SlideShare a Scribd company logo

MobileDeviceForensics11_ENFSC_2008-2.ppt

Download as PPT, PDF
J
jadavDinesh3

This document outlines the Computer Forensics Tool Testing (CFTT) program, which ensures that tools used for mobile device forensic investigations yield valid results. It describes the testing methodology, tool validation process, and the collaboration with law enforcement agencies to enhance mobile forensics tools. The document also emphasizes the importance of adapting forensic tools to keep pace with the rapid evolution of mobile devices.

Technology
1 of 26
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
Mobile Device Forensics - Tool Testing Richard Ayers
Disclaimer Certain commercial entities, equipment, or materials may be identified in this presentation in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose.
Agenda • Introduction • Motivation • CFTT Tool Validation • CFTT Testing Methodology • Test Findings • Conclusions
Introduction • Mobile devices are an evolving form of computing, used widely for personal and organizational purposes • These compact devices are useful in managing information, such as contact details and appointments, and corresponding electronically • Over time, they accumulate a sizeable amount of information about the owner • When involved in crimes or other incidents, proper tools and techniques are needed to recover evidence from such devices and their associated media
Motivation • AT&T rolled out the first cellular network in 1977 for 2,000 people in Chicago, with phones the size and weight of a brick • Approximately 2 billion mobile phones are in the world today – 2 times the number of personal computers • 1.1 billion handsets were sold in 2007 • Gartner estimates that about 1.9 trillion text messages were sent in 2007 and 2008 predictions reach the 2.3 trillion mark.
CFTT Overview • CFTT – Computer Forensics Tool Testing Program provides a measure of assurance that the tools used in the investigations of computer-related crimes produce valid results. • Directed by a steering committee composed of representatives of the law enforcement community. • The steering committee selects tool categories for investigation and testing by CFTT staff. A vendor may request testing of a tool, however the steering committee makes the decision about which tools to test. • CFTT is a joint project of: NIJ, OLES, FBI, DoD, Secret Service and other agencies.
Tool Validation • Tool validation results issued by the CFTT project at NIST provide information necessary for: – Toolmakers to improve tools – Users to make informed choices about acquiring and using computer forensic tools – And for interested parties to understand the tools capabilities
Developing Test Specifications • Specification development process: – NIST and law enforcement staff develops requirements, assertions and test case documents (called the tool category specification). – Initial documents are posted on the CFTT site for peer review by members of the computer forensics community and for public comment by other interested parties. – Relevant comments and feedback are incorporated into the specification.
CFTT Testing Process - Overview • After the specification has been written and a tool selected, the test process is as follows: – NIST acquires the tool to be tested. – NIST reviews the tool documentation. – NIST selects relevant test cases depending on features supported by the tool. – NIST develops test strategy. – NIST executes tests – NIST produces test report. – Steering Committee reviews test report. – Vendor reviews test report. – NIJ posts test report to web.
CFTT Methodology • Test Specification - Requirements • Test Plan – Test Cases and Assertions • Setup and Test Procedures • Software / Scripts • Final Test Results
Requirements • Requirements – Statements used to derive test cases that define expectations of tool or applications. – Core Requirements – Requirements that all mobile device acquisition tools shall meet. – Optional Requirements - Requirements that all mobile device tools shall meet on the condition that specified features or options are offered by the tool.
Core Requirements - Examples Internal Memory • Device Recognition – Cable, Bluetooth, IrDA • Non-Supported Devices – Error message • Connectivity Errors • Report Generation – GUI, Report • Logical Acquisition – Tool supported data objects SIM • Media Recognition – PC/SC, proprietary reader • Non-Supported SIMs – Error message • Connectivity Errors • PIN • Report Generation – GUI, Report • Logical Acquisition – Tool supported data objects
Optional Requirements - Examples Internal Memory / SIM Acquisition • Data Presentation – GUI, Report • Case Data Protection • Physical Acquisition • Access Card Creation • Log File Generation • Foreign Language • Remaining Number of PIN/PUK attempts • Stand-alone Acquisition • Hashing – Overall Case File, Individual Acquired Files
Test Plan • Test Cases – Derived from requirements, describe the combination of test parameters required to test each assertion. – Core – Optional • Assertions – General statements or conditions that can be checked after a test is executed. – Core – Optional
