Smartphones Proliferate in Computer Forensics

Two years ago, we began to say in lectures that we had seen a 200% rise in the number of cell phones passing through our forensics lab. Today, we are beginning to say that the increase is more like 500%. And it isn’t primarily standard cell phones – virtually all of the phones are smartphones. 

We’ve checked with others in our industry and they confirm that they are increasingly seeing smartphones as a source of electronic evidence. In particular, deleted e-mails and deleted text messages seem to be in play. It often seems that evidence which is missing from workstations and servers seems to be preserved on smartphones.

The question we are always asked when lecturing is: Which is the most secure smartphone? We must admit, that’s a softball. It is without doubt the BlackBerry. Hence, the consternation in India, Saudi Arabia and the United Arab Emirates, which have promised to ban the use of certain BlackBerry features within their borders. The UAE’s telecommunications regulator has said that travelers to the city-state of Dubai and the important oil industry center of Abu Dhabi will – like 500,000 local subscribers – have to do without BlackBerry e-mail, messaging and Web services starting October 11th, even when they carry phones issued in other countries. The handsets themselves will still be allowed to make phone calls.

UAE authorities say the move is based on security concerns because BlackBerry transmissions are automatically routed to company computers abroad, where it is difficult for local authorities to monitor for illegal activity or abuse. The truth, to no one’s surprise, is that governments which try to control communications content hate the BlackBerry’s very secure system. We can tell you that we generally find very little data on the BlackBerrys which go through our forensics lab. In addition, a BlackBerry device is typically configured to encrypt stored and transmitted information. Obviously, this makes “Big Brother” a little upset.

This is a far cry from the data-rich iPhone – there is always applause when iPhones arrive in our lab. And yes, there is a wealth of deleted data there as well. Somewhere in the middle are most of the others, including the Droids and the Windows Mobile smartphones.

So why have smartphones proliferated so dramatically in computer forensics labs?

As a society, we seem increasingly to regard our cell phones as an appendage of our bodies. To confirm our addiction to our phones, Nielsen recently conducted a study which offers some interesting stats. They studied the monthly phone bills of 60,000 U.S. customers and here’s what they came up with:

Women spend 22% more time chatting on their phones than men, spending an average of 856 minutes on the phone monthly compared to 667 minutes for men.

Women also text more, sending or receiving an average of 601 texts per month – the number was 447 for men.

Black, Hispanic and Asian users text more than white users – no explanation why was given.

It comes as no surprise to anyone that teenagers are obsessive texters, texting a mind and thumb-numbing 2,779 texts per month.

Texting has been a boon to computer forensics, supplementing the gold nuggets so often found in e-mail. Divorce cases most often involve cell phones in our shop, closely followed by theft of proprietary data cases. And as the teens grow up, we can only imagine that the volume of this kind of electronic evidence will increase dramatically. Being in the business we’re in, we are not adverse to that thought.

Comments are closed.