Mobile Incident Response and Investigations
Overview of Mobile Technology, Including Network Operations and Mobile Technologies
Comprehensive Operation of a Cellular Network
A cellular network is one in which the last connection is wireless. This network is structured to cover land areas referred to as cells served by more than one handset – a base station or phone site (Tanenbaum & Wetherall, 2010). The base station facilitates network coverage, which enables data, voice, and various content transmissions. To guarantee service quality and avoid interference, cells are designed to utilize a set of disparate frequencies from bordering cells. Joining such cells together leads to radio coverage over a more significant location.
Consequently, mobile devices such as laptops, tablets, and phones that have an interface for a network connection, such as a mobile broadband modem, can seamlessly communicate with transceivers, each other, and telephones found in the network through the base station, even when a given transceiver is traversing multiple cells during the data or voice transmission process (Tanenbaum & Wetherall, 2010). Moreover, portable devices and cell phones can associate with the open internet and the public switched phone system. Solitary cells are typically used for huge associations or research purposes.
Mobile device communication with cell sites
Base stations and mobile phones utilize low-control transmitters that are capable of being reused in non-adjoining cells. A single cell located in a simple network typically uses one of seven of the voice channel’s infrastructure (Tanenbaum & Wetherall, 2010). Using 1/7 of the channels enables access to one set of frequencies without any interference. Notably, an increase in quality accessible channels can be attained through advanced transmission techniques. Each cellular, therefore, requires a predetermined sufficient quantity of phone sites. Transmission costs are typically low per client because several people use a variety of phone types. By default, in each city, transporters for various content have a Mobile Telephone Switching Office – MTSO (Tanenbaum & Wetherall, 2010). The office facilitates control of local base stations and the handling of land-based telephone infrastructure.
Cellular to Cellular communication
A control channel is a significant resource that enables telephones and base stations to communicate with each other concerning important network aspects such as a station evolving. Whenever a telephone attempts to contact a control station but cannot reach or discover it, it is designed to acknowledge that it is out the range and should generate a message – no administration (Tanenbaum & Wetherall, 2010). In turn, the mobile phone transmits the acknowledgment, and the local voice office, MTSO, queries the phone’s cell location from the network database. This helps the MTSO discover your cell location, which is significant if your phone is to be contacted when a call rings. The MTSO looks up the cell and attempts to discover the mobile device. After that, the MTSO selects a frequency similar to the one the phone is connected to and utilizes it to route the call – a phone communicates with the MTSO through the control station to identify specific frequencies that ought to be used. The call is completed upon identification of frequencies that the tower switch and phone are using. Two phone sites for the devices mentioned above typically communicate to synchronize themselves with the MTSO and enable the control station to communicate with a mobile phone, instructing it what frequency to change to (Tanenbaum & Wetherall, 2010). The process guarantees the change of the phone’s cell to a new one.
Mobile switching center communication with mobile phones
The primary infrastructure facilitating content exchange in the network subsystem is referred to as a mobile switching centre – MSC. It gives network directing and discharge capability (Tanenbaum & Wetherall, 2010). An MSC does a wide range of functionalities, including but not limited to directing fax, phone calls, and SMS messages. Given that base stations interface with mobile phones, a landline phone is linked to the MSC. The MSC looks up nearby cells or base station controllers.
Additionally, an MSC issues an acknowledgment to the infrastructure mentioned above to synchronize frequencies to suitable base station controllers. If a mobile device moves from one location to another, an MSC is tasked with determining what network location is suitable for redirecting and exchanging content (Tanenbaum & Wetherall, 2010). The MSC infrastructure is globally known for proper functioning with Home Area Enlist databases. HAE stores mobile phone and area data.
Base Switching subsystem communication with mobile phones
The base switching subsystem is one of the most significant customs cell phone connections, which facilitates oversight of the subsystem and a cell phone’s motions and activities. It also does radio system tasks such as the assignment of cell phone radio channels, discourse channel transcoding, and transmission over the air (Tanenbaum & Wetherall, 2010). A typical base handset station is infrastructure for interchange signal unscrambling, acquisition of radio signal, and transmission gears. The base station controller manages a base handset station via a base station control work, enabling the support and operation of a system’s administration framework.