Requirements -> Test Case: Example • Requirement: – CFT-IM-05: A cellular forensic tool shall have the ability to logically acquire all application supported data elements present in internal memory without modification. • Derives Test Cases: – CFT-IM-05: Acquire mobile device internal memory and review reported subscriber and equipment related information. – CFT-IM-06: Acquire mobile device internal memory and review reported PIM related data. – CFT-IM-07: …incoming/outgoing call logs… – CFT-IM-08: …text messsages… – CFT-IM-09: …MMS messages… – CFT-IM-10: …stand-alone files (i.e., audio, graphics, video)…
Test Case -> Assertions: Example • Test Case: – CFT-IM-06: Acquire mobile device internal memory and review reported PIM related data • => Assertions: – A_IM-07: If a cellular forensic tool successfully completes acquisition of the target device then all known address book entries shall be presented in a human-readable format without modification. – A_IM-08: …maximum length address book entries… – A_IM-09: …special character address book entries… – A_IM-10: …blank name address book entries… – A_IM-11: …address book entries containing email addresses… – A_IM-12: …address book entries containing an associated graphic… – A_IM-13: …datebook/calendar entries… – A_IM-14: …maximum length datebook/calendar entries…
Setup and Test Procedures • Objective: Documentation on data population of target media and test procedures providing third parties with information for an independent evaluation of the process or independent replication of posted test results. • Contents: – Software used for data population: application name, package, function – Media Setup: Type of media, procedures used to populate and source dataset – Test Case Execution Procedure – Description and execution procedure of each individual test case – Overview of software tested and procedures used
Scripts and Macros • Scripts and Macros – Customized scripts are written providing the ability to: • Categorize and store collected data from individual test cases per tool • Document the outcome of individual test cases with precision • Store data collected from individual test cases in a secure manner • Format data output – Customized macros provide: • Cosmetically consistent output with embedded test results.
Mobile Forensic - CFTT Documents • Mobile Device Imaging Specs – Requirements: • GSM Mobile Device and Associated Media Tool Specification • Non-GSM Mobile Device Tool Specification – Test Plan: • GSM Mobile Device and Associated Media Tool Specification and Test Plan • Non-GSM Mobile Device Tool Specification and Test Plan • Test Setup Documents – Setup and Test Procedures: • GSM Mobile Devices and Associated Media Tool Setup and Test Procedures • Test Reports – Tool Test Reports: Check URL below for updates… http://www.cftt.nist.gov/mobile_devices.htm
Mobile Forensic - CFTT • Mobile Forensic Application Anomalies – Tool Type: Applications capable of acquiring data from GSM Devices and Subscriber Identity Modules (SIMs) – Overview of Results… • Four Tools
GSM Formal Testing - Findings • Proper reporting of ADNs – Maximum length – ADNs containing special characters i.e. ‘@’ • Unicode support – Proper reporting of foreign language address book entries and text messages • EMS Messages – Tools not capturing data past the 160th character • Proper reporting of MMS attachments – Audio – Video – Images
GSM Formal Testing - Findings • PIM data – Maximum length Notes • Deleted Data Recovery – Non-overwritten text messages present on the SIM • Data report inconsistencies – GUI versus generated report • LOCI Data – Incorrect reporting of the LAI • MCC • MNC • LAC
CFTT Overview - RECAP • Steering committee selects a tool to be tested • Tool Specification (Requirements) is produced and reviewed before finalized • Test Plan (Test Cases and Assertions) is produced and reviewed before finalized • Tool Setup and Test Procedures document is produced and checked for consistency during informal testing • Test cases are executed • Final Test Report is produced and reviewed by the steering committee, vendor then posted by NIJ.
Conclusions • Mobile devices continue to evolve in storage capacity, processing power and Internet capabilities • Market research has shown that mobile devices out number PCs 2-1. • Manufacturers must evolve forensic applications at a rate that provides examiners with solutions to acquire newly released devices in addition to older devices. • Therefore, maintaining quality control and validating tool functionality for mobile device forensic applications is paramount for proper data acquisition and reporting.
Sponsor Information Supporting Organizations Office of Law Enforcement and Standards (OLES) National Institute of Justice (NIJ) & Other Law Enforcement Organizations Contact: Susan Ballou susan.ballou@nist.gov
Thank You! Contact Information: Rick Ayers richard.ayers@nist.gov • http://www.cftt.nist.gov • http://www.cftt.nist.gov/mobile_devices.htm • http://csrc.nist.gov/mobiledevices/projects.html

