One of draft versios of "Concepts and Methodology in Mobile Devices Digital Forensics Education and Training",
Abstract - This paper presents various issues in digital forensics of mobile devices and how to address these issues in the related education and training process. Mobile devices forensics is a new, very fast developing field which lacks standardization, compatibility, tools, methods and skills. All this drawbacks have impact on the results of forensic process and also have deep influence in training and education process. In this paper real life experience in training is presented, with tools, devices, procedures and organization with purpose to improve process of mobile devices forensics and mobile forensic training and education
Draft current state of digital forensic and data science Damir Delija
In this presentation we will introduce current state of digital forensics, its positioning in general IT security and relations with data science and data analyses. Many strong links exist among this technical and scientific fields, usually this links are not taken into consideration. For data owners, forensic researchers and investigators this connections and data views presents additional hidden values.
Digital forensics research: The next 10 yearsMehedi Hasan
Today’s Golden Age of computer forensics is quickly coming to an end. Without a clear strategy for enabling research efforts that build upon one another, forensic research will fall behind the market, tools will become increasingly obsolete, and law enforcement, military and other users of computer forensics products will be unable to rely on the results of forensic analysis. This article summarizes current forensic research directions and argues that to move forward the community needs to adopt standardized, modular approaches for data representation and forensic processing.
@2010 Digital Forensic Research Workshop. Published by Elsevier Ltd. All rights reserved
Data validation using CDR (Call Detail Records) and real cell tower coverageNicola Chemello
digital forensics acquisition is one of the most important part of any investigation. Granting the results comparing the obtained data with third party information is something the investigator should consider. Fake SMS, wrong parsing of the data, and other issues can be prevented if multiple sources are analysed. In this briefly presentation the results of a correlation with SecurCube Phonelog for the CDR analysis and SecurCube BTS tracker for the real cell towers coverage are highlighted.
Draft current state of digital forensic and data science Damir Delija
In this presentation we will introduce current state of digital forensics, its positioning in general IT security and relations with data science and data analyses. Many strong links exist among this technical and scientific fields, usually this links are not taken into consideration. For data owners, forensic researchers and investigators this connections and data views presents additional hidden values.
Digital forensics research: The next 10 yearsMehedi Hasan
Today’s Golden Age of computer forensics is quickly coming to an end. Without a clear strategy for enabling research efforts that build upon one another, forensic research will fall behind the market, tools will become increasingly obsolete, and law enforcement, military and other users of computer forensics products will be unable to rely on the results of forensic analysis. This article summarizes current forensic research directions and argues that to move forward the community needs to adopt standardized, modular approaches for data representation and forensic processing.
@2010 Digital Forensic Research Workshop. Published by Elsevier Ltd. All rights reserved
Data validation using CDR (Call Detail Records) and real cell tower coverageNicola Chemello
digital forensics acquisition is one of the most important part of any investigation. Granting the results comparing the obtained data with third party information is something the investigator should consider. Fake SMS, wrong parsing of the data, and other issues can be prevented if multiple sources are analysed. In this briefly presentation the results of a correlation with SecurCube Phonelog for the CDR analysis and SecurCube BTS tracker for the real cell towers coverage are highlighted.
As our digital records are likely to be cyber-breached several times and/or we all have to deal with legal proceedings, learn how to use digital forensics experts efficiently.
Forensic science is a scientific method of gathering and examining information about the past which is then used in the court of law. Digital Forensics is the use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence derived from digital devices for the purpose of facilitation or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations.
Mobile forensics is a branch of digital forensics. Simply, it is a science of recovering different kinds of evidence from mobile phones. It helps investigators significantly to reach to the criminal.
A presentation given at the Glasgow Caledonian University, Digital Forensics Student Conference in 2014 discussing some of the technical challenges we face in cyber forensics and possible research areas.
Digital forensics is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. A Pilot study on methodology and complexity of digital forensics and how digital forensics can be applied in a live environment without the loss or spoilage of valuable data and evidence.
The use of digital devices in day to day life has increased tremendously. Mobile devices have become an vital part of our day to day routine and they are prone to facilitating illegal activity or otherwise being involved when crimes occur. Whereas computers, laptops, servers, and gaming devices might have many users, in the vast majority of cases, mobile devices generally belong to an individual. The science behind recovering digital evidence from mobile phones is called mobile forensics. Digital evidence is defined as data and information that is stored on, received, or transmitted by an electronic device that is used for investigations. Digital evidence encompasses any and all digital data that can be used as evidence in a case. Mobile devices present many challenges from a forensic viewpoint. With new models being developed each day, it is extremely difficult to develop a single process or tool to address all the possibilities an investigator may face. Court cases also need to be taken into consideration as mobile devices are being seized and analyzed. Mr. I. A. Attar | Mr. M. M. Kapale "Conceptual Study of Mobile Forensics" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-1 , December 2019, URL: https://www.ijtsrd.com/papers/ijtsrd29476.pdfPaper URL: https://www.ijtsrd.com/computer-science/world-wide-web/29476/conceptual-study-of-mobile-forensics/mr-i-a-attar
New research directions in the area ofIJCNCJournal
The proliferation of smart mobile phones with diverse features makes it possible to increase their use in
criminal activities. The fast technological evolution and presence of different smart phones and their
proprietary operating systems pose great difficulties for investigators and law enforcement officials to
choose the best tool for forensics examination, accurate recovery and speedy analysis of data present on
smart phones. This paper presents a literature review on smart phone forensic techniques for different
platform. As a result of comprehensive analysis of these techniques, it has been found that there is no
generic forensic technique or tool available which can perform the forensic analysis of all currently
available different smart phones. Further, there is a need to develop a generic technique for forensic
analysis of a variety of different smart phones. This generic technique should perform the forensic of
currently available different smart phones on the crime scene without need to attach the smart phone with
computer. Further, it will help the investigators to do their jobs easily and more efficiently. The proposed
technique need to be implemented and tested on different smart phones to validate its performance and
accuracy.
Mobile phones are an integral part of our lives since they have played a vital role in bringing people closer together. They have abundantly been used by people all across the globe as they keep them up-to-date about the happenings in the world. However, these mobile phones have also been used in carrying out various criminal activities for the past few decades, therefore, a new discipline of Mobile Phone Forensics has been introduced which will help a lot in curbing the menace of these crimes by locating the whereabouts of the criminals. This research paper deals with the introduction of this innovative discipline of mobile phone forensics by throwing light on the importance of this discipline. It also deals with the detailed procedure of conducting a formal forensics analysis with the help of these mobile phones.
