Today’s world is becoming more and more mobile every day. In fact, 91% of all people own a mobile device and 56% own some type of smart device. It is no surprise that today there are more mobile devices on the earth than there are people! Equally impressive is that the amount of data we consume is becoming increasingly focused on mobile devices. In fact, according to Pew Research, 55% of all internet traffic in the United States is from a mobile device, which is a first for overall internet traffic.
Mobile data is not just a part of the Big Data world; it is one of the largest contributors. Mobile device data, particularly smart devices, will contribute to approximately 8 zettabytes of data by 2015. To put a zettabyte in perspective, think of 250 billion DVDs containing around 36 million years of HD video. The total data would equal approximately 1 zettabyte.
With these statistics in mind, it would make sense that every digital investigation scenario will contain data from mobile devices. With that being said, collecting and analyzing mobile data is not only vital, but paramount to solving today’s crimes. Mobile device data, combined with data from other big data repositories, like hard drives, network shares, and offline servers paints a much better picture than relying on a single source.
So, what types of mobile device data are most important to investigations? The answer to that is quite simple, everything! From the standard SMS, MMS, Contacts, and Call Logs to the meaty data involving the posting, sharing, commenting, chatting, bashing, liking, favoriting, tweeting, and browsing in social media to the locating, logging and storing files in applications. Factor in that all this data is stored on the device, and not on a network server, with your mobile provider, or your company. Now, multiply the fact that most of today’s communication occurs outside of the normal SMS/MMS via messaging applications, and you realize a mobile forensic solution that can effectively uncover this important data is now a necessity.
A perfect example of this happened recently when I spoke to a group of over 200 forensic examiners. I simply asked them to raise their hands if they had examined a mobile device for an investigation. Immediately hands shot up from over 80% of the attendees. I asked them to continue to leave their hands up if during the last examination of a mobile device they looked at any application data from third party applications on the smart device. Only 5 hands remained up. That is less than 3% of the attendees, which is typical, if not a little high, for the normal educational seminar I conducted. Mobile device hardware, operating systems and applications are advancing at a pace never seen before. Should not our investigative tools and priorities advance as well?
The ability to search and recover mobile data from applications on smart devices is difficult and often limited when using current mobile solutions. Research shows that only 5 to 10% of the entire user data area is examined by typical mobile forensics tools. This leaves 95% of application data unanalyzed, and a lot of times uncollected. The net result shows that most examiners have minimal insight into the mobile application data because of the lack of support of their current tool, the lack of time and the lack of training.