More Related Content

PDF
MobileForensicsbyFayMahdi
Fay M.
 
PDF
Cell Phone and Mobile Devices Forensics
ArthyR3
 
PPT
Digital forensics Computer and mobile forensic
SyedaHira10
 
PPTX
Lect 6 computer forensics
Kabul Education University
 
PPT
Digital Forensic Tools - Application Specific.
guestcf6f5b
 
PPT
Digital Forensic tools - Application Specific
ideaflashed
 
PPTX
Why cant all_data_be_the_same
Skyler Lewis
 
PDF
Current Forensic Tools
Jyothishmathi Institute of Technology and Science Karimnagar
 
MobileForensicsbyFayMahdi
Fay M.
 
Cell Phone and Mobile Devices Forensics
ArthyR3
 
Digital forensics Computer and mobile forensic
SyedaHira10
 
Lect 6 computer forensics
Kabul Education University
 
Digital Forensic Tools - Application Specific.
guestcf6f5b
 
Digital Forensic tools - Application Specific
ideaflashed
 
Why cant all_data_be_the_same
Skyler Lewis
 
Current Forensic Tools
Jyothishmathi Institute of Technology and Science Karimnagar
 

Similar to MobileDeviceForensics11_ENFSC_2008-2.ppt (20)

PDF
Preparing Testimony about Cellebrite UFED In a Daubert or Frye Hearing
Cellebrite
 
PPTX
Mobile_Forensics- General Introduction & Software.pptx
gouriuplenchwar63
 
PDF
File000093
Desmond Devendran
 
PPT
Cell Phone and Mobile Devices Forensics.ppt
ChSamson2
 
PDF
digital forensic examination of mobile phone data
INFOGAIN PUBLICATION
 
PDF
Conceptual Study of Mobile Forensics
ijtsrd
 
PPTX
Mobile Forensics and Investigation Android Forensics
Don Caeiro
 
PDF
Ijmet 10 01_095
IAEME Publication
 
PDF
Forensic Examinations of Mobile Phones (iPhone Forensics)
reagentom
 
PPTX
Network Forensics- Social Media Forensics
Don Caeiro
 
PDF
Carney Forensics: Digital Forensic Experts
John J. Carney, Esq.
 
PDF
Digital forensics track schroader-rob when forensics collide
ISSA LA
 
PPT
1234567NeFX-10-lyle-CFTT-test-strategy.ppt
ijaz342
 
PPTX
Digital Forensics by William C. Barker (NIST)
AltheimPrivacy
 
PPTX
Mobile Forensics
primeteacher32
 
PPTX
811719104102_Tamilmannavan S.pptx
DEVIKAS92
 
PPTX
Mobile Phone Seizure Guide by Raghu Khimani
Dr Raghu Khimani
 
PDF
New research directions in the area of
IJCNCJournal
 
PDF
Cell Phone Forensics Research
Houston Rickard
 
PPT
Cell Phone and Mobile Devices Forensics.ppt
mcjaya2024
 
Preparing Testimony about Cellebrite UFED In a Daubert or Frye Hearing
Cellebrite
 
