Alen Gojak on Mobile forensics investigations

Alen Gojak, a mobile device examiner and mobile forensic expert based in Croatia, spoke about the current trend in mobile forensic investigations at an interview conducted by LIFARS. Alen is a former law enforcement officer and has a long-time working experience in mobile forensics area using forensics investigation tools such as, Cellebrite UFED 4PC and Oxygen Forensic Detective.

 

LIFARS: I believe you are an expert in mobile forensics area. Could you tell us how you would compare digital forensics investigations for Apple’s iOS and Android?

Alen: New models of Android phones and iOS phones are getting similar when it comes to security issue. However, some differences still exist.

Physical acquisitions of iPhone are possible if the device is jailbroken. Because of full disk encryption, ‘Chip-off acquisition’ is not possible on 64-bit devices, including iPhone 5S, 6, and 6 Plus.

On the other hand, with Android, physical acquisitions are possible without root status. You can use JTAG and chip-off acquisition on compatible phones if they are not using whole-disk encryption. Cellebrite UFED, XRY and Oxygen Forensic Detective offer specific solutions for locked devices, but the number of supported models is limited.

Forensic investigation for both Android and iOS has become more difficult than ever due to factory encryption and to the fact that it is forced for users to use pin and/or passwords nowadays. Both platforms allow users to use apps for encrypted communication and this is what give digital forensic experts headaches. I am all for user privacy but then again, such applications are used by terrorists as well. We have to choose between privacy and national security.

LIFARS: Could you tell us what kinds of tools are there for mobile forensics investigations and which one would be the best?

Alen: In the previous answer, I noted three programs that are commonly used: Cellebrite UFED, XRY, and Oxygen Forensic Detective. Of course, there are some additional software programs that are used in forensic investigation such as Belkasoft, Elcomsoft and Magnet Forensics. Cellebrite UFED, XRY, and Oxygen Forensic Detective are very important tools that could be used to detect and fight against extremism and terrorism. That is why there are used in various US and European federal and state agencies like FBI, DEA, FSB, French Gendarmerie, German BKA, and many others.

However for ordinary users, such as private security companies and private investigators, these software tools might be too expensive to use and moreover, they need renew the license every year. Personally, I believe Oxygen Forensic Detective is one of the best selections for these ordinary users. Oxygen Forensic Detective is an all-in-one forensic software that has integrated analytical and has cloud forensic capacity which Cellebrite UFED and XRY sell as a separate program for several thousand dollars. Also, Oxygen Forensic Detective has a built-in Passware module for encrypted backups and images. I personally use UFED 4PC and Oxygen Forensic Detective.

LIFARS:  What are the common cases of forensics investigations?

Alen: I would have to say the most common forensics investigations nowadays are those that are related to terrorist attack. As the number of smartphone users grows, mobile forensics investigation puts its focus on criminal or corporate investigation to prevent and/or solve the attacks. The security services in Denmark, Norway, Sweden, Netherlands and the Germany routinely examine mobile phones of refugees or asylum-seekers. The goal is to make sure that refugees ad asylum-seekers who have posted suspicious posts on social media sites are subjected to additional scrutiny. I believe professionals such as Mobile Device Examiner have a long-term future, especially in law enforcement agencies since they are important links in the security chain.

LIFARS: What are the biggest challenges in forensics investigations? How do you see the future of forensics investigations?

Alen: As a mobile forensic examiner, I know how difficult it is to acquire data from locked devices. I agree with some experts who say that the future of digital forensics lies to Cloud Data Extraction. iCloud now has over 782 million users, Dropbox has over 500 million, Twitter has 320 million, Facebook has 1.71 monthly active users, and Gmail now has more than 1 billion monthly active users. This is a gold mine for many forensic investigations.

 

Connect with Alen Gojak on LinkedIn