Mobile technology has evolved significantly this century, and smartphones can store millions of artefacts in the form of messages, images, files, GPS locations, amongst many others. These powerful devices make handy companions for citizens but pose a headache for law enforcement agencies (LEAs) on a continual basis. The main issue is that almost every crime has some link to mobile and smart devices. That means a massive amount of devices need to be analysed to extract useful and usable information for criminal proceedings.
To compound the issue further, the devices, operating systems and applications are forever changing. Thus, leading forensics companies such as Cellebrite, MSAB, Oxygen Forensics, Magnet Forensics and others are depended upon to provide suitable methods of extracting and analysing the data. These regular improvements and release cycles are necessary, but also mean that LEAs, and other users, are required to constantly test and validate the tools – endeavouring to ensure there are no errors. This is a time consuming and repetitive task; diverting the efforts of many experts from other value-added work. Moreover, this is often duplicated across multiple regions within Europe, exacerbating the issue further.
As FORMOBILE works to move the current state-of-the-art in Mobile Forensics forward, The National Institute of Standards and Technology (NIST) in the USA is running research in association with the Department of Homeland Security's Cyber Forensics Project. They are also dedicated to improving the abilities of law enforcement agencies to tackle the ever-increasing challenge of gathering, decrypting and analysing data from mobile devices. As in Europe, technology is necessary to produce court-worthy evidence in a court of law to prove someone's innocence or guilt in a criminal investigation. NIST is working towards testing technological solutions as an independent party. Currently, in Europe, there are no independent agencies completing this work or providing their stamp of approval for the tools used by LEAs. This is what leads to the unnecessary duplication of effort mentioned; as individual LEAs across Europe are forced to undertake their own testing regimes - with inevitable variations in quality control.
The topics of validation and verification were discussed at length during a recent CEN Workshop Agreement (CWA) kick-off meeting organised through FORMOBILE, but open to all interested parties. Following the FORMOBILE project, it is possible that recommendations will be made to have an authority, akin to NIST, complete exercises in Europe.
Common, uniformed and accepted standards can also help maximise the impact of the LEAs' intervention in crimes. There are numerous standards in circulation that reference mobile forensics, but none that are specifically dedicated to the topic. The CWA is the starting point for this change, and the actors participating in the process play an important role in forging the procedures and guidelines that can aid the investigative efforts throughout the chain of custody, and supporting the over-arching goal of bringing justice.
Technology and a standardised approach are not the only things required to improve the mobile forensic investigation chain. Progressively challenging and complex training can support officers in the domain (e.g. first responders, mobile forensic specialists, investigators, prosecution and management) to acquire the knowledge and skills to work with mobile devices and use technologies to streamline the process of completing investigations. Training is another pillar of FORMOBILE along with the Standard and Tools. The new curriculum developed through FORMOBILE will hopefully pave the way for ongoing and iterative developments to give LEAs the expertise and practical skills required to meet the demands of an evolving and complex industry.
Recent figures from England and Wales (probably other EU countries) show there are obstacles preventing work to be completed, and it was reported that over 12,000 devices awaited investigation across 30+ police forces. Unquestionably, there are numerous reasons for this; however, improved technology, a broader training curriculum and a standardised approach to mobile forensics are common requirements gathered from LEAs across Europe during the FORMOBILE research and may help combat the backlog.
Considering the efforts of FORMOBILE, NIST, Industry and other significant actors from around the world, one can feel encouraged with the progress being made. Nevertheless, we must not be under the illusion this is an easy task. It will take the effort of all members of the mobile forensic community to maintain progress. Please help support the cause by engaging in the FORMOBILE community and spreading the results of the project.