Mobile_Forensics- General Introduction & Software.pptx
gouriuplenchwar63
 
File000093
Desmond Devendran
 
Cell Phone and Mobile Devices Forensics.ppt
ChSamson2
 
digital forensic examination of mobile phone data
INFOGAIN PUBLICATION
 
Conceptual Study of Mobile Forensics
ijtsrd
 
Mobile Forensics and Investigation Android Forensics
Don Caeiro
 
Ijmet 10 01_095
IAEME Publication
 
Forensic Examinations of Mobile Phones (iPhone Forensics)
reagentom
 
Network Forensics- Social Media Forensics
Don Caeiro
 
Carney Forensics: Digital Forensic Experts
John J. Carney, Esq.
 
Digital forensics track schroader-rob when forensics collide
ISSA LA
 
1234567NeFX-10-lyle-CFTT-test-strategy.ppt
ijaz342
 
Digital Forensics by William C. Barker (NIST)
AltheimPrivacy
 
Mobile Forensics
primeteacher32
 
811719104102_Tamilmannavan S.pptx
DEVIKAS92
 
Mobile Phone Seizure Guide by Raghu Khimani
Dr Raghu Khimani
 
New research directions in the area of
IJCNCJournal
 
Cell Phone Forensics Research
Houston Rickard
 
Cell Phone and Mobile Devices Forensics.ppt
mcjaya2024
 
Ad

More from jadavDinesh3 (6)

PPTX
unit-1key fetures of linux of destubtions.pptx
jadavDinesh3
 
PPTX
Cosmos Bank Cyber Attack12345678910.pptx
jadavDinesh3
 
PPTX
Cosmos Bank Cyber Attack12345678910.pptx
jadavDinesh3
 
PPTX
Cosmos Bank Cyber Attack12345678910.pptx
jadavDinesh3
 
PDF
LFS all in one123456789012334455678 .pdf
jadavDinesh3
 
PPT
MobileDeviceForensics_ENFSC_2008-212.ppt
jadavDinesh3
 
unit-1key fetures of linux of destubtions.pptx
jadavDinesh3
 
Cosmos Bank Cyber Attack12345678910.pptx
jadavDinesh3
 
Cosmos Bank Cyber Attack12345678910.pptx
jadavDinesh3
 
Cosmos Bank Cyber Attack12345678910.pptx
jadavDinesh3
 
LFS all in one123456789012334455678 .pdf
jadavDinesh3
 
MobileDeviceForensics_ENFSC_2008-212.ppt
jadavDinesh3
 
Ad

Recently uploaded (20)

PDF
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PPTX
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PDF
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
PDF
August Patch Tuesday
Ivanti
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PPTX
Chapter 5: Probability Theory and Statistics
RandyFin
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PPTX
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
PPTX
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
PDF
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PDF
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
August Patch Tuesday
Ivanti
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Chapter 5: Probability Theory and Statistics
RandyFin
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
Encapsulation theory and applications.pdf
gurumoop
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
Approach and Philosophy of On baking technology
30anthuong17
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 