As our digital records are likely to be cyber-breached several times and/or we all have to deal with legal proceedings, learn how to use digital forensics experts efficiently.
Forensic science is a scientific method of gathering and examining information about the past which is then used in the court of law. Digital Forensics is the use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence derived from digital devices for the purpose of facilitation or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations.
Mobile forensics is a branch of digital forensics. Simply, it is a science of recovering different kinds of evidence from mobile phones. It helps investigators significantly to reach to the criminal.
A presentation given at the Glasgow Caledonian University, Digital Forensics Student Conference in 2014 discussing some of the technical challenges we face in cyber forensics and possible research areas.
Digital forensics is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. A Pilot study on methodology and complexity of digital forensics and how digital forensics can be applied in a live environment without the loss or spoilage of valuable data and evidence.
The use of digital devices in day to day life has increased tremendously. Mobile devices have become an vital part of our day to day routine and they are prone to facilitating illegal activity or otherwise being involved when crimes occur. Whereas computers, laptops, servers, and gaming devices might have many users, in the vast majority of cases, mobile devices generally belong to an individual. The science behind recovering digital evidence from mobile phones is called mobile forensics. Digital evidence is defined as data and information that is stored on, received, or transmitted by an electronic device that is used for investigations. Digital evidence encompasses any and all digital data that can be used as evidence in a case. Mobile devices present many challenges from a forensic viewpoint. With new models being developed each day, it is extremely difficult to develop a single process or tool to address all the possibilities an investigator may face. Court cases also need to be taken into consideration as mobile devices are being seized and analyzed. Mr. I. A. Attar | Mr. M. M. Kapale "Conceptual Study of Mobile Forensics" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-1 , December 2019, URL: https://www.ijtsrd.com/papers/ijtsrd29476.pdfPaper URL: https://www.ijtsrd.com/computer-science/world-wide-web/29476/conceptual-study-of-mobile-forensics/mr-i-a-attar
New research directions in the area ofIJCNCJournal
The proliferation of smart mobile phones with diverse features makes it possible to increase their use in
criminal activities. The fast technological evolution and presence of different smart phones and their
proprietary operating systems pose great difficulties for investigators and law enforcement officials to
choose the best tool for forensics examination, accurate recovery and speedy analysis of data present on
smart phones. This paper presents a literature review on smart phone forensic techniques for different
platform. As a result of comprehensive analysis of these techniques, it has been found that there is no
generic forensic technique or tool available which can perform the forensic analysis of all currently
available different smart phones. Further, there is a need to develop a generic technique for forensic
analysis of a variety of different smart phones. This generic technique should perform the forensic of
currently available different smart phones on the crime scene without need to attach the smart phone with
computer. Further, it will help the investigators to do their jobs easily and more efficiently. The proposed
technique need to be implemented and tested on different smart phones to validate its performance and
accuracy.
Mobile phones are an integral part of our lives since they have played a vital role in bringing people closer together. They have abundantly been used by people all across the globe as they keep them up-to-date about the happenings in the world. However, these mobile phones have also been used in carrying out various criminal activities for the past few decades, therefore, a new discipline of Mobile Phone Forensics has been introduced which will help a lot in curbing the menace of these crimes by locating the whereabouts of the criminals. This research paper deals with the introduction of this innovative discipline of mobile phone forensics by throwing light on the importance of this discipline. It also deals with the detailed procedure of conducting a formal forensics analysis with the help of these mobile phones.
Review on effectiveness of deep learning approach in digital forensicsIJECEIAES
Cyber forensics is use of scientific methods for definite description of cybercrime activities. It deals with collecting, processing and interpreting digital evidence for cybercrime analysis. Cyber forensic analysis plays very important role in criminal investigations. Although lot of research has been done in cyber forensics, it is still expected to face new challenges in near future. Analysis of digital media specifically photographic images, audio and video recordings are very crucial in forensics This paper specifically focus on digital forensics. There are several methods for digital forensic analysis. Currently deep learning (DL), mainly convolutional neural network (CNN) has proved very promising in classification of digital images and sound analysis techniques. This paper presents a compendious study of recent research and methods in forensic areas based on CNN, with a view to guide the researchers working in this area. We first, defined and explained preliminary models of DL. In the next section, out of several DL models we have focused on CNN and its usage in areas of digital forensic. Finally, conclusion and future work are discussed. The review shows that CNN has proved good in most of the forensic domains and still promise to be better.
Proposed high level solutions to counter online examination fraud using digit...Ivans Kigwana
In this current digital age, most of the tasks are conducted electronically. Some academic institutions have not been left behind as they have adopted the norm of presenting exams via online means to students. The present-day paradigm creates opportunities for students to use this as an opening to cheat or commit online examination fraud because of the absence of exam proctors. Having electronic evidence would be vital if there was a disciplinary hearing into examination fraud. In the case when an institution is not prepared before-hand for such an incident, it is likely that there won’t be important electronic evidence that is admissible before the disciplinary committee. In this case, it could be damaging to the institution’s reputation and how it handles its academic affairs. In order to prepare institutions for such an incident, there should be proactive measures (digital forensic readiness measures) that need to be in place. These digital forensic readiness techniques can be used interchangeably because most, if not all of them, capture different kinds of data. So the institution needs a proper plan on what data might be useful before any technique can be implemented. Various factors such as cost of implementation and difficulty of implementation of these digital forensic readiness methods make its implementation even more difficult. This paper aims to explore the various ways how students commit online examination fraud and later propose high level digital forensic readiness techniques that can be used to capture as much information as possible before-hand which can later be used when there is need for a digital forensic investigation or perhaps suspicion of examination malpractice. We later evaluate the proposed techniques based on difficulty of implementation, cost of implementation and efficiency of operation of each particular technique. As motivation, we choose six (6) techniques which are explained in detail to help the reader understand why and how they can be used to suit a given digital forensic readiness purpose.
