Issue link: https://let.epubxp.com/i/137309
TALKING POI NTS Symbian operating system have smaller percentages of market share, but Windows Phone 8 is gaining ground. Palm OS may be seen on older devices, while Linux Ubuntu and Samsung Tizen are anticipated sometime this year. And many feature phones run on the Java-based BREW platform. ■ With multiple operating systems come multiple file systems. In PCs, Windows uses only the File Allocation Table (FAT), exFAT, and New Technology File System (NTFS). A version of FAT is in use in Windows Mobile and Windows Phone devices. However, more than 100 different mobile file systems exist across all device families. ■ Android may be the most widely installed operating system, but Apple's iOS drives most of the data bandwidth usage. And BlackBerry may be in steady decline, but is an important legacy device to many business and personal users. All of this is not necessarily as complicated as it sounds. If you're contemplating entering the field of mobile forensics, know that much of the hard work associated with file systems and data structures is now automated. With that said, "I pressed a button and got the data" is still a statement you want to avoid making in court. Here are some additional challenges to keep in mind as you start to investigate mobile devices. Operating systems and user interfaces Built-in security Because the different operating systems run different file systems, they store information in different ways. iPhones, iPads, and other devices running iOS are generally all the same, but decoding an iOS app may not be the same as for an Android app—even if they are the same app. These types of problems are solved with physical extraction and automatic file system reconstruction, or file system extraction if the mobile forensics tool doesn't support reconstruction. Differences in file systems may also mean that mobile forensic tools don't parse some files, which must therefore be carved manually. Logs and other data may be stored differently from one device to the next. For example, the user may change out the SIM card, or the device may change hands. If logs are important to a case, it will take additional effort to find them, whether forensic or legal (i.e. serving paper on one or more carriers to trace device activity). Possibly the biggest challenge of all is that support for certain "lesser" mobile operating systems, including Windows Phone 7 and 8, is limited. Some vendors focus on support for specific operating systems, but mainly for iOS and Android. Finding forensic tools to support systems that are not one of the "Big Three" may require computer forensic experience. Security exists on several levels within most smartphones: ■ User locks. On iOS devices, this might consist of a simple (fourdigit) or complex (longer than four digits) passcode. On Android devices, it can be a PIN lock or password, or a "pattern lock"—a pattern swiped across a touch screen's numerical keypad. (This can also be a facial recognition lock.) ■ Data/file protection. Individual directories, such as email, can be Counterfeit mobile devices, made mainly in China but also in India and elsewhere, have begun to challenge law enforcers because they are structured differently from legitimate branded devices. www.officer.com June 2013 Is it legal to examine a jailbroken or rooted device? At one time, jailbreaking was the only method a mobile forensics examiner had of getting to the physical data—the hidden or deleted data that could contain crucial pieces of evidence—on an iOS device. Because of the Digital Media Copyright Act (DMCA) and also the fact that a jailbreak effectively changes the evidence on the device, this method is no longer recommended, and most commercial mobile forensics tools enable physical extraction and decoding up to iPhone 4. However, if a phone is already jailbroken by the time it comes to a forensics lab, police should face no legal issues in examining it. Law Enforcement Technology 45