MobileDeviceForensics11_ENFSC_2008-2.ppt

  • 1. Mobile Device Forensics - Tool Testing Richard Ayers
  • 2. Disclaimer Certain commercial entities, equipment, or materials may be identified in this presentation in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose.
  • 3. Agenda • Introduction • Motivation • CFTT Tool Validation • CFTT Testing Methodology • Test Findings • Conclusions
  • 4. Introduction • Mobile devices are an evolving form of computing, used widely for personal and organizational purposes • These compact devices are useful in managing information, such as contact details and appointments, and corresponding electronically • Over time, they accumulate a sizeable amount of information about the owner • When involved in crimes or other incidents, proper tools and techniques are needed to recover evidence from such devices and their associated media
  • 5. Motivation • AT&T rolled out the first cellular network in 1977 for 2,000 people in Chicago, with phones the size and weight of a brick • Approximately 2 billion mobile phones are in the world today – 2 times the number of personal computers • 1.1 billion handsets were sold in 2007 • Gartner estimates that about 1.9 trillion text messages were sent in 2007 and 2008 predictions reach the 2.3 trillion mark.
  • 6. CFTT Overview • CFTT – Computer Forensics Tool Testing Program provides a measure of assurance that the tools used in the investigations of computer-related crimes produce valid results. • Directed by a steering committee composed of representatives of the law enforcement community. • The steering committee selects tool categories for investigation and testing by CFTT staff. A vendor may request testing of a tool, however the steering committee makes the decision about which tools to test. • CFTT is a joint project of: NIJ, OLES, FBI, DoD, Secret Service and other agencies.
  • 7. Tool Validation • Tool validation results issued by the CFTT project at NIST provide information necessary for: – Toolmakers to improve tools – Users to make informed choices about acquiring and using computer forensic tools – And for interested parties to understand the tools capabilities
  • 8. Developing Test Specifications • Specification development process: – NIST and law enforcement staff develops requirements, assertions and test case documents (called the tool category specification). – Initial documents are posted on the CFTT site for peer review by members of the computer forensics community and for public comment by other interested parties. – Relevant comments and feedback are incorporated into the specification.
  • 9. CFTT Testing Process - Overview • After the specification has been written and a tool selected, the test process is as follows: – NIST acquires the tool to be tested. – NIST reviews the tool documentation. – NIST selects relevant test cases depending on features supported by the tool. – NIST develops test strategy. – NIST executes tests – NIST produces test report. – Steering Committee reviews test report. – Vendor reviews test report. – NIJ posts test report to web.
  • 10. CFTT Methodology • Test Specification - Requirements • Test Plan – Test Cases and Assertions • Setup and Test Procedures • Software / Scripts • Final Test Results
  • 11. Requirements • Requirements – Statements used to derive test cases that define expectations of tool or applications. – Core Requirements – Requirements that all mobile device acquisition tools shall meet. – Optional Requirements - Requirements that all mobile device tools shall meet on the condition that specified features or options are offered by the tool.
  • 12. Core Requirements - Examples Internal Memory • Device Recognition – Cable, Bluetooth, IrDA • Non-Supported Devices – Error message • Connectivity Errors • Report Generation – GUI, Report • Logical Acquisition – Tool supported data objects SIM • Media Recognition – PC/SC, proprietary reader • Non-Supported SIMs – Error message • Connectivity Errors • PIN • Report Generation – GUI, Report • Logical Acquisition – Tool supported data objects
  • 13. Optional Requirements - Examples Internal Memory / SIM Acquisition • Data Presentation – GUI, Report • Case Data Protection • Physical Acquisition • Access Card Creation • Log File Generation • Foreign Language • Remaining Number of PIN/PUK attempts • Stand-alone Acquisition • Hashing – Overall Case File, Individual Acquired Files
  • 14. Test Plan • Test Cases – Derived from requirements, describe the combination of test parameters required to test each assertion. – Core – Optional • Assertions – General statements or conditions that can be checked after a test is executed. – Core – Optional