On the Availability of Anti-Forensic Tools for SmartphonesCSCJournals
The existence of anti-forensic tools in the context of computing systems is one of the main challenges for forensics investigators in achieving reliable evidence recovery and consequently uncovering crime facts. This is in particular more challenging in emerging smartphone technologies, since data is of highly mobile and volatile nature. In the current paper, we present a brief study of several anti-forensic applications available for smartphones. The applications are ready to use, most of them free, and require no expert technical knowledge. Moreover, these have been proved to be very effective when tested with two commercial forensic tools.
Proposed T-Model to cover 4S quality metrics based on empirical study of root...IJECEIAES
There are various root causes of software failures. Few years ago, software used to fail mainly due to functionality related bugs. That used to happen due to requirement misunderstanding, code issues and lack of functional testing. A lot of work has been done in past on this and software engineering has matured over time, due to which software’s hardly fail due to functionality related bugs. To understand the most recent failures, we had to understand the recent software development methodologies and technologies. In this paper we have discussed background of technologies and testing progression over time. A survey of more than 50 senior IT professionals was done to understand root cause of their software project failures. It was found that most of the softwares fail due to lack of testing of non-functional parameters these days. A lot of research was also done to find most recent and most severe software failures. Our study reveals that main reason of software failures these days is lack of testing of non-functional requirements. Security and Performance parameters mainly constitute non-functional requirements of software. It has become more challenging these days due to lots of development in the field of new technologies like Internet of things (IoT), Cloud of things (CoT), Artificial Intelligence, Machine learning, robotics and excessive use of mobile and technology in everything by masses. Finally, we proposed a software development model called as T-model to ensure breadth and depth of software is considered while designing and testing of software.
Use of network forensic mechanisms to formulate network securityIJMIT JOURNAL
Network Forensics is fairly a new area of research which would be used after an intrusion in various
organizations ranging from small, mid-size private companies and government corporations to the defence
secretariat of a country. At the point of an investigation valuable information may be mishandled which
leads to difficulties in the examination and time wastage. Additionally the intruder could obliterate tracks
such as intrusion entry, vulnerabilities used in an entry, destruction caused, and most importantly the
identity of the intruder. The aim of this research was to map the correlation between network security and
network forensic mechanisms. There are three sub research questions that had been studied. Those have
identified Network Security issues, Network Forensic investigations used in an incident, and the use of
network forensics mechanisms to eliminate network security issues. Literature review has been the
research strategy used in order study the sub research questions discussed. Literature such as research
papers published in Journals, PhD Theses, ISO standards, and other official research papers have been
evaluated and have been the base of this research. The deliverables or the output of this research was
produced as a report on how network forensics has assisted in aligning network security in case of an
intrusion. This research has not been specific to an organization but has given a general overview about
the industry. Embedding Digital Forensics Framework, Network Forensic Development Life Cycle, and
Enhanced Network Forensic Cycle could be used to develop a secure network. Through the mentioned
framework, and cycles the author has recommended implementing the 4R Strategy (Resistance,
Recognition, Recovery, Redress) with the assistance of a number of tools. This research would be of
interest to Network Administrators, Network Managers, Network Security personnel, and other personnel interested in obtaining knowledge in securing communication devices/infrastructure. This research provides a framework that can be used in an organization to eliminate digital anomalies through network forensics, helps the above mentioned persons to prepare infrastructure readiness for threats and also enables further research to be carried on in the fields of computer, database, mobile, video, and audio.
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITYIJMIT JOURNAL
Network Forensics is fairly a new area of research which would be used after an intrusion in various
organizations ranging from small, mid-size private companies and government corporations to the defence
secretariat of a country. At the point of an investigation valuable information may be mishandled which
leads to difficulties in the examination and time wastage. Additionally the intruder could obliterate tracks
such as intrusion entry, vulnerabilities used in an entry, destruction caused, and most importantly the
identity of the intruder. The aim of this research was to map the correlation between network security and
network forensic mechanisms. There are three sub research questions that had been studied. Those have
identified Network Security issues, Network Forensic investigations used in an incident, and the use of
network forensics mechanisms to eliminate network security issues. Literature review has been the
research strategy used in order study the sub research questions discussed. Literature such as research
papers published in Journals, PhD Theses, ISO standards, and other official research papers have been
evaluated and have been the base of this research. The deliverables or the output of this research was
produced as a report on how network forensics has assisted in aligning network security in case of an
intrusion. This research has not been specific to an organization but has given a general overview about
the industry. Embedding Digital Forensics Framework, Network Forensic Development Life Cycle, and
Enhanced Network Forensic Cycle could be used to develop a secure network. Through the mentioned
framework, and cycles the author has recommended implementing the 4R Strategy (Resistance,
Recognition, Recovery, Redress) with the assistance of a number of tools. This research would be of
interest to Network Administrators, Network Managers, Network Security personnel, and other personnel
interested in obtaining knowledge in securing communication devices/infrastructure. This research
provides a framework that can be used in an organization to eliminate digital anomalies through network
forensics, helps the above mentioned persons to prepare infrastructure readiness for threats and also
enables further research to be carried on in the fields of computer, database, mobile, video, and audio.
The Anti-Forensics Challenge Kamal Dahbur [email pro.docxmehek4
The Anti-Forensics Challenge
Kamal Dahbur
[email protected]
Bassil Mohammad
[email protected]
School of Engineering and Computing Sciences
New York Institute of Technology
Amman, Jordan
ABSTRACT
Computer and Network Forensics has emerged as a new field in
IT that is aimed at acquiring and analyzing digital evidence for
the purpose of solving cases that involve the use, or more
accurately misuse, of computer systems. Many scientific
techniques, procedures, and technological tools have been
evolved and effectively applied in this field. On the opposite
side, Anti-Forensics has recently surfaced as a field that aims at
circumventing the efforts and objectives of the field of computer
and network forensics. The purpose of this paper is to highlight
the challenges introduced by Anti-Forensics, explore the various
Anti-Forensics mechanisms, tools and techniques, provide a
coherent classification for them, and discuss thoroughly their
effectiveness. Moreover, this paper will highlight the challenges
seen in implementing effective countermeasures against these
techniques. Finally, a set of recommendations are presented with
further seen research opportunities.
Categories and Subject Descriptors
K.6.1 [Management of Computing and Information
Systems]: Projects and People Management – System Analysis
and Design, System Development.
General Terms
Management, Security, Standardization.
Keywords
Computer Forensics (CF), Computer Anti-Forensics (CAF),
Digital Evidence, Data Hiding.