Form factors of smart devices and other wireless technologies
Smart devices are electronic equipment capable of associating with other gadgets and systems using remote connections such as Wi-Fi and Bluetooth. Smart devices include smartwatches, tablets, and mobile phones. The phrase smart device is also associated with computerized reasoning in information technology.
Bluetooth (IEEE 802.15.1)
As mentioned above, the network type facilitates the connection of devices over a short distance, usually ten or fewer meters. They work in a master-slave version. One device issues a connection request; then, the slave accepts the network connection by pairing (Tanenbaum & Wetherall, 2010). The network is commonly used on devices associated with a client’s gadgets. A good example is the incorporation of Bluetooth into wireless speakers to play music from someone’s phone. Moreover, Bluetooth’s low energy is known to utilize less energy than Bluetooth.
Wi-Fi (IEEE 802.11)
Wi-Fi, similar to cellular networks, uses radio waves to facilitate device communication via a network interface card. This network enables connecting the internet to tablets, phones, and computers, among other digital devices (Tanenbaum & Wetherall, 2010). There are various types of Wi-Fi networks, as stipulated by IEEE 802.11 policies.
Zigbee (IEEE 802.15.4)
This network was designed based on open global standards to meet low-power and cost IoT network needs. It is a network implemented on 868, 900MHz, and 2.4 GHz bands (Drake, 2016). The network allows device communication in several network topologies and usually has batteries that last years.
Description of trends in mobile technology, including handset transmission types and embedded device forensics, as well as operating systems, applications, and challenges and threats to forensic investigations
Trends in Mobile technology
In the information technology scope, mobile technology has experienced significant changes in the past two decades, from the advent of 1G technology to upgrades such as 2G, 3G, 4G, and 5G, widely used among developed countries (Eluwole et al., 2018). The transmission has seen changes in aspects such as frequency, speed, and framework upon which the service is built. Among the most prominent mobile phones in the 70s was Motorola. Commonly associated with this phone was the 1G technology, primarily intended for making voice-phone calls. 2G technology widened the shared content scope, whereas 3G inspired video content sharing at a faster transmission rate (Eluwole et al., 2018). 4G raised the quality of service during transmission and is globally adopted on most smart mobile phones. It further lessens asset costs, whereas 5G is built based on implementing a remote world wide web (Eluwole et al., 2018). 6G technology will incorporate satellite systems for global network coverage, whereas 7G proposes to facilitate space communications.
With more people venturing into artificial intelligence, mobile devices have been equipped with machine learning algorithms making work easier for users. For instance, auto-adjustment of mobile device screen brightness and filtering camera images for more clarity in images and videos were taken. Mobile device browsers can suggest search keywords and websites courtesy of machine learning programs communicating between Google servers and the phone over the internet.
Handset Transmission Types
Time Division Multiple Access – TDMA: utilizes strategies laid out by the telecommunications industry association for interim standard, electronics Industry alliance, and interim standard 136 (Tanenbaum & Wetherall, 2010). TDMA is six point seven milliseconds long and is 30 kHz wide. Its narrow band implies that the channels are customed, making TDMA a three-fold capacity of the simple network (Tanenbaum & Wetherall, 2010). Additionally, TDMA networks function well in the 800 MHz frequency.
Frequency Division Multiple Access: It uniformly divides bandwidth. Using an example of a radio station, a given station is allowed to send a frequency flag in a given accessible band. Therefore, FDMA was designed for transmitting analog content, although it is capable of transmitting digital content (Tanenbaum & Wetherall, 2010). Notably, it is not efficient for advanced transmission procedures.
Code Division Multiple Access: CDMA functions by the division of a signal over a wide band. Channels are often identified by digital code. Therefore, CDMA is implemented to enhance better bandwidth efficiency leaving more potential for channel quantity (Tanenbaum & Wetherall, 2010). This is a 2nd generation standard that is incompatible with the global system for mobile communication and TDMA.
