Learn about key trends facing the mobile forensics industry this year, including growing device and data backlogs, cloud-based data, and how to manage large quantities of data from multiple disparate sources.
9 Trends in Identity Verification (2023) by Regula
Cellebrite Predictions Survey 2015
1. Criminal investigations today increasingly have one thing in common – mobile data evidence. As
a result, mobile forensics capabilities have been thrust into the spotlight, along with the ongoing,
dynamic challenges the industry now faces. Rapidly evolving mobile device technology, stronger device
and application encryption methods, and warehouses of data both collected and generated daily,
represents significant implications for not only forensics examiners in the lab, but increasingly, first
responders and investigators in the field. When a crime occurs, time is the enemy. The faster mobile
device data can be extracted, analyzed and acted upon, the faster criminals can be taken off the street,
cases successfully prosecuted and public confidence restored.
Mobile Forensics:
A Look Ahead
Cellebrite Customers Predict Mobile Device Backlogs,
New Data Sources and Legal Issues will Top 2015 Challenges
Cellebrite Predictions Survey 2015
Critical Evidence Now Mobile
In 2013, Messaging and social
app use Tripled
Americans used smartphone
and tablet apps more than
PCs to access the Internet
last month
the first time that has ever
happened.
Sources 1 CNN Money, 2 Flurry Analytics
2
1
2. 2
We recognize that mobile device evidence has
reached a tipping point; growing rapidly in both
importance and volume. Our customers are at the
forefront of this shifting landscape. So we asked
them how they will address the challenges that
mobile data evidence now presents, along with
the tools, processes and training that will allow
them to successfully navigate it in the future. In
Q4 of 2014, 728 law enforcement and corporate
customers provided insights on the challenges
and trends they believe will influence mobile data
forensics in the year ahead. Hands down, nearly
all respondents (95%) report that mobile devices
are the most significant data source in their
investigations today – a trend that shows no sign
of slowing.
The new digital goldmine in investigations
The Data Sources
that Matter Most
95%
59%
45%
32%
Mobile Device
itself
Third-party Apps
Wireless/Cellular
Providers
Cloud Providers
of respondents consider
Mobile Devices
their most significant
data source
95%
3. 3
Backlogs also bring a host of hidden costs and related
issues with them, including overtime for examiners or
the need for outsourcing – both introducing potential
errors in evidence processing and interpretation.
But they also pose more troublesome risks such as
cases going unsolved and suspects receiving lesser
sentences than they actually deserve. Nearly 29
percent of respondents indicated they have plans to
purchase additional forensic tools and expand their
labs to deal with device backlogs. Additionally, almost
60 percent identified a need for first-responder or
field personnel to preview or triage mobile device
evidence before it’s transferred to the lab.
Device backlogs of any size or length mean valuable
data evidence lays in wait. The sooner examiners and
investigators can extract and analyze it, the faster
crimes can be prevented or solved. Respondents
indicated they were open to new mobile forensic
solutions that support multi-tier workflows and tools
that extend simple data triage capability to field
personnel as needed.
With the growing importance of mobile device data to
investigations, backlogs of any duration – even days
or weeks – can jeopardize the length and outcome
of criminal cases. Nearly 80 percent of respondents
reported experiencing some level of device backlog in
the last year, with 44 percent experiencing backlogs
of 1 to 12+ months. This issue appears to be the most
Backlogs Challenging Timely Device Processing
problematic for federal and national law enforcement
respondents (54 percent) and state/provincial/county/
local law enforcement agencies (45 percent). For
those experiencing device backlogs, 68 percent rated
it from somewhat to a very significant challenge. In
the private sector, one-third of respondents reported
little to no backlogs.
The Hidden Costs of Backlogs
of respondents report some level
of device backlog in the last year;
of those lasting 1 to 12+ months
Device Backlogs Building
Nearly
80% 44%
Examiner overtime
Outsourcing device examinations
Risks associated with errors in
evidence processing, interpretation
Cases going unsolved or suspects
receiving lesser sentences
4. 4
A Deluge of New Data Sources Require New Tools, Analytics
It’s not surprising that mobile devices remain the most valuable data source in investigations when you consider
the amount of user-data generated by social networks and messaging applications. For forensic examiners,
accessing that data comes with a host of growing challenges. Both device and application encryption is a big
one, cited by 85 percent of our customers. Another one? The amount of data that is now stored off the device
and in the cloud. This was projected as one of the industry’s most significant issues in the coming year by nearly
60 percent of respondents. Accessing data from third-party applications (60 percent) and wireless or cellular
carriers (45 percent) also remain ongoing challenges. Corporate respondents also place great value on mobile
device, third-party and cloud data in roughly the same proportions as law enforcement.