1. INTRODUCTION
The use of technology is increasingly spreading
covering various aspects of our daily lives. An equal increase, if
not even more, is realized in the methods and techniques created
with the intention to misuse the technologies serving varying
objectives being political, personal or anything else. This has
clearly been reflected in our terminology as well, where new
terms like cyber warfare, cyber security, and cyber crime,
amongst others, were introduced. It is also noticeable that such
attacks are getting increasingly more sophisticated, and are
utilizing novel methodologies and techniques. Fortunately, these
attacks leave traces on the victim systems that, if successfully
recovered and analyzed, might help identify the offenders and
consequently resolve the case(s) justly and in accordance with
applicable laws. For this purpose, new areas of research emerged
addressing Network Forensics and Computer Forensics in order
to define the foundation, practices and acceptable frameworks
for scientifically acquiring and analyzing digital evidence in to
be presented in support of filed cases. In response to Forensics
efforts, Anti-Forensics tools and techniques were created with
the main objective of frustrating forensics efforts, and taunting
its credibility and reliability.
This paper attempts to provide a clear definition for Computer
Anti-Forensics and consolidates various aspects of the topi ...
The Anti-Forensics Challenge Kamal Dahbur [email pro.docxmattinsonjanel
The Anti-Forensics Challenge
Kamal Dahbur
[email protected]
Bassil Mohammad
[email protected]
School of Engineering and Computing Sciences
New York Institute of Technology
Amman, Jordan
ABSTRACT
Computer and Network Forensics has emerged as a new field in
IT that is aimed at acquiring and analyzing digital evidence for
the purpose of solving cases that involve the use, or more
accurately misuse, of computer systems. Many scientific
techniques, procedures, and technological tools have been
evolved and effectively applied in this field. On the opposite
side, Anti-Forensics has recently surfaced as a field that aims at
circumventing the efforts and objectives of the field of computer
and network forensics. The purpose of this paper is to highlight
the challenges introduced by Anti-Forensics, explore the various
Anti-Forensics mechanisms, tools and techniques, provide a
coherent classification for them, and discuss thoroughly their
effectiveness. Moreover, this paper will highlight the challenges
seen in implementing effective countermeasures against these
techniques. Finally, a set of recommendations are presented with
further seen research opportunities.
Categories and Subject Descriptors
K.6.1 [Management of Computing and Information
Systems]: Projects and People Management – System Analysis
and Design, System Development.
General Terms
Management, Security, Standardization.
Keywords
Computer Forensics (CF), Computer Anti-Forensics (CAF),
Digital Evidence, Data Hiding.
1. INTRODUCTION
The use of technology is increasingly spreading
covering various aspects of our daily lives. An equal increase, if
not even more, is realized in the methods and techniques created
with the intention to misuse the technologies serving varying
objectives being political, personal or anything else. This has
clearly been reflected in our terminology as well, where new
terms like cyber warfare, cyber security, and cyber crime,
amongst others, were introduced. It is also noticeable that such
attacks are getting increasingly more sophisticated, and are
utilizing novel methodologies and techniques. Fortunately, these
attacks leave traces on the victim systems that, if successfully
recovered and analyzed, might help identify the offenders and
consequently resolve the case(s) justly and in accordance with
applicable laws. For this purpose, new areas of research emerged
addressing Network Forensics and Computer Forensics in order
to define the foundation, practices and acceptable frameworks
for scientifically acquiring and analyzing digital evidence in to
be presented in support of filed cases. In response to Forensics
efforts, Anti-Forensics tools and techniques were created with
the main objective of frustrating forensics efforts, and taunting
its credibility and reliability.
This paper attempts to provide a clear definition for Computer
Anti-Forensics and consolidates various aspects of the topi ...
Globally, the extensive use of smartphone devices has led to an increase in storage and transmission of enormous volumes of data that could be potentially be used as digital evidence in a forensic investigation. Digital evidence can sometimes be difficult to extract from these devices given the various versions and models of smartphone devices in the market. Forensic analysis of smartphones to extract digital evidence can be carried out in many ways, however, prior knowledge of smartphone forensic tools is paramount to a successful forensic investigation. In this paper, the authors outline challenges, limitations and reliability issues faced when using smartphone device forensic tools and accompanied forensic techniques. The main objective of this paper is intended to be consciousness-raising than suggesting best practices to these forensic work challenges.
SOK:An overview of data extraction techniques from mobile phonesAshish Sutar
The article gives an overview of data extraction techniques from Mobile phones. This will help to new forensic investigators as well as forensic analysts to learn these techniques in detail subsequently.
The paper emphasizes the human aspects of cyber incidents concerning protecting information and
technology assets by addressing behavioral analytics in cybersecurity for digital forensics applications.
The paper demonstrates the human vulnerabilities associated with information systems technologies and
components. This assessment is based on past literature assessments done in this area. This study also
includes analyses of various frameworks that have led to the adoption of behavioral analysis in digital
forensics. The study's findings indicate that behavioral evidence analysis should be included as part of the
digital forensics examination. The provision of standardized investigation methods and the inclusion of
human factors such as motives and behavioral tendencies are some of the factors attached to the use of
behavioral digital forensic frameworks. However, the study also appreciates the need for a more
generalizable digital forensic method.
Similar to Concepts and Methodology in Mobile Devices Digital Forensics Education and Training (20)
Uvođenje novih sadržaja u nastavu digitalne forenzike i kibernetičke sigurnos...Damir Delija
Sažetak - U ovom radu razmatramo načine kontinuiranog uvođenje novih sadržaja u predmete s područja kibernetičke sigurnosti. Kao primjer navodimo „Osnove računalne forenzike“ u koji se novi sadržaji uvode korištenjem studentskih praktičnih i teoretskih radova, ideje za radove predlažu studenti i predavači. Predloženi postupak se sastoji iz testiranja kroz studentski rad, te ugradnje rezultata u nastavne materijale. Da bi se studentski rad uspješno koristio mora zadovoljiti niz zahtjeva: prilagođenost stupnju znanja studenta i raspoloživoj opremi, raspoloživost alata i sustava, jednostavna implementacija i prenosivost, upotreba alata otvorenog koda i slobodnih alata, te minimalna cijena.
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
This presentation provides a briefing on how to upload submissions and documents in Google Classroom. It was prepared as part of an orientation for new Sainik School in-service teacher trainees. As a training officer, my goal is to ensure that you are comfortable and proficient with this essential tool for managing assignments and fostering student engagement.