  • 15. Requirements -> Test Case: Example • Requirement: – CFT-IM-05: A cellular forensic tool shall have the ability to logically acquire all application supported data elements present in internal memory without modification. • Derives Test Cases: – CFT-IM-05: Acquire mobile device internal memory and review reported subscriber and equipment related information. – CFT-IM-06: Acquire mobile device internal memory and review reported PIM related data. – CFT-IM-07: …incoming/outgoing call logs… – CFT-IM-08: …text messsages… – CFT-IM-09: …MMS messages… – CFT-IM-10: …stand-alone files (i.e., audio, graphics, video)…
  • 16. Test Case -> Assertions: Example • Test Case: – CFT-IM-06: Acquire mobile device internal memory and review reported PIM related data • => Assertions: – A_IM-07: If a cellular forensic tool successfully completes acquisition of the target device then all known address book entries shall be presented in a human-readable format without modification. – A_IM-08: …maximum length address book entries… – A_IM-09: …special character address book entries… – A_IM-10: …blank name address book entries… – A_IM-11: …address book entries containing email addresses… – A_IM-12: …address book entries containing an associated graphic… – A_IM-13: …datebook/calendar entries… – A_IM-14: …maximum length datebook/calendar entries…
  • 17. Setup and Test Procedures • Objective: Documentation on data population of target media and test procedures providing third parties with information for an independent evaluation of the process or independent replication of posted test results. • Contents: – Software used for data population: application name, package, function – Media Setup: Type of media, procedures used to populate and source dataset – Test Case Execution Procedure – Description and execution procedure of each individual test case – Overview of software tested and procedures used
  • 18. Scripts and Macros • Scripts and Macros – Customized scripts are written providing the ability to: • Categorize and store collected data from individual test cases per tool • Document the outcome of individual test cases with precision • Store data collected from individual test cases in a secure manner • Format data output – Customized macros provide: • Cosmetically consistent output with embedded test results.
  • 19. Mobile Forensic - CFTT Documents • Mobile Device Imaging Specs – Requirements: • GSM Mobile Device and Associated Media Tool Specification • Non-GSM Mobile Device Tool Specification – Test Plan: • GSM Mobile Device and Associated Media Tool Specification and Test Plan • Non-GSM Mobile Device Tool Specification and Test Plan • Test Setup Documents – Setup and Test Procedures: • GSM Mobile Devices and Associated Media Tool Setup and Test Procedures • Test Reports – Tool Test Reports: Check URL below for updates… http://www.cftt.nist.gov/mobile_devices.htm
  • 20. Mobile Forensic - CFTT • Mobile Forensic Application Anomalies – Tool Type: Applications capable of acquiring data from GSM Devices and Subscriber Identity Modules (SIMs) – Overview of Results… • Four Tools
  • 21. GSM Formal Testing - Findings • Proper reporting of ADNs – Maximum length – ADNs containing special characters i.e. ‘@’ • Unicode support – Proper reporting of foreign language address book entries and text messages • EMS Messages – Tools not capturing data past the 160th character • Proper reporting of MMS attachments – Audio – Video – Images
  • 22. GSM Formal Testing - Findings • PIM data – Maximum length Notes • Deleted Data Recovery – Non-overwritten text messages present on the SIM • Data report inconsistencies – GUI versus generated report • LOCI Data – Incorrect reporting of the LAI • MCC • MNC • LAC
  • 23. CFTT Overview - RECAP • Steering committee selects a tool to be tested • Tool Specification (Requirements) is produced and reviewed before finalized • Test Plan (Test Cases and Assertions) is produced and reviewed before finalized • Tool Setup and Test Procedures document is produced and checked for consistency during informal testing • Test cases are executed • Final Test Report is produced and reviewed by the steering committee, vendor then posted by NIJ.
  • 24. Conclusions • Mobile devices continue to evolve in storage capacity, processing power and Internet capabilities • Market research has shown that mobile devices out number PCs 2-1. • Manufacturers must evolve forensic applications at a rate that provides examiners with solutions to acquire newly released devices in addition to older devices. • Therefore, maintaining quality control and validating tool functionality for mobile device forensic applications is paramount for proper data acquisition and reporting.
  • 25. Sponsor Information Supporting Organizations Office of Law Enforcement and Standards (OLES) National Institute of Justice (NIJ) & Other Law Enforcement Organizations Contact: Susan Ballou susan.ballou@nist.gov
  • 26. Thank You! Contact Information: Rick Ayers richard.ayers@nist.gov • http://www.cftt.nist.gov • http://www.cftt.nist.gov/mobile_devices.htm • http://csrc.nist.gov/mobiledevices/projects.html