Mobile Operating Systems
The most common operating systems we freely interact with in modern-day society include iOS, Windows, Linux, and Android. Mobile operating systems are platforms on which various mobile applications run. Mobile OSs are built to run on tablet PCs, PDAs, and mobile phones (Novac et al., 2017). The following are comprehensive descriptions of mobile operating systems.
Android OS
This refers to an open-source operating system by Google. It facilitates the running of critical mobile phones by implementing proper frameworks as governed by Google Inc. The frameworks are named to adopt new version names in the mobile operating system scope (Novac et al., 2017).
Blackberry Mobile OS
This operating system was designed and implemented by Research in Motion to run on mobile Blackberry devices (Novac et al., 2017). It is significant to note that the OS facilitates management of Novell Group-wise email, Lotus Domino, and Microsoft Exchange, and various programming with Blackberry’s enterprise computing infrastructure.
iOS
Novac et al. (2017) assert that Apple designed and implemented an operating system that was meant to run specifically on Apple devices such as the iPhone, iPod, and iPad.
Windows
Like Apple, Windows has a custom operating system designed to work on Windows phones (Novac et al., 2017). An example is the Operating System that runs on Nokia Lumia devices.
Challenges with Mobile Technology
Mobile device vendors keep upgrading the Operating systems of phones to patch security bugs and improve the user experience while using devices. Forensic investigators often have challenges creating inventories for evidence presentation, as one cannot precisely tell the kind of operating system being run on a device by analyzing hardware specifications and respective device manufacturers (Ayers et al., 2014). Moreover, consistent mobile device updates imply that forensic tools for recovering evidence will often lag behind mobile device software versions.
The primary challenge with most mobile device technologies is the capability to expand capacity. In the recent past, most 3G users raised concerns over postponed information downloads (Dumka et al., 2019). Conventional mobile systems have not been built for severe device administration, whereas information technology managers worldwide demand better mobile system proficiency. Therefore, mobile device designers are under pressure to re-evaluate their system design and implement mobile gadget frameworks with cutting-edge information management administration.
Mobile Device Threats
Furthermore, mobile data security is threatened by the ever-growing number of non-ethical hackers (Dumka et al., 2019). User data from hacked accounts can be sold on the dark web leading to losses and intrusion of privacy.
Embedded device forensics
As mentioned above, the process entails using computing technology to investigate a crime and recover incriminating data from a mobile phone. Despite their small size, most mobile phones store lots of network and memory data. This is due to advancements in the design of semiconductors, which enable phones to be efficient digital information carriers. A few conditions may deem a mobile phone to be investigated. Such include using a phone to exchange data one is not authorized to access online, transmitting, and storage of corporate data (Kent et al., 2006). One of the primary contributors to digital forensics, the Scientific Working Group on Digital Evidence, asserts that digital evidence is restricted and is not only found on personal computers but can be stored on computerized devices such as bootable thumbs and hard drives.
Furthermore, the scope of forensic investigation explores crimes such as hacking, which could potentially imply someone accessed computerized data illegally. To obtain admissible evidence in court, proper documentation and investigation procedures must be adhered to (Kent et al., 2006). More detailed requirements are highlighted in the subsequent sections.
Laws, regulations, and considerations for the forensic handling of mobile devices
Investigators must have proper court warrant documents, chain of custody forms, hard drive evidence sheets, and appropriate data recovery tools to retrieve deleted data from mobile phones (Ayers et al., 2014). Advanced mobile devices are used to detect digital data and any forensic evidence on confiscated mobile phones. The forensic device typically attempts to connect to the mobile phone suspected to contain evidence where the forensic device locates essential data from the phone’s internal storage section. GPS location histories can be retrieved to help determine the suspected individual’s movements at the crime scene (Kent et al., 2006). During the investigation process, law enforcement uses a search warrant issued by a court of law to confiscate devices suspected to have been used in a crime (Kent et al., 2006). With an appropriate chain of custody form, the investigation team can request evidence to create the investigation inventory and retrieve data.