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
Honest Reviews of Tim Han LMA Course Program.pptxtimhan337
Personal development courses are widely available today, with each one promising life-changing outcomes. Tim Han’s Life Mastery Achievers (LMA) Course has drawn a lot of interest. In addition to offering my frank assessment of Success Insider’s LMA Course, this piece examines the course’s effects via a variety of Tim Han LMA course reviews and Success Insider comments.
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
Concepts and Methodology in Mobile Devices Digital Forensics Education and Training
1. Concepts and Methodology in Mobile Devices
Digital Forensics Education and Training
Damir Delija
INsig2 d.o.o, Zagreb, Croatia
damir.delija@insig2.hr
Abstract - This paper presents various issues in digital
forensics of mobile devices and how to address these issues
in the related education and training process. Mobile
devices forensics is a new, very fast developing field which
lacks standardization, compatibility, tools, methods and
skills. All this drawbacks have impact on the results of
forensic process and also have deep influence in training
and education process. In this paper real life experience in
training is presented, with tools, devices, procedures and
organization with purpose to improve process of mobile
devices forensics and mobile forensic training and
education.
I. INTRODUCTION
Some interesting issues and situation were noticed
trough providing digital forensic services, especially
during training and education. These situations are part of
whole digital forensic process but usually not stressed
enough, it is worth of mentioning and analyzing. Most of
issues are coherent with current state of the mobile
forensics, some are specific. Some of the issues and
problems are already recognized and reported in mobile
forensics field (“Is Mobile Device Forensics Really
Forensics?” NIST discussion) [3], others are specific but
still rooted in same basic issues.
Experience comes from business position as service
provider in digital forensics, what covers full life cycle
from defining solution proposal, development,
implementation, support, consulting, training,
improvements, and upgrades. This is project oriented
lifecycle, training and support is a lion share of it with aim
to improve solution and keep it operational.
Basically all projects in mobile digital forensics means
introduction of new functions into existing system (law
enforcement, business etc) trough providing forensic tools
and methods. In such setup training and consulting is
essential for success. Fromclient viewpoint it is often very
challenging since personnel usually does not have basic
training and skills, also there is usually no infrastructure
for fast internal training and skill distribution. In a few
words this means you actually fail if you provide only
tools and installations without training, since everything
will be shelved because no one will be able to efficiently
use it.
Experience stress education and training as most
important part of mobile forensics projects. Aim is to
improve ability of users to work independently and in
forensically acceptably way with various mobile devices.
This conceptual goal with both firm understanding what
tools and procedures can do and what can’t do is essential
for any acceptable mobile forensic practice.
The profession of digital forensics requires continuous
education, training, and practice based on above
mentioned concepts. It is necessary to define methodology
which can fulfill these requirements in the context of
projects (law enforcement environment, military,
governmental). This methodology should provide training
in basic forensic science, basic computer science and
engineering, understanding of forensic tools and
procedures and understanding and position tools and
methods available projects context.
Mobile forensic is a very dynamic, new field in digital
forensics which is by itself a new field in forensic science.
Situation is up to extreme, as it is presented in recent 2014
paper “Is Mobile Device Forensics Really Forensics?”, [3]
which address some open questions. Fast development
rate and actually a slave position to development in other
fields, puts mobile forensics into very unpleasant situation
where lack of standardization stands among other
problems.
As an excellent overview into tools, skills, knowledge
and procedures required for mobile forensics is
presentation “Cell Phone and GPS Forensic, Tool
Classification System, (2009 Update)” done by Sam
Brothers in 2009 which defines classification of tasks,
tools and skills [5].
II. MOBILE FORENSICS SPECIFICS
It is important to stress mobile forensic is specific
field, it is even hard to find coherent definitions what is
mobile device and what is mob ile device forensic. There
are various definition for mobile devices most of them
defining mobile device as small size device which is
mobile and with network connection [3]. Even if
definition of mobile forensic is more straightforward but it
is sill biased enough because of ambiguous definition of
mobile devices. As early as in definition there are
problems about procedures, tools, methods and
compatibility with rest of digital forensics. Key issues to
be solved are relation with essential principles of digital
forensics. The simplest firm relations is mobile device
forensics is a sub-science of digital forensic science, while
digital forensics is a computer science an engineering
science [3]. In precise terms forensic is the application of
scientific knowledge to legal problems [3]. Still it is
possible to argue this definition based on Vietse Wenema
definition of digital forensic “Gathering and analyzing
2. data in a manner as free fromdistortion or bias as possible
to reconstruct data or what has happened in past of the
system” which is used by SANS Institute [6]. It is crucial
to see that it is scientific and engineering process what is
wide enough concept, in that sense mobile forensic is a
digital forensics applied on the mobile devices.
No one actually can count number of mobile device
and even can not count the number of different models
and types. The only sure thing is constant arrival of new
devices. To complicate things even more it impossible to
get data from mobile service providers about devices used
and connected to their infrastructure, while this data surely
exists and it is not confidential or illegal.
Table T1: Mobile device evidence extraction process –
mobile device forensic process
Preparation Step 1. Device Intake, device is
taken into forensic process
2. Device Isolation from
mobile and WIFI network
3. Device Identification,
type, model, features
4. Device Preparation,
preparation for extraction
and manipulation
Analyses Step 1. Processing extracting data
2. Verification of extraction
and findings
3. Documentation/ Reporting
of findings
Finalization
Step
1. Presentation of findings
and reports
2. Archiving device and
results
3. Tools calibration and
maintenance
One very distinctive mobile forensic trait is how
commercial vendors approach mobile forensics. Roughly
we can separate vendors in specialized mobile forensic
vendors and general purpose digital forensic tool vendors.
Among these groups there are no common tools or
standards from mobile devices viewpoint. What is even
more interesting is separation among vendors based on
how they handle mobile devices. Digital forensic vendors
usually have only support for smartphones and very
limited support for other mobile phones, while mobile
forensic vendors almost completely ignore anything else
than mobile devices. What is also stunning is lack of
compatibility and standards among mobile vendors and
lack of using existing established forensic data formats.