What do all these new data sources have in
common? They add critical time to what has already
become a complicated and lengthy investigative
workflow. Serving legal process on both cloud and
wireless/cellular providers carries with it additional
complexity due to resistance in the name of privacy,
the requirement to notify customers, lengthy legal
processes, etc. And with increasing number of
crimes extending across borders, the international
mutual legal assistance treaty (MLAT) for providers
in countries other than the investigator’s own can
add months on top of that. It’s not surprising then,
that more than 72 percent of respondents found this
aspect of investigations to be either somewhat (43
percent) or a significant challenge (29 percent).
Top Three Mobile Data Forensics Challenges
85% 60% 41%
Device and Application
Encryption
Amount of Data Stored
off the Device and
in the Cloud
Aggregating and
Analyzing Big Data
5. 5
All the data in the world is only as valuable as the analytics used to make it actionable. Having the ability to
quickly visualize key connections – the bigger picture – helps investigators speed investigations, something that
approximately 83 percent of respondents deem somewhat to very important. In our survey, respondents also
rated text/content, image and geolocation analytics highly for the cases they work (92 percent, 82 percent and
70 percent respectively). Time delays – due to backlogs or process red tape – are the enemy of digital forensic
investigations. The findings above underscore the importance of having access to key data mobile data quickly,
along with the analytics and workflows to make it actionable in the lab and in the field.
Analytics Make Data Actionable
Strategically social
Law enforcement professionals
actively use social media as a
tool in their investigations3
use it on a daily basis
8 out of every 10
We live in an age of social media, where networks like Facebook and LinkedIn map our connections,
track our locations and use that knowledge to shape our preferences and behavior. According to the
International Association of Chiefs of Police (IACP), 86.1 percent of agencies surveyed in 2013 leverage
social media for criminal investigations.
92%
83%
82%
70%
25%
text/content
connections
IMAGE/VIDEO
GEOLOCATION
92% rate text/content analytics as important
83% find the ability to visualize key connections quickly
somewhat to very important
82% cite image analytics as important
70% rate geolocation analytics as important
Source 3 LexisNexis 2014
6. 6
You don’t need to look further than the latest news
to see the impact of mobile data on data forensics
investigations and criminal proceedings, as well as
the associated challenges of legal access and privacy.
Our survey findings suggest that law enforcement
agencies and enterprises are not entirely clear on if,
or how, their standard operating procedures will be
impacted by ongoing legal precedent. They are, how-
ever, monitoring the landscape closely.
The majority of survey respondents has received
training on both legal and technical topics related to
mobile forensics. All respondents recognize the need
for ongoing training to both perform mobile forensic
examinations and testify about them in court. With
the proper processes, tools and training, all organiza-
tions can help guarantee that the search, seizure and
extraction of mobile evidence is done in accordance
with the law.
For forensic examiners, training is not a nice to have,
but a necessity that ensures job competency. The cost
of training should always be weighed against the po-
tential cost of not training; the limited ability to access
and analyze mobile device data, the impact on inves-
tigations of not having evidence readily available and
the potential outcomes of putting untrained forensic
examiners on the stand in court.
Training Prepares Examiners for What Comes Next
Training not just a nice to have, but a
critical necessity ensuring job competency
of respondents have received training
75%
7. 7
The implications of mobile device data on the digital
forensics industry are difficult to ignore. It remains
our customers’ most important data source in the
fight against crime. To harness its power, global public
safety agencies and enterprises need effective, legally
sound ways to manage the growing complexity and
volume this data now represents. Call logs, social
media posts and texts can help establish the critical
connections officers, investigators and prosecutors
need to act quickly; determine innocence or guilt.
They require proven, forensic-sound data solutions
that create new and improved workflows to reduce
mobile device backlogs and speed investigations. Our
industry-leading solutions arm forensic examiners
and investigators in the lab and field with the capa-
bility to extract, analyze and act on mobile data with
the speed and accuracy any situation demands – and
deliver evidence they can stand behind.
For more information, visit www.cellebrite.com.
A Critical Tipping Point
Survey Background and Methodology
A Growing Need:
Extending Mobile Data
Forensics Capabilities
to the Field
Cellebrite customers were provided a SurveyMonkey link via its closed LinkedIn group and via email in Q4 of 2014.
• Survey questions addressed a range of mobile data forensics topics, including forensic lab backlogs and how to
reduce them, new challenges such as exploding data sources, big data analytics and training requirements in a
changing legal landscape.
• Survey respondents were also asked to rank what they felt to be the biggest challenges they face in the coming year.
• A total of 797 customers responded to the survey, with 728 completing all questions.
• More than two-thirds of respondents were from North America and 21 percent from Europe.
• Approximately 86 percent of respondents work in law enforcement: 63 percent in state/local/provincial and 23
percent in federal/national agencies. Half (and among corporate respondents, nearly three-quarters) described
their roles best as digital forensic examiners. Thirty-nine percent identified as detectives, inspectors, investigators
or special agents.
of respondents
rated as
important
61%