The forensic investigation and techniques
The phone’s multimedia and short text data, photos, calendar, contact, hidden executable applications, and documents are a significant place to start retrieval. With the advent of shared drives such as google drive, a significant percentage of smartphones store extra data on their email and shared drive (Arnes, 2017). Web browser information can also reveal information about the user’s location, videos, download files, and other essential data. Security footage from CCTVs and phone GPS data could tell a lot about a suspect’s location on the day a crime happened (Arnes, 2017). Gathered evidence on time and location can be compared to charges.
Mobile forensic equipment
Some pieces of forensic software are designed to make mobile digital forensic investigations easier. Some of the standard open-source tools include Forensic Investigator, NMAP, Network Miner, Wireshark, Encrypted Disk Detector, and Autopsy (“The Best Open Source Digital Forensic Tools,” 2018). These tools go beyond merely analyzing what information a server may have accessed. An investigator can do mobile forensics, image exploration, hard and thumb drive analysis, and memory analysis (Arnes, 2017). Of all the tools mentioned above, Autopsy has always had a more professional touch, in my view, given its wide acceptance by corporate examiners, military, and law enforcement agencies. Arnes (2017) states that Autopsy software analyses computerized gadgets to locate indications of compromise, extract picture and video metadata, use the PhotoRec module to retrieve deleted files and other documents from unallocated space, generate a history of mobile phone browsers such as Internet Explorer, Chrome and Firefox, search and find files using predetermined keywords, highlight and report corrupt files using hash filtering, and advanced timeline analysis.
Encrypted disk detector facilitates the quick, non-intrusive assessment of encrypted computer volumes. Depending on whether volumes are encrypted or not, an investigator can then make a further assessment and store a copy of the evidence (“The Best Open Source Digital Forensic Tools,” 2018). The software looks for Bitlocker, SafeBoot, VeraCrypt, PGP, and TrueCrypt encryption on computerized gadgets.
Wireshark is an open-source tool recognized across the globe for its capability to perform network protocol analysis. Educational institutions, government agencies, and corporate bodies utilize Wireshark to view network activities microscopically (Arnes, 2017). Many organizations prefer it because it supports decryption for various network connection protocols, reads frame relay, USB, Bluetooth, ATM, and ethernet data, writes or reads multiple file formats such as Microsoft Network Monitor, Cisco iplog, and tcpdump, performs analysis of VoIP, runs on macOS, Linux and Windows and capable of handling many protocol inspections.
Law enforcement agencies widely use Network Miner on macOS, Linux, and Windows platforms to facilitate network forensic analysis. It works by passively sniffing networks to determine open ports, hostnames, sessions, and operating systems (“The Best Open Source Digital Forensic Tools,” 2018). Network Traffic Analysis is much easier to perform by providing extracted information on a simple and understandable graphical user interface.
NMAP is also an open-source security audit and network discovery tool. It facilitates monitoring service or host uptime, service upgrade tasks, and network inventory (“The Best Open Source Digital Forensic Tools,” 2018). The software is designed to identify hosts on a network using raw internet protocol packets and the service that a given app is offering on an identified network host. This is essential to determine the application, service, and hostname used to commit a mobile crime. NMAP scans for firewalls in use, packet filters, and Operating Systems being used.
Forensic Investigator is an application by TekDefense that provides a couple of tools that facilitate HEX, XOR, and Base64 conversion, Metascan, and VirusTotal Lookup tools (“The Best Open Source Digital Forensic Tools,” 2018). It executes host lookup, decoding or encoding digital content, and file, domain, and IP address searches.
Therefore, the scope of mobile forensics envelops search and seizure of evidence, investigation of storage media associated with computerized equipment, validate sources of evidence and generate answers to a legal examination of criminal court charges on someone suspected of using mobile technologies to commit a crime.
