The Obama Administration announced this fall that it would not give source code and encryption keys on digital devices to law enforcement and government agencies, for fear it would leave the U.S. open to international attacks. This was a setback for law enforcement professionals who are looking for all possible tools to help them be at the forefront of cyber crime investigations.
President Obama’s decision came after months of deliberation . For now, companies will not be subject to potential legislation that would compel them to decode messages for law enforcement’s use. The administration, though, will continue to press companies to decrypt consumers’ information for the purposes of criminal or terrorism investigations, but only up to a point.
The decision was made in part because the Administration fears opening up mobile phones to international attacks, but Verizon’s annual Data Breach Investigations Report for 2015 showed that two-thirds of cyber espionage events have no attacker-attribution information. The top industry that was prone to cyber attacks was overwhelmingly manufacturing at 27.4 percent, the public sector (government) at 20.2 percent and information services at 6.2 percent. The biggest points of entry for these cyber attackers were via email attachment at 39.9 percent, email link at 37.4 percent and web drive-by at 16.6 percent. Cyber criminals were most concerned with uncovering company secrets above all else, at 85.8 percent.
Particular mobile forensic search methods may be able to help. In The National Institute of Standards and Technology’s 2014 special publication, Guidelines on Mobile Device Forensics, software tool needs for mobile devices are “considerably different from that of personal computers.” The research details three main methods for digging into obstructed devices: software-based, hardware-based and investigative tactics. Software and hardware-based both require tools, while investigative methods involve a team with or without tools.
The recovery of what was thought to be deleted data from a mobile device calls for the mandatory use of mobile forensics software. There can be inconsistent data leftover and errors in decoding – among other things – on the mobile device, and that’s where updated technology comes into play. Forensic software, such as AccessData’s nFIELD tool, allows investigators to collect data on the scene in five steps with almost zero training. Anyone on the team can forensically collect and preview data on a mobile device, which significantly decreases case backlog.
We will unpack these issues regarding the Obama Administration’s recent policy decision – and other related developments in the field of mobile software decryption – in an upcoming AccessData white paper series, “In the Field: Mobile Digital Forensic Labs.” Stay tuned to the AccessData blog for details coming soon.