Hi!
We continue with the ninth part of this study on unlocking cell phones in forensic procedures.
But finally, we’re going to wrap up the study, as we’ll show the conclusions, future lines research lines and references.
CONCLUSION:
After reviewing these research articles, it can be concluded that forensic investigations on mobile devices are essential to obtain evidence in the investigation of criminal cases as well as other legal measures, but nevertheless, the advanced security measures that current mobile devices allow, many of them native to the devices themselves, such as locks based on gesture patterns, device encryption, numeric codes and passwords, present really complex challenges for forensic investigators. The techniques that are traditionally applied to devices for unlocking mobile terminals, although still effective in some cases (less and less), have serious limitations that have led to the need for the development of new, more advanced techniques that we could call emerging forensic techniques; Of all of them, the ones that I personally find most interesting are the ones presented in the articles “Cracking Android Pattern Lock in Five Attempts” [3] and «Intellectualized Forensic Technique for Android Pattern Locks» [4] that use a combination of remote device recording, graphic recognition and AI systems to try to guess the patterns that the user has entered when unlocking the device, having a rate of more than 95% in laboratory tests for a maximum of five attempts [3] and rates greater than 99% in a maximum of 20 attempts [4] (these tests are experimental in a laboratory since Android, by default, blocks the terminal after 5 attempts).
THE FUTURE OF THE ANALYZED RESEARCH FIELD:
The future of mobile forensic investigations should focus not only on developing more robust and advanced techniques to overcome existing security measures as might be expected, but on improving existing techniques and developing more stable and powerful algorithms for exploiting certain vulnerabilities, as well as gradually discarding procedures that require the connection of expansions [2], such as SD cards or similar, since these are techniques that are useless on most devices. Processes should also be improved so that they are not so invasive to avoid possible device breakage or data loss [2]. Research into visual recognition algorithms, vulnerability exploitation, and physical data extraction will continue to be a key area of focus [2]. Also, standardized protocols and recommendations for the extraction and preservation of forensic evidence or data must be improved. Another point to examine and develop in depth is to take advantage of the vulnerabilities of operating systems, hardware, firmware, programs or validation methods as proposed in «A New Model for Forensic Data Extraction from Encrypted Mobile Devices»[6]. All forensic processes for cloud environments must continue to be developed as they are increasingly interconnected with mobile devices through services, backups, etc. as they tell us in «A New Model for Forensic Data Extraction from Encrypted Mobile Devices»[6].
Finally, the ethical and legal issues associated with digital forensic processes must be addressed to prevent legal loopholes or legal protections intended to protect the innocent from being used by criminals as a shield to continue their activities with total impunity; to this end, legislation could be passed to standardize formulas that strip certain privacy protections from criminals linked to terrorism, drug trafficking or pedophilia.
REFERENCES:
- [1] International Journal of Electronic Security and Digital Forensics (n.d.) Inderscience Publishers. Available online at: https://www.inderscience.com/jhome.php?jcode=ijesdf (accessed 01 November 2024)
- [2] Balajichandrasekhar, V., Srinivasa Rao, T., Srinivas, G., 2018. An improvised methodology to unbar android mobile phone for forensic examination. International Journal of Electrical and Computer Engineering 8, 2239–2246. doi:10.11591/ijece.v8i4.pp2239-2246.
- [3] Ye, G., Tang, Z., Fang, D., Chen, X., Kim, K.I., Taylor, B. y Wang, Z. (2017) Cracking Android Pattern Lock in Five Attempts, Proceedings of the 2017 Network and Distributed System Security Symposium (NDSS 2017), San Diego, CA, 26 febrary – 1 de march. Available online at: https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/cracking-android-pattern-lock-five-attempts/ (accessed 01 November 2024)
- [4] Qiu, J., Qiu, W., … Li, Y., 2022. Intellectualized forensic technique for Android pattern locks. Chinese Journal of Network and Information Security 8, 118–127. doi:10.11959/j.issn.2096-109x.2022005
- [5] Bandr Fakiha, 2024. Unlocking Digital Evidence: Recent Challenges and Strategies in Mobile Device Forensic Analysis. Journal of Internet Services and Information Security, Volume 14, Issue 2 doi:10.58346/JISIS.2024.I2.005
- [6] Fukami, A., Stoykova, R., Geradts, Z., 2021. A new model for forensic data extraction from encrypted mobile devices. Forensic Science International: Digital Investigation 38. doi:10.1016/j.fsidi.2021.301169
- [7] Ahmad Amarullah, 2015. Aroma File Manager Software, Available online at: https://github.com/amarullz/AROMA-Filemanager (accessed 20 November 2024)
- [8] Android Development Network, 2024. Android Debug Bridge (ADB). Available online at: https://developer.android.com/tools/adb?hl=es-419 (accessed 20 November 2024)
- [9] CyberTriage, n.d., Data carving, CyberTriage. Disponible en: https://www.cybertriage.com/glossary-term/data-carving/ [Accedido el 21 de noviembre de 2024].
That’s all for today.
We’ll continue in a few days.