Introduction
In this digital era, mobile devices rapidly proliferated, which has led to an increase in their involvement in criminal activities. The sharp increase of mobile phones being involved in cyber-attacks and criminal activities has made the concept of mobile forensics an essential aspect of digital investigations. In the past, only computer forensics existed because computers were being used for propagating criminal activities (Jones & Winster, 2017). That is not the trend at the current times because mobile forensics have overtaken computer forensics courtesy of the rampant usage of mobile phones in cyber-attacks, bullying, and criminal deeds. Understanding the distinctions between mobile and computer forensics is crucial for effective investigation and evidence collection.
Differences Between Mobile Forensics and Computer Forensics
Mobile forensics refers to the process that involves the collection and analysis of digital evidence from mobile devices, such as smartphones and tablets. Mobile phones have become complex and sophisticated, providing many features and applications that allow users to do various criminal activities. Though mobile forensics shares similarities with computer forensics, notable differences include device mobility, various operating systems, and the unique challenges posed by smaller form factors (Nnoli et al., 2012). Mobile forensics primarily examines mobile devices to extract and analyze data from the devices that run on iOS, Windows, and Android operating systems. Computer forensics involves investigating traditional computers, monitors, laptops, and information servers that play a role in criminal activities.
Secondly, mobile forensics and computer forensics differ in their operating systems, whereby mobile forensics targets mobile operating systems such as Android, iOS, and Windows. In contrast, computer forensics focuses on a broader range of operating systems, including Windows, Microsoft, macOS, and Linux software. Thirdly, mobile forensics and computer forensics differ based on their storage and memory, whereby mobile forensics analyses internal storage, SIM cards, and external storage (SD cards). In contrast, computer forensics examines the hard drives, optical media, and solid-state drives used in computers (Chernyshev et al., 2017). The last difference is that mobile forensics requires physical access to the device for forensic analysis using techniques such as chip-off and manufacturer-provided information. On the contrary, computer forensics do not necessarily require physical access to a computer since, in the analysis process, the storage devices can be removed and subjected to remote forensic techniques.
Percentage of Attacks on Networks Coming from Mobile Devices
A cyber-attack on a communication network is highly likely to originate from a mobile device and not a computer. Mobile devices now account for over 60 percent of digital frauds and attacks, including phishing attacks, ethical hacking, stealing passwords, identity theft, virus and malware attacks, and money laundering. The high percentages are occasioned by the high usability of mobile devices, even in remote areas, and the need for little digital literacy to operate complex mobile phone software (Sathe & Dongre, 2018). With the high percentages of cybercrimes done using mobile phones, it is not advisable to use them for executing sensitive business transactions such as banking and storing important data.
Challenges to Mobile Forensics
The conduction of mobile forensics is faced with several challenges that make it hectic to complete, such as device diversity, encryption, high volatility of the data, and the rapid evolution of mobile technologies outweighing forensic expertise. The first challenge is encryption and security measures of the mobile device since most modern smartphones use strong encryption to protect user data that cannot be broken or bypassed easily by mobile forensic investigators. For instance, using biometric security features such as fingerprint scanners and facial recognition complicates gaining access to the device’s contents without users’ consent (Afonin & Katalov, 2016).
The second challenge is the prevalence of diverse operating systems and mobile devices with unique architectures and security features that challenge the development of universal forensic tools and techniques to befit each. In addition, cloud storage complicates forensic analysis since many mobile device users store their sensitive data in the cloud, where forensic investigators cannot access and retrieve the data stored on cloud-backed servers. In this case of cloud data storage, the mobile device users can sync, update, manipulate (Chernyshev et al., 2017), and delete the accessed data, which misleads the mobile forensic experts in accurately tracing and storing the obtained evidence.
