Saturday, February 12, 2011

There Is No Alternative

This past week I learned that a research group has reported that smart phones are outselling personal computers. It’s further confirmation to me that we’ve moved out of the era of computer forensics and into era of digital forensics. Computer forensics, of course, will continue to play an important part of what we do as a community, but the mobile device era is firmly and undeniably in place. Every now and again I still see examiners comment on some of the digital forensics list servs how they hate working on phones. I have to restrain myself from asking how they feel about obsolescence. 

We’re at the point where being able to perform mobile device forensics is increasingly becoming a mandatory skill for a digital forensics examiner. While I’m not amazed at how ubiquitous these devices have become, I will admit to a certain level of awe when I see just how powerful these devices are and what they are capable of doing. We haven’t been in the smartphone era for all that long and we’re already seeing mobile devices such as the forthcoming Droid Bionic that will have relatively powerful multi-core processors.

With great power comes great vulnerability. Gone are the days when you could use a mobile device without worrying about malicious actors working to compromise your phone and your data. There are already numerous vendors who are offering anti-virus protection for mobile devices. There are hundreds of thousands of applications available for mobile devices and even applications created by reputable vendors can expose users to risk. For example, viaForensics recently released the results of their research that showed vulnerabilities in the applications of many high profile companies including financial firms.

Mobile devices are going to be an issue for examiners regardless of their role or industry. For traditional digital forensics investigations and eDiscovery, devices like smart phones are a treasure trove of information such as text messages, email, geolocation data,  address books, pictures, and movies.  I recently attended a webinar that illustrated the convergence of mobile device forensics and analytical software. This presentation illustrated how an examiner could use a mobile device forensics tool such as Cellebrite to harvest information from a smart phone and then feed it into a visual analytical tool made by i2 to to assist an investigator in establishing links between people.

The incident response and penetration testing world will need to rapidly adjust to the mobile device era given how the criminal element will be increasingly targeting these devices. There have been numerous stories in the press talking about the convergence of mobile devices and electronic crime. I even read a recent article that reported that smart phones could eventually work as credit cards. It’s clear to me that mobile devices are going to be a key element of financial crime in the future. People are increasingly using mobile devices for routine banking. If it hasn’t happened already, it’s only a matter of time before we see Zeus style malware infecting mobile devices for the purpose of harvesting banking credentials. These credentials can then be used to transfer money out of a victim’s account to be laundered through money mules before the victim realizes what has occurred. Brian Krebs has done some excellent reporting in the area of not only electronic crime, but money mules in particular.

Forensic 4cast Awards

Lee Whitfield announced this week that the nominations are open for the 2011 Forensic 4cast awards. You can submit your nominations at the Forensic 4cast website.  If you think about it, you should send Lee a nice note (or donation) thanking him for doing this for the community.  He puts in a tremendous amount of effort into this at his own expense. 

Book Reviews

I’ve been making more of an effort to write up reviews for some of the books that I’ve been reading. You can find my reviews at my Amazon profile here. I haven’t been posting my reviews to the blog because I’m normally backed up on content (a nice problem to have) and it’s easy enough for you to read what I post on the Amazon site.

AFoD Interviews

The interviews have received a great response and I think you all for the positive feedback both public and private. I have two more that I’m working on as I write this and I hope to have them up relatively soon. If you are interested in seeing a particular person interviewed, please feel free to let me know.

Cyber Crime 101 Podcast

Joe Garcia had me on the Cyber Crime 101 podcast this past week. We talked about life after law enforcement for digital forensics examiners. We also talked a bit about the issue of law enforcement only tools. I’m a fan of Joe’s podcasts because I always seem to learn something new when I listen to them. For example, this podcast taught me that Virustotal now has browser addons for Firefox and Chrome.