Mobile Incident Response and Investigations IT Research Paper

Mobile Incident Response and Investigations

“Another mobile...that’s all we’re seeing these days! We’re spending a fortune sending these

out for analysis. We need to get our folks up to speed on handling them!”

“Listen, this is what we picked up last night on 34th. Frankly, the last time our investigators did

a mobile analysis, it didn’t go so well. You’ve had a lot of experience with mobile

forensics...how about jotting down some pointers for us?”

The Sheriff has asked for a white paper on mobile forensics. As lead investigator, you are most

qualified to address the subject. You get the four major topics down on paper and begin.

The mobile platform is experiencing explosive growth, and with that growth comes cyber-incident analysis and response challenges. There are several thousand types of mobile devices, with many types of interfaces, operating systems, and connectivity options. This type of environment has many implications for the incident responder. The number of devices makes it impossible to be well versed in each one, complicating analyses. The sheer number of devices also creates a massive expense simply trying to stay abreast of the major players in the market space. Complicating this further is that mobile devices can be the target of a security incident, but mobile devices can also prove to be an elusive means to coordinate, support, or execute an attack. The nature of mobile devices presents other challenges as well, including the ability to remotely access devices and the ability to remotely wipe out evidence, an evidence destruction process that can occur rapidly in a flash memory environment.

Mobile forensics is an increasingly complex environment for investigators because of the rapid rate of innovation and adoption of new technologies, applications, and hardware. Smartphones are being used in so many different ways that they have become a central focus in digital forensic investigations. The mobile platform is a forensic challenge because of the number of third-party applications found on many devices and the rapidly evolving security measures employed by device manufacturers and application developers.

In this project, you will write a 13-page White Paper that describes the current state of mobile incident response and investigation. The context is that as a forensic investigator, you are providing an objective overview of mobile technology and digital forensics and incident response capabilities for a law enforcement unit that has limited experience and capability with mobile forensics.

Your White Paper will describe mobile investigative challenges and the techniques and technologies available to perform mobile forensic examinations. You will also provide your perspective on the future of mobile forensics -- the biggest threat to mobile forensics in years to come, and the biggest opportunity for investigators of mobile cybercrime. The most successful papers will include references to resources outside of the classroom.

There are six steps in this project. Each step focuses on one required element of the White Paper to be submitted at the end of this project. In Step 1, you will provide an overview of mobile technologies and cellular networks. Are you ready to get started?

When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission.

1.3: Provide sufficient, correctly cited support that substantiates the writer’s ideas.

1.5: Use sentence structure appropriate to the task, message, and audience.

1.6: Follow conventions of Standard Written English.

1.7: Create neat and professional-looking documents appropriate for the project or presentation.

2.1: Identity and clearly explain the issue, question, or problem under critical consideration.

10.1: Demonstrate best practices in organizing a digital forensic investigation.

11.1: Perform report creation, affidavit creation, and preparation to testify.

11.2: Demonstrate the ability to investigate Mobile Technology.



Step 1. Mobile Technology Overview.

You're ready to begin writing your White Paper. The Sheriff has stated that the first section should be an overview of how cellular networks operate. You decide to tackle the topics of how mobile phones communicate with cell sites, cellular to cellular communication, mobile switching centers, and the base switching subsystem. You also want to cover the technology of mobile networks, including form factors, smart devices, and other wireless technologies.

Submit the results of your research (3-5 pages) to the Sheriff (your instructor) for review and ungraded feedback. Incorporate any suggested changes. Your overview will serve as the introduction to the 13-21 page White Paper that you submit upon completion of this project (Step 6).

Mobile technologies are constantly changing and your department needs to keep up so you decide to address trends in mobile technology in the next section of your paper.



Step 2: Trends in Mobile Technology.

With the overview drafted, you now need to describe trends in mobile technology. For this step, you decide to address handset transmission types and mobile operating systems, as well as challenges and threats represented by mobile technology. The "Trends" section would not be complete without addressing the latest in embedded device forensics. Once you have developed the trends in the mobile technology section, you are ready to move on to considerations for the forensic handling of mobile devices.

Review this 3-5 page section of your paper for accuracy and completeness; it will serve as the second section of your final White Paper (Step 6).



Step 3: Laws, Regulations, and the Forensic Handling of Mobile Devices.