Analysis and presentation of forensic information including file system analysis, techniques for working through security measures, third-party applications, and other forms of mobile data analysis
According to Kent et al. (2006), digital data is highly volatile and subject to change; mobile forensic investigations should often use a copy of the original data to maintain information integrity before and after the investigation. One of the critical ways to retrieve evidence is the ability to recover erased files and documents. The design of mobile phones has always ensured that when one deletes a photo, it is not permanently removed from a storage media. Still, the structure of the media changes so that the file can no longer be viewed directly (Arnes, 2017). Software such as Autopsy can retrieve such data. Additionally, crime scene investigations use personal computer frameworks to retrieve evidence of information robbery (Arnes, 2017). Conventional investigation tools are designed to investigate pictures, emails, passwords, incriminating keyword searches, device registry searches, and manual audits of a suspect’s information.
File system analysis
A significant proportion of evidence on mobile devices is often located in a gadget’s storage framework. Autopsy provides a manual for running file analysis processes courtesy of Brian Carrier (Arnes, 2017). The software has a comprehensive checklist and reference for investigators that intend to do an in-depth document and file forensic investigation on a mobile phone. Autopsy gives critical data required to recover deleted pieces of information and display the data structure.
Third-party applications
These refer to software that stores unique data on mobile devices, which people generally overlook on their devices. Investigators are mandated with the knowledge of how to recover distinct indexed data and use it to prove that a crime was committed. Popular applications are often investigated, regardless of newer ones being developed as time goes by. Investigators need to study such third-party applications despite constant updates of mobile operating systems for essential data that is admissible in court (Ryu et al., 2018). Over time, it has been realized that examiners must manually audit mobile devices to extract third-party-related information.
Deleted data recovery
Data carving is perhaps one of the most significant bits of retrieving deleted data on mobile phones. It refers to a process where information is extracted from raw data. If information is identified and recovered based on file format analysis, then the process is referred to as file carving (Povar & Badhran, 2010). Both techniques are essential to the recovery of deleted or hidden files from computerized media. Information is often hidden in places such as unallocated spaces. Data carving is usable if the information to be recovered has a file header – a typical file signature – which usually implies the beginning of a document or file. An examiner executes a query until they locate the file’s end – footer. Information located between the footer and header is, therefore, retrieved and analyzed to show the validity of the document (Povar & Badhran, 2010). Data carving procedures depend on the format of a given file.
Case Report Presentation
Explaining recovered data and the procedures used by a non-technical audience is often quite complex. In this case, there is a need to create all possible ways of showing the jury evidence in a way that makes much sense to them and proves that a crime was committed (Ayers et al., 2014). What are some of the simplest methods that could be used? Discussing the transcripts of the entire investigation, playing audio recordings and video, displaying photos, and other visual guides explain the evidence in a court of law (Ayers et al., 2014). In most cases, it is significant that the jury views a crime scene.
Video evidence
Many a time, witnesses have valid reasons not to show up in a court of law physically. They may require that the Investigator does a video interview during the court proceedings. Additionally, pre-recorded video footage can be submitted to the court as part of testimony (Ayers et al., 2014). Such a strategy enhances the anonymity of the witness and saves funds, especially when witnesses have to cover long distances to appear in court.
Crime Scene walk-through
It would make a lot of sense when explaining the crime scene to a jury only if they have been to the physical location. The jury can be taken through the crime scene to recreate how the crime was committed (Kent et al., 2006). The entire process facilitates a clear understanding of the crime, boosts the jury’s thinking, and weighs the charges accordingly.
Witness
There comes a time when a court calls upon a specialist witness to enlighten the court on the forensic investigation findings. Kent et al. (2006) suggest that if some of the evidence presented to a court were hard to understand, it would be reasonable to bring in an expert that can explain it in simple terms enough for the jury to have clarity of the mobile forensic report findings.
A personal perspective on the greatest biggest threat and most significant opportunity/most promising technology in mobile forensics, based on in-class and outside readings, as well as personal/professional experience
Security intrusion is, by far, one of the most significant threat posed by cybercriminals using mobile technology. The basic principles of security revolve around the concept of confidentiality, integrity, and availability. In the wake of COVID-19, unethical hackers have deployed malicious apps to monitor risk areas and give updates on statistics. When non-technical users install such apps, they do not bother to check what permissions should be allowed (Elahi et al., 2017). A significant majority of users allow all permissions. Notably, some malicious applications come in the form of adverts or gift links to unofficial sites of other existing software. Once a user installs the mobile app, hackers monitor a massive proportion of their data remotely. Financial credentials could be stolen and sold online on the dark web.
