The mobile forensics landscape has changed radically in the last few years due to the rapid consumer adoption of smartphones and tablets.

Examinations of iOS and Android-powered smartphones and tablets account for an overwhelming majority of mobile forensics examinations according to our recent survey of digital forensics professionals.

Mobile examinations

SOURCE: 'Digital Forensics Survey' MaCorr Research and Magnet Forensics, April 2015

The rapid pace of innovation and change in smartphone technologies has created three big challenges for digital forensic examiners.

3 big challenges of smartphone forensics

1

Acquiring Smartphone Images

As security features like memory encryption are being introduced for iOS and Android, they limit the acquisition methods and amount of data that can be extracted from smartphones.

2

Recovering & Analyzing Smartphone Internet and App Data

Traditional mobile forensics tools don't dig deep enough into smartphone internet and App data to enable complete forensics analysis of all the user activity in popular chat apps, browsers, social networking apps, email apps, etc.

3

Integrated Analysis of Digital Evidence from Computer and Smartphones

Cases often require examination of combined user activity on computers, smartphones and tablets. Because this requires the use of specialized computer and mobile forensic tools, it can be difficult to get an integrated view of all the evidence collected.

Recovering & Analyzing Smartphone Internet and App Data

Smartphone user behaviour has quickly shifted away from calling and text messaging towards Internet apps for chatting, browsing, social networking, emailing, etc. Naturally recovering and analyzing data from these apps has become an important aspect of your smartphone examinations.

We surveyed digital forensics examiners to better understand your perspective on the level of difficulty of recovering data from a variety or sources on smartphones and the results showed 3rd-party apps were the most difficult type of smartphone evidence to recover.

Recovering data from smartphone data sources:


SOURCE: 'Digital Forensics Survey' MaCorr Research and Magnet Forensics, April 2015

Top 5 Problems Recovering Smartphone Internet & App Data

1. New apps emerge and rise in popularity every few months

2. Established or popular apps are constantly being updated and changed

3. Multiple browsers may have been installed on the device. How do you know if you found all the data?

4. The important evidence might reside in data from an obscure app you've never even heard of

5. Your current mobile forensics tools aren't focused on supporting for the recovery app data

Overcome the technical challenges of smartphone forensics to uncover the truth

We understand that digital forensics is a means to end, and that your real mission is much bigger: Fighting crime. Preventing the misuse of company assets. Protecting national security.

INTEGRATED ANALYSIS OF USER ACTIVITY ON SMARTPHONES, COMPUTERS, AND TABLETS



When an individual's digital activities are spread across a variety of mobile devices, along with computers, getting to a single integrated view of all the data can be challenging. It can be hard to see the relationships between activity when jumping between mobile forensic tools and computer forensic tools that each have different ways of presenting data.

Forensics examiners need a platform that gives them integrated acquisition, analyzing and reporting tools. They need software that supports the most up-to-date versions of apps on smartphones, tablets and computers. They need to reduce case backlog by queueing multiple devices for acquisition, and ideally they need to have the acquisition process start automatically.

For an end-to-end solution, Magnet AXIOM combines the ease of acquisition through Magnet ACQUIRE with the powerful processing capabilities of Magnet IEF and a new set of in-depth analysis tools. Magnet AXIOM is a complete digital investigation platform that allows users to seamlessly acquire, analyze, and share digital evidence from computers, smartphones, and tablets.

WITH MAGNET AXIOM, YOU CAN WORK THE WHOLE CASE:

  • Acquire computer and smartphone images quickly.
  • Automate acquisition and processing tasks, freeing up time for deeper analysis. 
  • Find artifact data, file system data, and registry data, including unallocated or deleted space.
  • Analyze using multiple views, filters, searches, categories.
  • Link artifact data back to its file system or registry source data in seconds.
  • Present your findings already in your reporting format.

AXIOM WAS BUILT BASED ON OUR CUSTOMERS’ NEEDS.

Examiners have a lot of complex work to do and AXIOM’s intuitive user interface and automated processes allow examiners to focus on analysis.

Features and Capabilities of Magnet AXIOM



Learn More Request a Demo

Acquiring Smartphone Images

Traditionally, the techniques used to acquire images of mobile devices have been secrets that are ‘hidden behind the curtains’ of mobile forensics tools. This lack of transparency only makes your job more difficult.


Have you ever wondered:

  • Why sometimes you’re able to acquire a physical image, while other times you can only access a logical image or file dump?
  • Why do I have to choose ‘method x’ or ‘method y’? What’s the difference between these methods and why do they seem to produce different results?
  • How did this data get extracted from the device? How will I testify in court if questioned on method?

WE FEEL IT’S TIME TO LIFT THE VEIL OF SECRECY ON SMARTPHONE IMAGING.

No matter which mobile forensic tool you use, there are a finite number of viable acquisition methods for any given smartphone.

The best option in any given circumstance will always be dependent on the same factors:

  • OS version
  • Device make & model
  • Wireless carrier configuration

Based on the direction Apple and Google are headed with recent and forthcoming versions of their operations systems, encryption of memory on smartphones is going to become a standard security feature.

This means that physical images will become increasingly challenging to acquire. Across the board, logical acquisition methods that use documented OS backup processes and commands are becoming the most viable and consistent options for extracting data from smartphones.

A Free Acquisition Tool

Magnet ACQUIRE is part of Magnet AXIOM and is also available as a free tool that enables digital forensic examiners to quickly and easily acquire forensic images from laptops, desktops and removable media such as USB keys and external hard drives.

ACQUIRE AS MUCH DATA AS POSSIBLE

Magnet ACQUIRE maximizes the quality of content/data that can be extracted from both smartphones and hard drives despite the challenges each one presents.

DOCUMENTED ACQUISITION METHODS

Activity logging and documentation allows you to understand which acquisition methods were used and how data was extracted from each smartphone and hard drive.






Assess your digital forensics needs and get a walk-through of Magnet AXIOM by requesting a demo.

Request a demo >