From practical viewpoint of conducting investigations
or just using forensic tools and methods it is important to
recognize real works task and address it properly in
training and education. Basic steps in mobile forensic
process are defined in Table T1, it is same process as any
other digital forensic process, difference are among
stressing preparatory steps and having very specialized
tools almost on data recovery level. Skillets and mobile
forensic analyses levels are related to mobile forensic
process as it is presented in Table T2, skills are hard to
achieve and requires a lot of practical work [5], [2].
By our current experience for former Yugoslavia area,
gathered trough customer support, feedback and trainig, in
most of the situations data available trough logical level
extraction or even manual level of extraction are
sufficient. Only small number of situation about 10%
requires phone memory dump (physical extraction) or
more complex extraction methods. Same situation is with
number of mobile devices included in one investigation
process; mostly only one or two mobile devices are
included, often related to one or two computers forensic
images too. Sources are unoffcial since there are no
formal reports.
Table T2: Mobile forensics analyses types and skills
levels [5].
Skill level Description
1. Manual
Analysis
Introduction
/ beginner
taking picture of
device screenshots,
manually
accessing reading
data
2. Logical
Analysis
Introduction
/ beginner
extracting data
from mobile
devices by logical
synchronization
commands, usually
done be forensic
tool
3. Hex Dump
(Physical
Analysis)
Intermediate extracting bit by bit
copy of mobile
device memory,
done by forensic
tool or specific
usage of non
forensic tools
(flash boxes, jtag)
4. Chip-Off
(Physical
Analysis)
Expert
/advanced
extracting flash
chips from devices
and reading chip
contest, required
dedicated
laboratory
equipment
5. Micro Read
(Physical
Analysis)
Expert
/advanced
extracting chips
and reading logical
gate states by
electronic
microscope
III. MOBILE FORENSICS TRAINING
There are many possible classifications of digital
forensic training process. In theory it can be vendor
specific or vendor independent, academic or
professionally oriented, certified or uncertified, practical
or theoretical. In reality it is always compromise
especially in the case of the mobile forensic. As for any
digital forensic education training devices and tools are
essential, because of variety of possible models and
3. scenarios. With mobile forensics it is essential to provide
realizable method of configuration mobile devices to
prove same set of artifacts and same results during
different training steps. Being unable to provide relevant
training environment with up to date tools and
configurations render training process ineffective and
sometimes contra productive since outdated methods
usually compromise evidence and results.
Experience in mobile forensic training and education
Mobile forensic tools become part of portfolio in 2009,
with now defunct EnCase Neutrino. Since 2009 many
other products have been accepted like Cellebrite UFED,
MicroSystemation XRY, and Oxygen and provided with
full service. With such wide product curriculums vendor
independent mobile forensic services and support is
provided, based on the requirements and current state of
the market. Full mobile forensic training infrastructure
was implemented and added to training curriculum in
2012. Since 2012 each training is evaluated and analyzed
for valuable actionable data.
Table T4: Number of mobile forensic trainings provided
Attendees Type of training
2012 40 vendorspecific
2013 30 vendorspecific and / or
vendorrefresher
2014 30 vendorindependent
To present volume of activity in mobile forensic
training, training events are presented in Table T4. Each
training event is fully documented, analyzed and
evaluated for lesson learned, but not only from attendee’s
viewpoint but also from trainers and logistic viewpoint
too. It is crucial to acquire such data to understand
practices of different vendors and how this practices and
tools fit into current environment. To keep quality and to
understand what should be improved or modified such
data are necessary, also whole process must formalized to
prevent overseeing important factors. Based on this data
and data acquired trough vendor products trainings and
usage process is developed which keep necessary skills
and ability to teach mobile forensics.
The key concept is to understand that training event is
specific and unique since version and tools are fast
changing. To demonstrate we can use data about UFED
family of products. Just since 2012 UFED forensic
portfolio has a substation changes both in hardware and
software, while continuously being upgraded with new
supported mobile devices and analyses capabilities. Table
T2, T0 and T3 shows volume and type of changes which
have to be incorporated into training process to keep it
efficient. Supported phone models grow as hundreds per
year, not only as a new device model, also but with
support for new applications, functionalities in mobile
devices application and operating systems. Very important
chat tool Skype can be used as example. In 2009 Skype
was not supported as analyses feature in automated
analyses on smartphones, while in 2013 it is standard part
of analyses. Since Skype artifacts are extremely important
that new functionality has to be introduced and supported
in training, with examples, drawbacks, practical issues etc.
This is typical for feature and application support in
mobile forensics. To show volume of work required for
only one application, in this case Skype analyses, in 2012
extraction was done trough cooperation with other
forensic tools [4], while in 2013 generic support was
introduced. Again during training both methods were
presented. General method of using other forensic
application to verify artifacts findings is mentioned since
it is example of common practice. Application evolves
and it is always possible to find a new version which is
not supported on the current tool, but is supported by
some other tool like Belkasoft, InternetEvidenceFinder, or
by customdeveloped script [5].
Table T5: UFED models and software from 2012 till
January 2015
Device Software used with device
UFED classic Logical analyzer, physical analyzer,
phone detective,UFED_OSIMage
UFED touch Logical analyzer, physical analyzer,
phone detective,UFED_OSIMage
UFED4PC Logical analyzer, physical analyzer,
phone detective,UFED4pc
It is same for all features and applications on mobile
devices, especially about encryption support, geolocation
information and other new developments. Available
forensic methods have to be presented, while optional
solutions should be provided at least at the conceptual
level, as it is shown in Table T5.
Table: T6: UFED versions and devices since 2009, till
January 2015
UFED
hardware
models
Software
product
revisions
Physical
analyses
supported
devices
Logical
analyses
supported
devices
2009 UFED
classic
unknown 1242 2384
2010 UFED
classic
Unknown 502 1114
2011 UFED
classic
unknown 578 1104
2012 UFED
classic
6 832 617
2013 UFED
touch,
UFED
classic
3 469 754
2014 UFED4pc,
UFED
touch
5 613 855
2015 UFED4pc,
UFED
touch
1 8 2
4. Table T7: UFED attributes supported per mobile device
model. In mobile forensic tools attribute is application,
feature or anything else forensically significant on mobile
device, defintion by vendor documentation
. UFED logical UFED ultimate (physical)
2015 24 110
2013 23 55
Each of the changes presented in tables T5, T6, T7
require a full cycle of preparation and training refreshing
both for trainers and for people who already have attend
training. To illustrate full impact of this changes it is
important to describe how all this elements are used in
UEFD proposed mobile forensic process, as it is done it
Table T8.
