Techniques for Bypassing Security Measures

Security measures such as encryption and passcodes and services such as remote wipe can be obstacles to a forensic examination of a mobile device. How does an investigator overcome these obstacles?

The obstacles can be considered in three categories: software-based, hardware-based, and investigative. Some forensic tools may provide a feature to overcome one or more of these challenges, such as bypassing passcodes. However, success may depend on a number of factors, including the version of the hardware, software, and user security configuration settings on the device itself.

Can a device's passcode be obtained via brute force methods or RAM analysis? Before taking any invasive steps, remember that people tend to reuse a password or write it down, so investigation of all physical evidence may reveal a potential password.

What are the risks related to attempting to brute force even a simple password on a mobile device? This could result in the loss of some or all evidence on the device.

Due to privacy concerns, users of mobile devices may also attempt to conceal their activities by using features such as private internet browsing. It is possible to obtain some internet browsing artifacts even if some browsers are set to be private, particularly since not all browsers provide equal privacy for users. Review the references below for a better understanding of how mobile device settings may affect privacy and digital forensics examinations.

References

Ayers, R., Brothers, S., & Jansen, W. (2014). Guidelines on mobile device forensics, revision 1. NIST Special Publication 800-101. National Institute of Standards and Technology. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-101r1.pdf

Noorulla, E. S. (2014). Web browser private mode forensics analysis (Master's thesis). Rochester Institute of Technology RIT Scholar Works. http://scholarworks.rit.edu/cgi/viewcontent.cgi?article=9474&context=theses