Challenges in Computer and Mobile Forensics


The typical customer uses an increasing number of internet accounts each year. The spread of secure, encrypted password protection systems is evolving into a new difficulty, even as password reuse and the usage of cloud services to store and synchronise passwords make experts' jobs easier.

Now that we know the current difficulties in desktop and mobile forensics, we can see what lies ahead.

Challenges with Computer forensics

  • Desktop forensics is exhibiting several significant trends. The usage of data encryption is the first and most important challenge.
  • Since Windows 8, BitLocker Device Encryption, a Microsoft full-disk encryption application, has been able to protect small and lightweight devices automatically.
  • Once the user logged on to their computer using their Microsoft Account credentials, BitLocker Device Encryption was activated automatically on all devices satisfying certain requirements (such as the usage of a TPM2.0 module and support for Connected Standby) (as opposed to using their local credentials).
  • The adoption of solid-state media to replace magnetic hard drives presents the second significant hurdle.
  • Almost immediately after a file is erased or a disc is (quickly) formatted, SSD devices obliterate any evidence.
  • Regardless of whether the data is still present in the NAND cells, the SSD controller will always respond to SATA instructions with zeroes once the data has been declared destroyed.
  • By using standard methods, it is difficult to reach deleted data or stop the SSD drive from erasing deleted data in the background (write-blocking SATA devices are of little assistance). Life after Trim offered a viable solution to the problem.

Microsoft Account use

  • Microsoft keeps encouraging Windows users to sign in to their Windows using a Microsoft Account. Recent Windows 10 releases make it difficult for even seasoned pros to set up a new machine without a Microsoft Account. Regular users might not even be aware that the local option exists.

Challenges with mobile forensics

  • Encryption continues to be the key obstacle in mobile forensics. Even though it first emerged in Android 6 devices, extractions have only lately begun to have difficulties due to encryption in Android handsets.
  • Full Disk Encryption (FDE), a less secure encryption method that secures data with a "default password" as a seed for the encryption key, was previously utilised by many mid-range Android smartphones and all Samsung phones made before 2019 to save storage space.
  • The more secure File-Based Encryption (FBE), a more recent encryption system that encrypts data with a key based on the user's screen lock passcode, is nearly universally available on new handsets this year. Many times, specialists could circumvent the FDE; however, the more recent FBE encryption presents a serious difficulty that has yet to be fully understood.

Forensics for Android

  • Forensics of Android devices is challenging for a completely other reason. Thousands of models have swamped the market. These morels come with a variety of chipsets produced by various suppliers.
  • There are effective direct acquisition techniques like EDL extraction, which uses a unique engineering mode found on most devices. However, these low-level techniques are restricted to particular manufacturers, models, and chipsets.
  • Additionally, based on the device settings that may enforce an advanced encryption mode that is not susceptible to this method, these methods may or may not be effective.

Conclusion

Technology-based forensics lacks a "silver bullet." Every step of an examination cannot be handled by a single tool or a collection of tools. Even if one has access to every forensic tool ever created, the results may still be subpar owing to improper methodology, careless errors, bad workflow, or just missing something little but crucial, such as the incorrect time zone or some concealed file metadata.

Comments

Post a Comment

Popular posts from this blog

Digital Forensics Process Techniques

Image
Digital forensics   is the process of preserving, detecting, retrieving, and recording computer evidence that can be used in a court of law. It’s the art and science of extracting data from digital media like a computer, smartphone, server, or network. It provides the most up-to-date methodologies and tools for resolving complicated digital cases to the forensic team. Digital forensics assists forensic investigators in analysing, inspecting, identifying, and preserving digital evidence stored on many types of electronic equipment. Digital Forensics Procedures To be accepted in a court of law, digital evidence must be handled with precision, preventing cyber thieves from tampering with the evidence. Recognition Begin by locating the evidence and noting where it is housed. Safeguarding Following that, the data must be segregated, protected, and kept. This entails preventing evidence from being tampered with. Examine After that, put the bits of information together and draw conclusion...
Read more

Importance of Cyber Crime Investigation

Image
With the increasing number of cyber-attacks , businesses need to be able to detect and respond to cyber threats quickly. In today’s digital world, companies need to be able to monitor data and processes in order to develop more effective ways of working. To accomplish this, they need hackers’ investigations — a specialized type of police investigation that finds out exactly what is happening on the Internet in order to protect their users and protect their business interests. In this article, we review the importance of cyber-crime investigation and how you can participate in it effectively. What is cyber-crime investigation? Cyber-crime is a broad topic that encompasses many forms of connectedness and information. In a perfect world, hackers would be able to interact with each other in order to maliciously impact other users’ computers and networks. But, cyber criminals are always looking to expand their own reach — and that means they are constantly looking for new ways to reach use...
Read more