Table T8: How UFED tool is used in mobile forensic
process
Step UFED Module
used
Description
Mobile device
identification
(preparation)
Phone Detective phone detective
software is used,
in this step mobile
device is
indentified,
supported
functionalities,
procedure and
cables kit
elements to handle
phone are defined
Mobile device
data acquisition
(analyses)
UFED device UFED device or
UFED4pc
software on pc is
used to extract
data from mobile
device, logical or
physical analyzer
software cane be
used to store data
directly to PC
Mobile device
data analyses
(analyses)
Logical or
Physical
analyzer
software
software is used to
analyze and report
data
Maintenance
and upgrade
(finalization)
All hardware
and software
modules
software and
UFED devices are
upgraded to latest
standard
Since changes are in all steps, each step has to be
included in theoretical and practical part of training, with
appropriate training mobile devices and artifacts on
mobile devices. Maintenance and troubleshooting issues
are key to provide UFED kits operational it also has to be
included. Hrere it is stressed since it is usually overlooked
in trainings.
Other mobile forensic tools are close to UFED since
mobile phone development force forensic vendors to keep
close. With general purpose forensic tools vendors’
situation is different, since tool has limited mobile
forensic capabilities, mostly only smartphone support.
Good illustration for general forensic tool is EnCase from
GuidanceSoftware. With introduction of EnCase version 7
in 2011 former mobile forensic version of EnCase,
Neutrino, was discontinued. Its functionality and later was
added as special smartphone module into main EnCase v7
product. Since 2011 EnCase v7 get 26 versions and
subversions with various upgrades, functionality changes
and bug fixes (table T9). It is same amount of change to
keep with it as for the mobile forensic tools, with same
support, testing and development requirements. It same
for education and training for EnCase.
Table T9: Encase versions changes
EnCase revisions
2011 8
2012 5
2013 6
2014 7
IV. METHODOLY FOR MOBILE FORENSIC TRAINIGN END
EDUCATION
Preparation of training mobile devices and forensic
images requires forensically sound approach, method and
tools which will guarantee that training results will be
reliable and useful. As for specific vendor training
forensic images and artifacts are usually provided by
vendor, same as for training materials. In reality it can
happen as it was for early UFED situation where there
were only forensic images of mobile devices provided by
vendor,but no officially approved training materials.
Preparing training materials, mobile devices and
forensic images is important and complicated task,
basically for each new version or feature images have to
be recreated and reinstalled on mobile devices. This
process is independent from training and unusual it covers
three basic steps and some additional logistics steps
Basic steps
Initialization of mobile devices to known
state: Resetting mobile device to factory
defaults, than installing image from backup
or other source, depends on mobile device
model, operating system etc. After this step
mobile device is ready for next training event
Creating mobile artifacts for each specific
mobile device platform: complex step which
requires using application, tools on mobile
device in real life scenario. For example for
each supported mobile phone real chat
sessions were done, emails send and
received, sms’s going trough town, images
taken, video, connecting to WIFI etc .. Each
action is documented and time stamped so
artifacts can be compared and verified as
5. preparation for training. It is a lengthily task
requiring a lot of time and resources, usually
done by student on his internship work.
Creating mobile device image: when mobile
devices has all necessary artifacts a forensic
image and backup is created as baseline
image from which other mobile devices of
same type will be cloned. Methods of cloning
are different depending on mobile devices
models, varies from backup/restore,
synchronizations methods or using dedicated
cloning tools like Ufed. It is also important
to remember creating relevant forensic clones
of SIM cards to prevent mobile devices
changing installed images. Forensic SIM
clone is SIM copy of user data but without
data required for GSM connection, so mobile
device can not connect to network while
keeps it configuration and artifacts
unchanged. This SIM copy is done with
mobile forensic devices like UFED trough
specialized SIM cloning function.
Additional logistic steps
Acquiring and maintain the necessary fleet
of mobile device: mobile devices are
changing and to keep with this change typical
models and functionalities must be obtained.
By our experience it means to have about 5
devices of same type in training kit. At the
moment it is about 60 mobile devices, 30
smartphones and 30 of other phones models
some of them ageing. From this kit some of
15 are in various states of degradation being
replaced by new models. Also it is
important to keep some broken devices to
show techniques and methods available for
partially functioning devices.
Acquiring and maintaining set of SIM
cards: SIM as for the mobile devices SIM
cards from various mobile service providers
have to be obtained, initialized, used and
cloned to provide realistic usage patterns.
Each SIM has limited life time so it has to be
regularly maintained, subscription renewed
and replaced if necessary. For each event it is
necessary to have a set of SIMs in specific
condition, locked or damaged to provide
realistic training scenarios.
Maintaining forensic equipment: forensic
kits for mobile forensics have different
elements, but it should be maintained and
kept in order as any other tool, basically it is
keeping with vendor updates and changes
Maintaining versions of forensic images
and backups: each mobile device forensic
image, backup or configuration has to
uniquely named, documented, listed and
stored.Without this administrative practices
After each training event forensic image of
each used mobile device can be crated and
compared with baseline image. Forensic
image should be created with available
forensic tools and procedures. This is not
mandatory step but it helps to keep track on
changes and possible bugs of malfunctions in
forensic software or equipment. Also it
presents the patterns how trainees work with
mobile devices and efficiency of training,
since any change in mobile device
configuration or content out of planned
actions shows failure in training procedures.
Up to no such failures were detected in
forensic images.
As for the no-vendor specific trainings and education
it is almost the same situation but with specifics issues.
This type of training and education covers general issues
about mobile devices but also presents specific tools and
tasks to solve it with ecah tool, leaving tools for vendor
trainings. In such typical training curriculums we have list
of topics with expected interval for renewal and change, it
is listed in Table T10.
