< Back

Security : Forensics : Data Recovery : Mobile

Digital Forensics Global Trends

The role of personal devices and digital forensics continues to grow

By Glenn Hickok
Glenn Hickok
President, U.S. Division
Micro Systemation

The current number of global mobile device connections in use around the world exceeded 7 billion in April 2014 — this number is expected to continue to increase exponentially as the Internet of things continues to grow.  As use of these devices, and accompanying applications, continue to expand rapidly around the globe so too will the use of digital forensics as an invaluable tool for a variety of law enforcement agencies and stakeholders. The global digital forensics market had revenues of around $1.4bn in 2013 and is expected to grow at a compound annual growth rate of 10.5% between now and 2018.

There are two critical global trends that are shaping the evolution of these marketplaces and the uses of digital forensics- and they are interconnected.  The first is that law enforcement agencies and a growing array of stakeholders are using digital forensics for a rapidly expanding set of uses to keep up with the pace of innovation and commercialization.  The second is that of privacy concerns whereby policy makers are taking a more active role in attempting to shape the use of digital forensics and that law enforcement will have to make adjustments to these new realities.

Recently there have been a number of high profile cases where cutting-edge digital forensics tools have played a key role.  In the Oscar Pistorius trial, Reeva Steenkamp admitted to being scared of the South African track star in a text message three weeks before he shot her dead, according to police experts during his murder trial.  In a Whatsapp conversation in January of 2103, Ms. Steenkamp wrote: “I’m scared of you sometimes and how you snap at me.”  Thanks to digital forensics tools for mobile devices used by the South African Police that can recover messages, including deleted messages and data from encrypted versions, over 35,000 pages worth messages between the couple were recovered and will likely prove pivotal in the disposition of the case. 

In the United States, a Tehachapi, CA City Councilman was recently convicted for lewd or lascivious acts with a child under 14, according to Court records.  This was due in large part thanks to digital forensics tools that were able to extract data present on the defendant’s personal device from Grindr, a networking app he used to come into contact with his victims.  

While mobile digital forensics will remain a centrally important tool to support investigations in high profile cases involving capital crimes, more and more the technology is being used in the resolution of lesser crimes and in a variety of civil proceedings.  Law enforcement use of digital forensics when the appropriate factual and legal conditions are present has literally become indispensable for courts and prosecutors regarding a growing number of offenses.  For example in the use of narcotic cases it has become almost a default for prosecutors to expect to produce evidence of contacts and communications from suspected drug dealers, knowing that if such evidence is not produced it will most likely be questioned at some stage during the legal process.

Additionally, the role of digital forensics has expanded rapidly in to other areas.  Available data demonstrates that digital forensics is currently being used in over one third of divorce proceedings in the U.S. today.  Moreover, digital forensics continues to become a key asset in addressing the issue of corporate theft and employee malfeasance worldwide as the amount of data that employees can access via personal devices has skyrocketed.  According to the Association of Certified Fraud Examiners, the total cost of corporate fraud worldwide is estimated to top $3.5 trillion dollars.  Employee theft – especially in the banking and financial sector – remains one of the most significant and difficult challenges businesses face today and the issue has far reaching implications for consumers and our global economy.  The speed, accuracy and efficiency that digital forensics are bringing to counter fraud initiatives within businesses is beginning to turn the tables on those that perpetrate these crimes.  Given the common policies whereby employees are provided with company devices, employers have the ability in many cases to rapidly determine if criminal activity is ongoing.  Where staff are allowed to bring your own device (BYOD) the legality issues surrounding privacy of the individual become paramount and it is well to ensure that IT Departments have very clear policy documents on such matters and that all staff are made aware of in advance.

When conditions warrant, investigators today can employ software-based forensic applications that enable them to recover deleted documents, messaging app data, call logs and all Text / MMS messages.  Because of the wide range of devices in the marketplace today, investigators are now able to utilize solutions which offer broad coverage of devices and applications with analytic capabilities that can quickly paint an accurate picture of a wide range of criminal activities.

