What do Android analysis, forensic machine learning, and going to court have in common? They were all topics of Magnet Forensics’ white papers last year. Whether to share our experts’ research and knowledge on mobile operating systems (like Android Marshmallow and Nougat), provide an in-depth look at the technology and concepts (like Magnet.AI and custom recovery flashing) behind our products, or simply to update our recommendations on the best way to present in court, our white papers were designed to help you excel at digital forensics. If you missed any of our white papers last year, here is a quick overview of what we release (click on the title to download it for free!)
Focus on Mobile Forensics
Early in 2017, we highlighted Android 6.0’s full disk encryption, passwords, and adoptable storage. Because these posed a few new challenges for digital forensic examiners, including hardware-accelerated encryption and new password storage locations, we wanted to make sure to demonstrate the skills and tools you need to collect evidence from devices that use them. As of January 2018, Marshmallow had nearly 29% adoption, the most of any Android platform—are you getting the most from your analysis of this OS?
On the other end of 2017 we covered Android 7.0’s file-based encryption, Direct Boot, and other security features. Nougat has more than 21% adoption among Android users, so Google’s latest changes to its OS—including credential vs. device encrypted storage partitions, file-based encryption, and their implications in a multi-user environment—require additional forensic skills.
This year, we introduced the ability to extract physical images from Android devices by flashing custom recovery partitions to evidence devices. We took the opportunity to discuss the many different ways you have to extract full memory images and in what situations to use them. The benefits, risks, and procedures behind live (rooting) and dead exploits, bootloaders, and different types of custom recovery flashing were the topic of this paper, as well as what to document as you go through your processes.
Looking Further into Magnet Forensics Innovation
There’s a lot out there about machine learning, artificial intelligence, and data science. It can be difficult to sort it all in a way that makes sense. So, when we introduced Magnet.AI to Magnet AXIOM, we felt strongly about framing our machine learning solution in a way that was easy to understand—especially in context of the solution: protecting children. This white paper talks about the limits of other analytics like named entity recognition, link analysis, and sentiment analysis, and how contextual content analysis fills those gaps to identify whether a device has been used to lure, or groom, children for sexual activity.
An Update to our Experts’ Recommendations
This white paper, an update to our 2014 paper “8 Tips for Presenting Digital Evidence in Court,” offered our opinions on advance preparation for trial testimony. It covers the four most important steps you can take to prepare for trial; the importance of even the smallest details when you seize a device; the standard acquisition, examination and analysis procedures to go through; documentation and reporting; and finally, what to keep in mind as you report and present your findings to non-technical audiences.
New White Papers Coming Soon
Stay up-to-date on our newest white papers by subscribing to our blog! In 2018 we’ll continue to highlight topics of interest to our community, including how-to guides and trends to be aware of. Subscribe by entering your email to the right.