After detailing trends in mobile technology, your next step is to discuss laws and regulations governing the search and seizure of mobile devices, as well as the mobile device forensics process, including considerations for handling, investigative techniques, mobile forensic tools, and location of evidence. These subjects are important because mobile devices present unique challenges when it comes to handling and analysis, and court cases are won or lost based on the arresting officer’s understanding of legal technicalities. Upon completion of this section, you will be ready to move on to the next section of your paper: forensic tools and investigative techniques.

Review this 3-5 page section of your paper for accuracy and completeness; it will serve as the third section of your final White Paper (Step 6).



Step 4: Analysis and Presentation of Forensic Information.

You have discussed your research on laws, regulations, and forensic handling. You are now ready to create the fourth section of your White Paper where you describe the analysis and presentation of forensic information. Based on your training, you know you will need to include file system analysis, techniques for working through security measures, and third-party applications in this section. Also, you will address data carving, file system, and compound file analysis and the presentation of a case report.

Review this 3-5 page section of your paper for accuracy and completeness; it will serve as the fourth section of your final White Paper (Step 6).



Step 5: Biggest threat, most promising technology in mobile forensics.

In the previous four steps, you have reported on a variety of topics relating to mobile forensics. You have read and reported on technologies, trends, laws and regulations, handling, and analysis of mobile data. For the final section of your paper, the Sheriff has asked for your perspective on the biggest threat posed by cyber-criminals using mobile technology in the coming years, and a technology that shows promises a solution. Reflect on your in-class and outside readings, as well as your personal and professional experience, to respond to these questions. There are no right or wrong answers, but please provide references for your observations. You will be attaching this 1-page section to the White Paper that you submit in the final step of this project.



Step 6: Submit Completed White Paper: Mobile Incident Response and Investigations.

You have collected the information needed to inform your department's future decisions regarding mobile forensics. In this step, you will combine the five sections that you’ve written into a single, cohesive White Paper. Your 13-page paper should be double-spaced, excluding images and references. Please use a 12-point font and APA format. Submit your paper to TurnItIn before submission.



Include the following five sections:



1) Overview of mobile technology, including network operations and mobile technologies



2) Description of trends in mobile technology, including handset transmission types and embedded device forensics, as well as operating systems, applications, and challenges and threats to forensic investigations



3) Laws, regulations, and considerations for the forensic handling of mobile devices



4) Analysis and presentation of forensic information including file system analysis, techniques for working through security measures, third-party applications, and other forms of mobile data analysis



5) A personal perspective on the greatest biggest threat and greatest opportunity most promising technology in mobile forensics, based on in-class and outside readings, as well as personal/professional experience

Upon completion of Steps 1-5, submit your 15 pages, completed White Paper on Mobile Incident Response and Investigations to the Sheriff (your instructor) for evaluation.

Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them into your work.

1.3: Provide sufficient, correctly cited support that substantiates the writer’s ideas.

1.5: Use sentence structure appropriate to the task, message, and audience.

1.6: Follow conventions of Standard Written English.

1.7: Create neat and professional-looking documents appropriate for the project or presentation.

2.1: Identity and clearly explain the issue, question, or problem under critical consideration.

10.1: Demonstrate best practices in organizing a digital forensic investigation.

11.1: Perform report creation, affidavit creation, and preparation to testify.

11.2: Demonstrate the ability to investigate Mobile Technology.



Note:

1. Clearly stating your paper’s direction is critical. Make sure you have a thesis for your papers. Every paper must have a clear thesis statement in the introductory paragraph. Your thesis statement should alert the reader of what you plan to write or argue for. You are welcome to run thesis statements by your professor before ensure you are on the right track.

2. Just as the thesis is important, you want to make sure that each body paragraph in a paper relates to that thesis so that the paragraphs have focus. Thus, every paragraph must start with a topic sentence in your own words. The topic sentence is like a mini-thesis, relating to the main thesis, and will be the focus of that paragraph. You will not want your paragraphs, for instance, to start with author information.

3. Every paragraph in a paper will be a minimum of three sentences and will have an analysis of each idea. The analysis is critical for showing that you both understand and can apply the concepts, concurrently with your ideas. You want your ideas to be foremost in each paragraph.

4. Void first/second person is your writing. Please use the third person.

5. Avoid contractions such as "don't" or "isn't". Avoid unfocused words like “it” and “they”, spelling errors, grammatical errors, and punctuation errors. All papers are expected to be spell-checked and are expected to use appropriate English writing techniques.

6. Time of deliverable is very important in the paper as well as in text-citation, intext citation must match references.