Mobile Incident Response and Investigations (Project 3)The mobile platform is experiencing explosive growth, and with
that growth comes cyber-incident analysis and response
challenges. There are literally several thousand types of mobile
devices, with many types of interfaces, operating systems, and
connectivity options. This type of environment has many
implications for the incident responder. The number of devices
makes it impossible to be well versed in each one, complicating
analyses. The sheer number of devices also creates a massive
expense simply trying to stay abreast of the major players in the
market space. Complicating this further is that mobile devices
can be the target of a security incident, but mobile devices can
also prove to be an elusive means to coordinate, support, or
execute an attack. The nature of mobile devices presents other
challenges as well, including the ability to remotely access
devices and the ability to remotely wipe out evidence, an
evidence destruction process that can occur rapidly in a flash
memory environment.
Mobile forensics is an increasingly complex environment for
investigators because of the rapid rate of innovation and
adoption of new technologies, applications, and hardware.
Smartphones are being used in so many different ways that they
have become a central focus in digital forensic investigations.
The mobile platform is a forensic challenge because of the
number of third-party applications found on many devices and
the rapidly evolving security measures employed by device
manufacturers and application developers.
In this project, you will write a 13- to 21-page White Paper that
describes the current state of mobile incident response and
investigation. The context is that as a forensic investigator, you
are providing an objective overview of mobile technology and
digital forensic and incident response capabilities for a law
enforcement unit that has limited experience and capability with
mobile forensics.
Your White Paper will describe mobile investigative challenges
and the techniques and technologies available to perform mobile
forensic examinations. You will also provide your personal
perspective on the future of mobile forensics — the biggest
threat to mobile forensics in years to come, and the biggest
opportunity for investigators of mobile cybercrime. The most
successful papers will include references to resources outside of
the classroom.
There are six steps in this project. Each step focuses on one
required element of the White Paper to be submitted at the end
of this project. In Step 1, you will provide an overview of mobile
technologies and cellular networks. Are you ready to get started?
Pls see Power Point Document for topics.
Project 3 – Mobile
Incident Response and
Investigations
UMUC – CST 640
Overview
◦ Focus is on the current state of mobile incident response and investigations
◦ You will be discussing the various technologies and capabilities available and being utilized.
Scenario: As a forensic investigator you are providing an object
overview of mobile technology and digital forensic and incident
response capabilities for law enforcement.
◦ 6 Steps:
◦ Mobile Technology Overview
◦ Trends in Mobile Technology
◦ Laws, Regulations, and the Forensic Handling of Mobile Devices
◦ Analysis and Presentation of Forensic Information
◦ Biggest Threat in Mobile Forensics
◦ Submit the completed White Paper: Mobile Incident Response and Investigations
2
Step 1: Mobile Technology Overview
First section of the whitepaper:
◦ This should be able overview of how cellular networks operate, including:
◦ How Mobile Phones communicate with cell sites
◦ Cellular to Cellular Communication
◦ Mobile Switching Centers
◦ The base switching subsystem
◦ Technology of mobile networks, including:
◦ Form Factors
◦ Smart Devices
◦ Other Wireless Technologies
Deliverables of Step 1 – This will serve as an introduction of your
whitepaper to the Sheriff
3
Step 2: Trends in Mobile Technology
Now that you have an overview, you want to describe trends in Mobile
Technology, such as:
◦
◦
◦
◦
◦
Handset Transmission Types
Mobile Operating Systems
Challenges
Trends
Embedded Device Forensics
Deliverables of Step 2 – A 3-5 page section for your White Paper
4
Step 3: Laws, Regulations, and the
Forensic Handling of Mobile Devices
•Your next step will be discussing
•
•
•
•
•
•
Laws and regulations governing the search and seizure of mobile devices
Mobile device forensic process
Considerations for Handling
Investigative Techniques
Mobile Forensic Tools
Location of Evidence
Deliverables of Step 3 – A 3-5 page section for your White Paper
5
Step 4: Analysis and Presentation of
Forensic Information
In this step you will describe the analysis and presentation of
forensic information
Based on your training you will need to include:
◦
File System Analysis
◦
Techniques for working through security measures
◦
Third Party Applications
◦
Data Carving
◦
File Systems
◦
Compound File Analysis
Deliverables of Step 4 – A 3-5 page section for your White
Paper
6
Step 5: Biggest Threat in
Mobile Forensics
•The Sheriff has asked for your own personal perspective on the
biggest threat posed by cyber-criminals using mobile technology in the
coming years and a technology that shows a promising solution
•There are no right or wrong answers, but make sure to reference any
observations made based on your readings
Deliverables of Step 5 – A One page section for your White Paper
7
Step 6: Submit Completed White
Paper: Mobile Incident Response and
Investigations
•You have collected all of the information to inform your department’s
future decisions regarding mobile forensics.
•In this step you will combine the 5 sections into a single cohesive White Paper
•The paper will be a 13-21 page paper, double spaced, excluding images and
references
•Use 12 point font and APA format.
Deliverables of Step 6 – 13-21 page White Paper of all the combined sections.
8
Competencies
•1.3 Provide sufficient, correctly cited support that substantiates the
writer’s ideas.
•1.5 Use sentence structure appropriate to the task, message and audience.
•1.6 Follow conventions of Standard Written English.
•1.7 Create neat and professional looking documents appropriate for the
project or presentation.
•2.1 Identify and clearly explain the issue, question, or problem under
critical consideration.
•5.1 Demonstrate best practices in organizing a digital forensic
investigation.
•6.1 Perform report creation, affidavit creation, and preparation to testify
•6.2 Demonstrate ability to investigate Mobile Technology
9