanding attempts to preserve information confidentiality, private information is disclosed to vendors amongst other external bodies. Third-party security applications are considered a growing trend for handsets, as additional gullible applications develop faults within the network. Mobile security applications are whitelisted with analysis mechanisms, for instance, Appknox. Authorization is needs prior to finalizing the installations. The subjective data is shared with various corporations, for instance, Facebook Graph API and Google Analytics. Additionally, mapping apps convey the location of the user to software servers and third-party entities.
According to Alherbawi. Shukur and Sulaiman, (2017), data carving is a file extraction mechanism whereby basic information is salvaged based on the file format. Newman’s algorithmdiscovers numerous communities, most of which are obtained in a single node. Carving algorithms to enhance the volume and precision of file documentation were delivered during the Digital Forensics Research Workshop in 2006. In-place carving results in reductions within retrieved information outside of the target information, unexploited after extraction.
A system file in Second-generation handsets is stored in NOR flash while the user files are stored in NAND. The NOR flash basically keeps the operating system codes, drivers, archives, and applications’ execution files. The audialand audio-visual files, PIM information, and visuals files are stored in the NAND flash. On the other hand, RAM stores secret code and configuration files, and consequently, it is of significant importance towards facilitating forensic investigations.
Compound File Binary Format encompasses the Microsoft and MicrosoftInstaller file format. The reference book is either storage directories comparable to file folders or streaming indexes comparable to files. The file arrangement is in array form generated by the Red-Black Tree algorithm. Streams of information may be recreated with opening sector IDs. The file segments are 512 bytes, are positioned at offset 0, and are consist of several fields. Direct entries make the file’s hierarchy. The Compound Document File is utilized for malware studies, repairing, and widespread forensic assessments.
All of the data, evidence and other outcomes extracted, analyzed, and detailed during the study ought to be delivered to any other forensic inspector or a law court in a clear, concise, and comprehensive manner. The assessor should have a clear comprehension of the report being presented and present in a dialect that a non-technical audience will easily interpret. In a court, forensic inspectors are denoted as expert witnesses since they can pierce the evidence and make sense of it using their understanding and know-how despite not being present in a court. They should explain their procedures rationally and why they trust their assumptions are void of faults. The detectivemay present the report using images, films and writing to facilitateeasier understanding. Lastly, the report ought to be accessible in diverse file set-ups for every individual that seeks to assess the report to prevent any obstacles.
The major threat in mobile technology is in the cybersecurity field.My perceptive is founded on the fact that corporations and persons fail to pay significant attention to mobile handsets as they do to laptops and computers. People are cautioned to mount antivirus software on computers. However, most individuals are unaware of the existence of antivirus in their mobile handsets. The number of insecure applications that are accessible for installation on a handset at a click is distressing. The apps, when mounted, may develop backdoors in devices, resulting in leakage of information and identity theft, among others (Duc, 2017). There are numerous challenges in applying app vetting procedures that would not devastatemanagers and aggravate users. Social engineering methods, for instance, phishing, email scams, areas protuberant on handsets as they are on laptops.
The exponential growth in the number of handsets in use today is a sign that the number of delinquencies pertaining to mobile handsets is likely to grow. Former FBI DirectorJamesComey once indicated, “the mobile handset is perhaps the single most significant piece of data found in a crime scene.” The devices are not just growing in numbers but also similarly in capabilities. The element may only expound an increase in the number of forensics gadgets in the market that crime investigation capitalists view smartphones as the future of crime. Since mobile handset manufacturers such as apple and android are always updating and modifying the operating system, it is also important for forensic investigators to be conversant to maintain their relevance in the field.
A mobile handset is considered a voice communication gadget and used for other purposes such as recording videos, sending emails, GPS, transactions, and entertainment. Solutions to problems pertinent to handsets and network safety may be accomplished through enhancing education, growing transparency, and the growth of effective regulatory contexts. Therefore, mobile forensic investigators ought to familiarize themselves with the mobile gadget and the intricacy of mobile forensics.Therefore, it is important to continuously share information and knowledge to competency in solving mobile phone-related crimes in a period deemed to be developing technologically.
