5 Ways for Forensic Investigators to Crack Mobile Devices

Kevin DeLong

Feb 25 2016

Hackers have been breaking into cell phones for the purpose of fraud and identity theft for years, using a wide range of weapons to achieve their nefarious goals.

In fact, the 2015 Verizon Data Breach Investigations Report found hackers were responsible for an
estimated financial loss of over $400 million from more than 700 million exposed records.

Last Fall, the Obama Administration announced it would not give source code and encryption keys on digital devices to law enforcement and government agencies, for fear it would leave the U.S. open to international attacks. Federal law enforcement officials will continue to press companies to decrypt consumers’ information for the purposes of criminal or terrorism investigations, but only up to a point.

While many law enforcement professionals viewed this decision as a setback, mobile forensic examiners are not powerless in their efforts to crack mobile devices. They can be hackers for good. Here are the five back doors to keep them a step ahead of cybercriminals:

1. Fingerprints

Although a suspect can invoke their Fifth Amendment right not to incriminate themselves by providing their password, police can have them open their iPhone Touch ID with their finger within the first 48 hours before the iPhone touch feature is disabled.

2. Siri

Even if the lock screen is on an iPhone, Siri is still enabled. You can even find a suspect’s incoming and outgoing calls, contacts and entire calendar without having to unlock or crack the phone.

3. Open Clouds

Apple recently changed messaging on iPhone devices. Messages are now end-to-end encrypted, so they can only be decrypted once they reach their destination device. Apple can only see that Person A sent a message to Person B on this date and time, but no other details.

4. Laptop

Often, unencrypted backups of a suspect’s iPhone may live on their laptop. A forensics expert can get what’s called a “pairing record,” the key that tells a phone to remember a trusted PC. Cops can sync the phone to their own computer to get the data.

5. Break-in

If none of these back doors are open, breaking in is sometimes the only way to get the potential evidence you need. In this scenario, digital forensics tools from Access Data – such as MPE+ or nFIELD – may be the best way to get forensics data from a phone. If a phone has been locked, it can still be plugged into nFIELD or MPE+. The best tool for examiners on the scene to gather initial real-time evidence is nFIELD, which is considered a triage tool for those with little to no training on the software. MPE+ takes a deeper look into the initial findings, while FTK gives a complete look back at the lab. While these tools can assist examiners, the people behind the gadgets must know how things are laid out in the device in order to get the right information.

Ready to learn more about how to overcome the challenges of breaking encrypted mobile devices? Download our two-part white paper series, “To Catch a Digital Predator,” here.

Contact us today to learn more about our products and our
approach to improving how you collect, analyze and use data.
Tell Me More