Furthermore, if someone’s patient data is stored on their phone, it could be stolen and used to purchase medical supplies for another ghost patient. Since the permissions allow mobile devices to access phone calls, contacts, cameras, texts, and email messages, hackers have a wide range of options to steal vital data (Abro, 2018). In some cases, the installed apps have triggered background ransomware. Unless a user pays an amount demanded by the ransomware, your phone and files remain corrupted, or they could be deleted permanently via a remote connection (Abro, 2018). Advancements in spyware have recently shown that hackers can easily install spyware on a victim’s phone without their knowledge and consent.
Simple technological measures guarantee the security of a user’s data. First, as proposed by the majority of anti-virus vendors, it is essential to install applications from verified platforms such as Google Play Store. Most of the applications uploaded to the Google Play Store are authentic software tested by their developers to ensure compliance with security and privacy regulations (Barrera & Van Oorschot, 2010). Furthermore, it is mandatory that when installing applications, check for what permissions to allow. Abro (2018) states that if an application requests to access confidential data, ensure it is from an authentic vendor and use cutting-edge verification such as one-time -passwords or two-way authentication to allow login.
Given that most malicious apps come as adverts through free or unprotected Wi-Fi, mobile phone users should limit themselves from using free public Wi-Fi. Companies with open networks must implement security policies that enhance user data’s confidentiality, integrity, and availability by installing firewalls (Bourgeois & Bourgeois, 2014). A user’s password should be at least eight characters long, contain alphanumeric, and have a short expiry period that allows the reset of a new and different password from previous ones. Moreover, users should limit Wi-Fi networks if they intend to access private and confidential data such as bank information.
Overall, a majority of security threats posed by cybercriminals can be avoided by mobile phone users provided they adhere to the latest company security policies and carefully choose what permissions to allow an application to have (Bourgeois & Bourgeois, 2014). As discussed above, the steps are a comprehensive overview of measures one can take to avoid being a victim of data leakage.
References
Abro, F. I. (2018). Investigating Android permissions and intents for malware detection (Doctoral dissertation, City, University of London).
Årnes, A. (Ed.). (2017). Digital forensics. John Wiley & Sons.
Ayers, R., Brothers, S., & Jansen, W. (2014). Guidelines on mobile device forensics: NIST Special Publication 800-101, Revision 1. National Institute of Standards and Technology. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-101r1.pdf
Barrera, D., & Van Oorschot, P. (2010). Secure software installation on smartphones. IEEE Security & Privacy, 9(3), 42-48.
Bourgeois, D., & Bourgeois, D. T. (2014). Information systems security. Information Systems for Business and Beyond.
Drake, J. D. (2016). U.S. Patent No. 9,485,805. Washington, DC: U.S. Patent and Trademark Office.
Dumka, A., Memoria, M., & Ashok, A. (2019). Security and Challenges in Mobile Cloud Computing. Security Designs for the Cloud, IoT, and Social Networking, 43-57.
Elahi, H., Wang, G., & Li, X. (2017, December). Smartphone bloatware: an overlooked privacy problem. International Conference on Security, Privacy, and Anonymity in Computation, Communication, and Storage (pp. 169-185). Springer, Cham.
Eluwole, O. T., Udoh, N., Ojo, M., Okoro, C., & Akinyoade, A. J. (2018). From 1G to 5G, what next? IAENG International Journal of Computer Science, 45(3).
Novac, O. C., Novac, M., Gordan, C., Berczes, T., & Bujdosó, G. (2017, June). Comparative study of Google Android, Apple iOS, and Microsoft Windows Phone mobile operating systems. In 2017 14th International Conference on Engineering of Modern Electric Systems (EMES) (pp. 154-159). IEEE.
Ryu, J. H., Kim, N. Y., Kwon, B. W., Suk, S. K., Park, J. H., & Park, J. H. (2018). Analysis of a Third-Party Application for Mobile Forensic Investigation. JIPS, 14(3), 680-693.
