Digital forensics have always been a hot market segment, whereas the need for a reliable network based forensics model given main Internet's insecurities such as source address spoofing and the lack of commonly accepted security events reporting practices is constantly growing as well. Information acqusition, analysis and interpretation in the most reliable and efficient way is often among the desired outcome -- and of course figure out what has been happenning at a given historical moment in time or in real-time if applicable.
In a previous post related to "Detecting intruders and where to look for" I mentioned lots of resources regarding the topic, and tools to take advantage of, if in need. In respect to cell phones and various related privacy issues, excluding the physical forensic analysis that could be successfully performed, there's a growing discussing on whether a "suspect's" physical location should be revealed though a mobile-phone carrier -- segmented requests are the most efficient and socially-conscious ones I think.
Today I came across to "Logicube CellDEK" a portable handset data extraction kit :
"The portable CellDEK® acquires data from over 160 of the most popular cell phones and PDA's. Built to perform in the field (not just in the lab), investigators can immediately gain acces to vital information. This saves days of waiting for crucial data to come back from a crime lab. The CellDEK software automatically performs forensic extraction of the following data: Handset Time and Date, Serial Numbers (IMEI, IMSI), Dialed Calls, Received Calls, Phonebook (both handset and SIM), SMS (both handset and SIM), Deleted SMS from SIM, Calendar, Memos, To Do Lists, Pictures, Video, and Audio."
Nothing surprising as there are many other freeware applications/ways to do cell phone forensics (full list can be found at Sergio Hernando's blog), but what made me an impression was its usefulness by covering over 160 models, portability due to its size and capabilities, and that up to 40 adapters may be stored in the system’s built-in rack. Some challenges I see to today's forensic investigators are the sophistication of publicly available encryption/steganographic tools, the Internet acting as a online HDD opening opportunities for dead-drop places, and communications that went over covert channels.
On my wislist however, has always been the company's Forensic MD5, as it basically "swallows" data in a timely manner -- a bad toy in the hands of a insider going beyond average types of removable media, and in moments where minutes count. As a matter of fact, a forensic investigator's sophistication and expertise doesn't really count when the Mafia is still catching up on how to encrypt. Still, I'm convinced how some of his "operatives" are into far more sophisticated methods of communication than he is.
Check out some more resources, and case studies on the topic as well :
How to Become a Cyber-Investigator
SANS Reading Room - Forensics
Digital Forensics Tool Testing Images
Computer Forensics for Lawyers
Forensic Analysis of the Windows Registry
Forensic Computing from a Computer Security perspective
Guidelines on PDA Forensics
Forensic Examination of a RIM (BlackBerry) Wireless Device
WebMail Forensics
iPod Forensics
Digital Music Device Forensics
Forensics and the GSM mobile telephone system
List of Printers Which Do or Don't Print Tracking Dots
Metasploit Anti-forensics homepage
UPDATE - Sites that picked up the story
LinuxSecurity.com
Technorati tags:
Security, Forensics, cyber-crime, Mobile Phone