Furthermore, mobile device technology evolves quickly, and new features, security measures, and file formats are introduced more often, complicating forensic audits. Forensic experts need to be more outsmarted and update their tools and techniques to keep pace with these advancements, which is an uphill task for them (Afonin & Katalov, 2016). In mobile devices, it is possible to fragment the data if a user notes a suspicious activity. Whenever mobile device users successfully delete data and fragmented storage, it is very difficult for mobile forensic experts to reconstruct the compromised data to meet the evidential thresholds (Nnoli et al., 2012). The volatility and live data pose the last challenge of the mobile forensics process because mobile devices are in flux with applications running and data being processed. In such a situation, it is very difficult for forensic experts to capture the live data and preserve evidence accurately for analysis.
Some of Mobile Forensic Tools
Mobile forensics is very difficult because of the grounds discussed above, and it needs some complex and sophisticated tools and techniques to bypass the mobile technologies rolled out. Some of the mobile forensic tools include Cellebrite, XRY software, GrayKey, and Andriller. The Cellebrite is a universal forensic extraction that can extract, decode, and analyze informational data from various mobile devices running on Android, Windows, and iOS application software. The tool can analyze accurately in different operating systems and reads different file formats. The XRY tool is software that provides mobile forensic solutions through its exceptional features to decode and recover data from mobile applications (Jones & Winster, 2017). It can also read and understand different file systems and formats to conceal data from scrutiny. Unlike other mobile forensics tools, it supports physical data extractions.
The other mobile forensic tool is GrayKey, a hardware-based forensic tool that unlocks and extracts data mainly from iOS devices. It is the only hardware tool that can bypass iOS security measures. However, it needs to be outsmarted with time by rolling out new updates and versions of the iOS mobile software and security features. The last mobile forensic tool is the Andriller forensic tool. It allows forensic examiners to extract information from Android devices, relying on enhanced capabilities, such as data extraction techniques that utilize logical and physical extraction.
Differences Between Forensics Analysis of the Ios Versus Android
The mobile forensics in Android and iOS mobile devices should be different because each case has a different design and programming that inhibits customization of a forensic tool befitting the two-application software. The ecosystem and hardware of the two differ much since Apple develops the iOS application while the Android application is developed by Google, making their ecosystems very diverse. Due to this hardware and software diversity, different mobile forensic tools should be deployed for each. Secondly, different forensic tools are needed for iOS and Android mobile phones because of differing development environment where the software applications for iOS is designed using a programming language such as Swift and Objective-C (Sathe & Dongre, 2018). Android phones’ software applications are developed using Java or Kotlin, prompting mobile forensics experts to use a tool that can understand the different X-codes in each for better results.
Conclusion
In summary, mobile forensics is a rampant pursuit by security agencies because of the high occasion of cyber crimes committed using mobile devices. The influx of security breaches originating from mobile devices has outcompeted computer forensics, which was rampant in the recent past before the widespread of mobile devices. Since the mobile devices run on different application software, the mobile forensics investigators have to make different tools that benefit each category. With the fast technological advancements in mobile devices, forensic analysts must use the most recent and sophisticated tools and techniques to bypass the new updates. The mobile forensic process is a very tall order for investigators and security agencies to succeed because of existing challenges compounded by regularly rolling out the latest mobile technologies.
References
Afonin, O., & Katalov, V. (2016). Mobile Forensics–Advanced Investigative Strategies. Packt Publishing Ltd.
Chernyshev, M., Zeadally, S., Baig, Z., & Woodward, A. (2017). Mobile forensics: advances, challenges, and research opportunities. IEEE Security & Privacy, 15(6), 42–51.
Jones, G. M., & Winster, S. G. (2017). Forensics analysis on smartphones using mobile forensics tools. International Journal of Computational Intelligence Research, 13(8), 1859-1869.
Nnoli, H., Lindskog, D., Zavarsky, P., Aghili, S., & Ruhl, R. (2012). The governance of corporate forensics using COBIT, NIST, and increased automated forensic approaches. In 2012 International Conference on Privacy, Security, Risk and Trust and 2012 International Conference on Social Computing (pp. 734-741). IEEE.
Sathe, S. C., & Dongre, N. M. (2018). Data acquisition techniques in mobile forensics. In 2018 2nd International Conference on Inventive Systems and Control (ICISC) (pp. 280–286). IEEE.