S Tanenbaum, A., & J Wetherall, D. (2010). Computer Networks.
The Best Open Source Digital Forensic Tools. (2018). Retrieved 14 August 2020, from https://h11dfs.com/the-best-open-source-digital-forensic-tools/
Povar, D., & Bhadran, V. K. (2010, October). Forensic data carving. International Conference on Digital Forensics and Cyber Crime (pp. 137-148). Springer, Berlin, Heidelberg.
Kent, K., Chevalier, S., Grance, T., Dang, H., (2006). A Guide to Integrating Forensic Techniques into Incident Response, Recommendations of the National Institute of Standards and Technology.
ORDER A PLAGIARISM-FREE PAPER HERE
We’ll write everything from scratch
Question 
Project 3 instructions
Project 3: Mobile Incident Response and Investigations
Mobile Incident Response and Investigations
The mobile platform is experiencing explosive growth, and with that growth comes cyber-incident analysis and response challenges. There are several thousand types of mobile devices, with many types of interfaces, operating systems, and connectivity options. This type of environment has many implications for an incident responder. The number of devices makes it impossible to be well-versed in each one, complicating analyses. The sheer number of devices also creates a massive expense simply trying to stay abreast of the major players in the market. Complicating this further is that mobile devices can be the target of a security incident, but mobile devices can also prove to be a means to coordinate, support, or execute an attack. The nature of mobile devices presents other challenges as well, including the ability to remotely access devices and the ability to remotely wipe out evidence, an evidence destruction process that can occur rapidly in a flash memory environment.
Mobile forensics is an increasingly complex environment for investigators because of the rapid rate of innovation and adoption of new technologies, applications, and hardware. Smartphones are being used in so many ways that they have become a central focus in digital forensic investigations. The mobile platform is a forensic challenge because of the number of third-party applications found on many devices and the rapidly evolving security measures employed by device manufacturers and application developers.
In this project, you will write a 13- to 21-page white paper that describes the current state of mobile incident response and investigation. The context is that as a forensic investigator, you are providing an objective overview of mobile technology and digital forensic and incident response capabilities for a law enforcement unit that has limited experience and capability with mobile forensics.
Your white paper will describe mobile investigative challenges and the techniques and technologies available to perform mobile forensic examinations. You will also provide your perspective on the future of mobile forensics—the biggest threat to mobile forensics in years to come, and the biggest opportunity for investigators of mobile cybercrime. The most successful papers will include references to resources outside of the classroom.
There are six steps in this project. Each step focuses on one required element of the paper to be submitted at the end of this project. In Step 1, you will provide an overview of mobile technologies and cellular networks.
Step 1: Conduct a Mobile Technology Overview
You’re ready to begin writing the white paper. The sheriff has stated that the first section should be an overview of how cellular networks operate. You decide to provide an overview of cellular networks: how mobile phones communicate with cell sites, cellular-to-cellular communication, mobile switching centers, and the base switching subsystem. You also want to cover the technology of mobile networks, including form factors of smart devices and other wireless technologies.
Submit the results of your research (three to five pages) to the sheriff (your instructor) for review and ungraded feedback. Incorporate any suggested changes. Your overview will serve as the introduction to the 13- to 21-page white paper for this project.
Since mobile technologies are constantly changing, you decide to address trends in mobile technology in the next section of your paper. You know that NIST 800-101, Revision 1, will provide a good starting point on all these topics.
Step 2: Describe Trends in Mobile Technology
With the overview drafted, you now need to describe trends in mobile technology. For this step, you will address handset transmission types, mobile operating systems, challenges with mobile technology, and mobile device threats. The “trends” section would not be complete without addressing the latest in embedded device forensics.
Review this three- to five-page section of your paper for accuracy and completeness; it will serve as the second section of the final white paper.
Once you have developed this section, you are ready to move on to considerations for the forensic handling of mobile devices.