As the role of personal devices and digital forensics continues to grow, the role that regulators and judicial systems are playing is growing as well.  Recently, the U.S. Supreme Court ruled that enforcement agencies may not search the cell phones of criminal suspects upon arrest without a warrant.  While this decision will undoubtedly have an impact on some law enforcement procedures in the field, ultimately it will not likely affect the growing law enforcement demand for digital forensics tools in the U.S. It is important to note that the Constitutional exception for “exigent circumstances” still exists in the case of personal devices and was addressed by the Court in their decision, allowing for officers to investigate a device in a number of circumstances where their safety or the safety of others is at risk.  These cases include circumstances such as bomb threats and child abductions.  Also, the ruling also does not prevent U.S. law enforcement from confiscating the personal devices of suspects arrested under non-exigent circumstances as evidence. 

However, Supreme Court ruling does present an interesting challenge regarding the preservation of evidence after a suspect is arrested should one of their accomplices or associates attempt to remotely wipe the device of all data.  Unless law enforcement has the ability to block incoming signals to a device after arrest or the legal ability to capture all data on a device in the field, there remains the risk in some cases that key evidence could be lost.  That said, while the recent decision will affect the tactical realities of law enforcement in the United States it will likely not affect the strategic value of the tools or its continued widespread adoption by agencies of all sizes to support a growing number of investigations.  

Conversely in the UK, the English legal system has existing legislation under the Regulation of Investigatory Powers Act (RIPA) and the Police & Criminal Evidence Act (PACE) that allow for law enforcement agents to seize and search a mobile device as evidence, given reasonable grounds, without the need to resort to a court search warrant after the event. Naturally such an approach can alleviate some of the challenges presented in the recent US Supreme Court ruling, nevertheless the risks of the device being remotely wiped during transportation before analysis still exists. So ultimately the necessary precautions to protect valuable evidence exist universally.

While different nations have chosen different paths to address privacy issues and the use personal devices in investigations one trend remains constant— the role of digital forensics continues to grow on both sides of the Atlantic and around the world at a very brisk pace.  As such, the emerging needs of law enforcement and other stakeholders are driving some powerful trends in innovation. As the number of smartphone applications continues to explode and as those applications become updated with new versions more rapidly every day, it is essential that investigators have tools that can allow them keep pace and afford them access to the latest offerings in the marketplace.  More and more, users are turning to technologies that ensure they have seamless access to not just the latest applications but the latest versions of those apps.

The speed at digital forensics can be employed is also vitally important.  Given operational realities for law enforcement today, users must have the ability to examine multiple devices at the same and do very rapidly— this applies especially to cases where larger conspiracies are at play such as child pornography rings, gangs and narcotics distribution organizations.  Another dynamic that we have seen within many law enforcement departments is that many have opted to employ more than one device or technology to support its digital forensics mission as some tools perform better than others regarding certain functions.  These departments have found that bringing in additional tools to an existing program can enable a broader capability overall while ensuring a higher degree of confirmation when producing evidence.

While ensuring the capture of data is accurate and forensic reports have the highest integrity remains critical, law enforcement today has a newer “big data” challenge.  As the size of the data at issue within an investigation can now be potentially huge, ascertaining the true meaning of this data is paramount.  Investigators now have access to analytical tools that allow them to visualize connections, map geo-data and see timelines derived from a large number of  mobile devices from different sources, simultaneously—and agencies of all sizes are beginning to take advantage of these advances.

The last and potentially most important trend affecting the future of digital forensics pertains to the need for clear and accurate standards for the collection of evidence from digital devices.  While the courts will always have a powerful role in shaping the standards for the collection and processing data captured via digital forensic tools, it is incumbent upon industry, government and stakeholders to come together to clearly define the organizational environment within which digital forensics are performed and the proper procedures for the maintenance of digital evidence for chain of custody purposes.  By creating bright line standards and a clear set of best practices our industry can ensure that role of digital forensics will continue grow as a vital tool that brings fairness, accuracy and clarity to investigations around the world. 

Glenn Hickok
President, U.S. Division
Micro Systemation

Glenn Hickok is the President of U.S. Division of Micro Systemation (MSAB) a global leader in forensic technology for mobile device examination.

About Us Editorial

© 2019 Simplex Knowledge Company. All Rights Reserved.   |   TERMS OF USE  |   PRIVACY POLICY