Table T10: Topics in mobile training curriculum and its
lifecycle influences
Training
topic
How often
has to be
updated
Specific forensic image
required
or specific device
Introduction to
mobile devices,
technologies
Yearly No
Introduction to
mobile networks
Yearly No
SIM Cards and
key serial
numbers
Yearly SIM cards and forensic
images
Common
challenges with
Devices
For each
version or
event
No
Forensics of the
mobile devices
For each
version or
event
example of locally used
devices
Seizure of Mobile
Devices
Yearly example of locally used
devices
Types of
extractions with
mobile devices
and comparison
to regular
computer
extractions
For each
version or
event
example of locally used
devices
Tools for mobile
forensics –
Analysis,
Searching,
Reporting
For each
version or
event
New devices and tools
with updated kits,
connection cables, flash
boxes etc
Introduction to
Smartphones and
other “Smart”
yearly example of locally used
devices
6. devices
Introduction to
mobile devices
operating systems
For each
version or
event,
forensic
images have
to updated
example of locally used
devices and forensic
images of devices,
forensic images have to
updated, same for the
mobile devices
Key features
challenges with
“Smart” devices
in forensic sense
yearly example of locally used
devices
recovering
deleted data from
a wide range of
mobile devices,
including locked
devices
For each
version or
event
example of locally used
devices and forensic
images of devices,
forensic images have to
updated, same for the
mobile devices
understand how
forensic software
extracts and
decodes data
For each
version or
event
, forensic images of
devices, forensic images
have to updated
understand how
you can approach
a forensic
problem, defining
a forensic strategy
which may use a
combination of
tools and
techniques to
obtain evidence
from a mobile
device
For each
version or
event
example of locally used
mobile devices, forensic
tools
Understand the
different
challenges in the
field of mobile
device forensics
compared to those
in traditional
computer
forensics
For each
version or
event
example of locally used
devices and forensic
images of devices,
forensic tools, forensic
images have to updated,
same for the mobile
devices
Understand the
different
acquisition
methods available
when examining
mobile devices
For each
version or
event
example of locally used
devices and forensic
images of devices,
forensic tools, forensic
images have to updated,
same for the mobile
devices
Understand how
and when to use
the different
approaches
For each
version or
event
example of locally used
devices and forensic
images of devices,
forensic tools, forensic
images have to updated,
same for the mobile
devices
Awareness of the
limitations of
each method
forensic method
For each
version or
event
example of locally used
devices and forensic
images of devices,
forensic tools, forensic
images have to updated,
same for the mobile
devices
Know how to For each example of locally used
approach defining
an acquisition
strategy for a new
device
version or
event
devices and forensic
images of devices,
forensic tools, forensic
images have to updated,
same for the mobile
devices
Each of this changes require a full cycle of preparation
and training refreshing both for trainers and for people
who already have attend training. Since each topic has
very fast update rate, special type of training refreshers are
needed. To keep with this lifecycle and requirements
efficient organization and logistic process should be
established, with well defined procedures for each step in
training process.
V. LESSON LEARNED
For organizations sending personnel to training and
education it is important to stress it is actually skill set and
internal organization what have to be acquired,
implemented and maintained. This should be done by
establishing internal organizational structure, career path
and trough continuous education and training for
organization members [1]. It is often that internal
organizational structure is missing while need for specific
skills are recognized, what is very common scenario in
law enforcement and defense organization or any other
organization which has strict legally defined structure.
Methods and practical solutions how to cope with such
problems are presented in “Digital Forensic Triage” [1].
Since formally defining such organizational structure is
not part of training and education it is important to deliver
messages about importance of it, because without it skills
and knowledge is lost nullifying the training results.
Based on the our gathered experience it can be said
that mobile education and training is key part in keeping
forensic ability especially in law enforcement or military
organizations. In such organization there is a dichotomy
among needs and ability to implement organizational
structure which keep skills and expertise, this dichotomy
should be constantly addressed and remedied with various
formal and informal methods of training and education.
Such methods as conferences, workshop, and refreshers
etc while are not efficient as full set training provide at
least minimal necessary updates forskills and knowledge.
As for the personnel receiving training it is important
to stress necessity of continuous working and keeping
with current development, what again leads back to
internal organizational structure in the organization from
where trainee comes. Again without such organization
person will probably get only one minimal introduction
training, there will be no upgrades and no career path.
Skills and forensic capabilities will be soon lost.
In some organization informal internal keeping-up
events can be organized, but this is sometimes double
edge situation which often keeps for short period of time
and fails later. Other key element for such organizations is
implementing internal communication network among
personnel to keep skills and knowledge active. There are
many possible models; the right model depends on the
structure of organization and legal requirements, since it is
not the same for the law enforcement, military or business.
What it is often good model is kind of helpdesk or internal
7. forum type of organization what works well in the most of
situations. There we have experts helping others and
keeping knowledge and skills alive with very simple
informational infrastructure for support.
As mobile devices and forensic tools keep extremely
fast change rate same should be for training and
education, where aim should be dual to improve expert
level of knowledge and skills for a usually small expert
users and to keep growing number of user able to
efficiently apply mobile forensics
VI. CONCLUSIONS
As general conclusion we can say training process
should be tailored for the needs of the organization and
attendees. To cope with this conclusion very efficient but
resource consuming process should be implemented
where trainings are kept up to date with various inputs:
vendor development, user requirements, current best
practice and client abilities (mostly budget restrains). This
process is resource expensive for all party involved since
it mandates real time following fast changing inputs and
compiling it into materials and technologies available for
current situation. As example what is proposed by vendor
or it is best practice in another country is not applicable in
local context because of various technical or even legal
reasons.
The conclusion for trainig process is that each training
session should be tailored for the needs of the organization
and attendees. To cope with this conclusion very efficient
but resource consuming process should be implemented
where trainings are kept updated with various inputs:
vendor’s development, user requirements, current best
practice and client abilities, mostly budget restrains. This
process is resource expensive for all party involved since
it mandates following fast changing inputs and compiling
it into materials and technologies available for current
situation..
.
LITERATURE
[1] Stephen Pearson;Richard Watson: “Digital Triage Forensics”,
Syngress ,July 13, 2010, ISBN-13: 978-1-59749-596-7
[2] Sam Brothers: “iPhone Tool Classification”
http://www.appleexaminer.com/iPhoneiPad/ToolClassification/To
olClassification.html,
[3] Gary C. Kessler:“Is Mobile Device Forensics Really
"Forensics"?”, NIST Mobile Forensics Workshop, Gaithersburg,
MD, June 2014
[4] Paul Henry: „Quick Look - Cellebrite UFED Using Extract Phone
Data & File System Dump“,SANSForensic Blog2010
[5] Sam Brothers :„Cell Phone and GPS Forensic, Tool Classification
System (2009 Update)“, State of the Market Place as of: May
2009”
[6] Windows Forensic http://www.sans.org/