Step 3: Discuss Laws, Regulations, and the Forensic Handling of Mobile Devices
After detailing trends in mobile technology, your next step is to discuss laws and regulations governing the search and seizure of mobile devices under the Fourth Amendment to the US Constitution, including describing the mobile device forensics process, considerations for effectively handling mobile devices during an investigation, use of proper investigative techniques, types of mobile forensics tools available, and identifying where digital forensics evidence may be found on mobile devices.
It is important for you to research electronic seizure practices for complying with the Fourth Amendment when searching and seizing mobile devices. Cite reference sources in your final white paper discussion.
These subjects are important because mobile devices present unique challenges when it comes to handling and analysis, and court cases are won or lost based on the arresting officer’s understanding of legal technicalities. Review this three- to five-page section of your paper for accuracy and completeness; it will serve as the third section of the final white paper.
Upon completion of this section, you will be ready to move on to the next section of your paper: forensic tools and investigative techniques.
Step 4: Describe How to Analyze and Present Forensic Information
You have discussed your research on laws, regulations, and forensic handling. You are now ready to create the fourth section of the white paper, where you describe the analysis and presentation of forensic information.
Based on your training, you know you will need to include mobile file system analysis, techniques for bypassing security measures, and third-party applications in this section. In addition, you will address data carving, file system, and compound file analysis and the presentation of a case report.
Review this three- to five-page section of your paper for accuracy and completeness; it will serve as the fourth section of the final white paper.
You are ready to move on to a final, less-objective summary of your research on the evolving field of mobile forensics.
Step 5: List the Biggest Threat and Most Promising Technology
In the previous four steps, you have reported on a variety of topics relating to mobile forensics. You have read and reported on technologies, trends, laws, and regulations, handling, and analysis of mobile data. For the final section of your paper, the sheriff has asked for your perspective on the biggest threat posed by cyber criminals using mobile technology, and a technology that promises a solution.
Reflect on your in-class and outside readings, as well as your personal and professional experience, to respond to these questions. There are no right or wrong answers, but you should provide references for your observations. You will be attaching this one-page section to the white paper.
Step 6: Submit Completed White Paper: Mobile Incident Response and Investigations
You have collected the information needed to inform your department’s future decisions regarding mobile forensics. In this step, you will combine the five sections that you’ve written into a single, cohesive white paper. Your 13- to 21-page paper should be double-spaced, excluding images and references. Use 12-point font and APA format.
Include the following five sections:
- Overview of mobile technology, including network operations and mobile technologies
- Description of trends in mobile technology, including handset transmission types and embedded device forensics, as well as operating systems, applications, and challenges and threats to forensic investigations
- Laws, regulations, and considerations for the forensic handling of mobile devices
- Analysis and presentation of forensic information including file system analysis, techniques for working through security measures, third-party applications, and other forms of mobile data analysis
- Personal perspective on the greatest biggest threat and greatest opportunity/most promising technology in mobile forensics, based on in-class and outside readings, as well as personal/professional experience
Upon completion of the steps, submit the white paper on Mobile Incident Response and Investigations to the sheriff (your instructor) for evaluation.
Check Your Evaluation Criteria
Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them. To view the complete grading rubric, click My Tools, select Assignments from the drop-down menu, and then click the project title.
- 1.3: Provide sufficient, correctly cited support that substantiates the writer’s ideas.
- 1.5: Use sentence structure appropriate to the task, message and audience.
- 1.6: Follow conventions of Standard Written English.
- 1.7: Create neat and professional looking documents appropriate for the project or presentation.
- 2.1: Identify and clearly explain the issue, question, or problem under critical consideration.
- 5.1: Demonstrate best practices in organizing a digital forensic investigation.
- 6.1: Perform report creation, affidavit creation, and preparation to testify.
- 6.2: Demonstrate ability to investigate mobile technology.
Complete the order form and upload all of your files, including any instructions, rubrics, or other materials provided by your instructor. 
Complete the order payment after filling in the order form. We’ll receive your order and assign it to a writer.
The assigned writer will complete your paper and forward it to our Editing Team for review and approval.
Once approved by the editor, the completed paper will be uploaded to your account for you to download, review and approve.