Thursday, July 28, 2011

M2M Crime

M2M Crime

In the last discussion (mobile-markets) a reference was made to M2M (machine-to-machine) market stats. Yesterday's article from 'pcworld' about hackers using mobile communications for war texting to unlock car doors (war_texting) should provide useful material to study about M2M for MTEB Students to identify 'potential' crime activity and where evidence maybe generated. Send your finalised report (pdf), for marking, by email please.

Saturday, July 23, 2011

Mobile Markets: Nokia 'Mobile Man'...it tells of a story

Mobile Markets: Nokia 'Mobile Man'...it tells of a story

This excellent construction, made up entirely of mobile phones, is Nokia's collaborative project with Beijing postal service to encourage recycling of mobile phones that can be handed in at post offices, according to the news article at news.cnet.com.   


It's great to see projects like, which tend to draw promotions using creative and talented ideas demonstrating the evolving and transforming world of mobile phones and its market places. Back in 2007 I posted on another creative work cellphone-transformer, which, yet again, shows a design that captures the imagination displaying the versatile uses to which a mobile phone might be put.

The business and ecomonic philosophy that resides behind these creative images equally tells of a story of growth and success. If recycling is happening then, perhaps, that is as a likely consequence of mobile ubiquity taking hold. That is a nice statement, but can I back it up?  I don't have my finger on every financial and market research pulse, but, apart from anecdotal references, there are various stats out there from the market research firms. Indeed, back in 2008 I blogged (staggering-figures-for-mobile-phone) on the state of the mobile data market when the economic downturn (which appears to have started in 2007 so we are led to believe) had got a firmer grip on global markets. In 2010 the stats still showed extraordinary figures (text.it), although the exact detail where all this activity occurs to generate such figures may not be obvious. It may be compelling to want to know how many consumers send text and mms messages (see OFCOM website for stats), but that is not the full picture. There are the other data markets in business to consider, such as the M2M market place (winwin) and comments by industry pundits on the mobile payments market (cellular-news).

It is useful to see how industry people collate information and bring amassed facts together in order to express their views and vision on what all the facts mean to them in aggregrate. An example of this can be seen in Tomi Ahonen's enthusiastic commentary found in Insiders Guide To Mobile (lulu) with references to trillion dollar market, over 4 billion users and the segmented factors when drawn together identified to him what is forecast for mobile. A view of one segment of the mobile phone market, apps, is simply a further illustration of information to be sourced to underpin market trends (windows-phone-apps-reach-new-market), another is sales and market penetration, such as Apple's iPhone outrageously outstanding sales growth.

If I removed from the context of the above commentary discussion about modern technology, and simply focussed on what an image might communicate, I could have been talking about social, cultural and economic life that might have been depicted by way of an 18th/19th century painting (irrespective of whether the painting is by an impressionist or not). Whilst the image above may not be an old master piece, the image still has a story to explicitly convey and that, in forensic terms, requires understanding all or part of any implicit subtext the image can also communicate.

My forensic skills, acquired over the years, meant that my reaction to seeing this image (even though photo/art imagery is not my subject), was to look at it as evidence and then set out to see what I could deduce from there. In reality we do this everyday in our work. We see a SIM card. We then want to know what it is and what is inside. In order to know what we are dealing with we need to know how it works and what can be held inside and whether all or part thereof can be revealed. Moreover, we need to know what amounts to 'conformance' and within that framework which conforming element is 'mandatory' and which is 'optional'. Once we have that background we can then begin to understand what is 'non-conforming' and/or 'unusual'. This path can equally be taken when dealing with mobile phones and RF investigations.

In conclusion, the subtext of this discussion can be revealed. However mobile phones maybe presented to the world, it is our job in forensics not to change that messsage, but to break down the presentation into its various building block elements in order that we know how each piece works and then how the pieces fit together and work and cooperate together.  This is because a true forensic standard requires of the individual to obtain knowledge by way of commentary, appropriate training, standards, specs and investigation, that includes examination and testing (trial and error), which is one side of the coin. The other side of this coin is knowing what the 'thing' in its final state is intended to do, which requiries understanding of the market place it which the 'thing' is to be adopted.  Using skills and techniques like these provide for a rich source of experience, too. Essentially, learning to bring all the pieces that are needed into play and being able to demonstrate that identifies the forensic examiner working with a well hone, self-principled approach of high standard.

For MTEB students, the summer recess is now here. Sure, have a great time and relax and enjoy the break, but don't waste valuable time. Great people strive in life because they want to go beyond what has already been achieved. Take time out from relaxing to bring together the exposure you have had to mobile knowledge and experience you have acquired, thus far. Select a particular line of investigative enquiry and see how far you get with it. I have identified some links above to illustrate a way forward or choose a different subject matter; remember to be able to demonstrate the primary basics of 'bush' methodology.

Tuesday, July 19, 2011

iPhones: Common Password Usage Risks

iPhones: Common Password Usage Risks


In the current climate of news about the use of PINs/Passwords to gain unauthorised access to mobile content and voicemail accounts, an interesting study published by an app developer identifying common iPhone passwords. The article identifies the ten most common pin/passwords determined from the study:


"Formulaic passwords are never a good idea, yet 15% of all passcode sets were represented by only 10 different passcodes (out of a possible 10,000). The implication? A thief (or just a prankster) could safely try 10 different passcodes on your iPhone without initiating the data wipe. With a 15% success rate, about 1 in 7 iPhones would easily unlock--even more if the intruder knows the users’ years of birth, relationship status, etc." most common iphone passcodes

Whilst password predicability may not be ground breaking news, this study just might be a useful insight that highlights that iphone mobile phone users appear to make predictable choices when selecting a pin/password and may persuade users to look more carefully at their choice of handset pin/password in current use.

Sunday, July 03, 2011

HTML5: holds a future for and after other mobile apps

HTML5: holds a future for and after other mobile apps

I have just written about mobile apps and forensics (windows-phone-apps-reach-new-market) because it is here and now and requires attention. An aspect of Forensics though is equally not being blinked to future trends. The question of future trends was asked by the House of Commons Science and Technology Committee in their recent report cmselect 855. It is really worth the time and effort to download and read this report.

HTML5 is a future trend and one that has already started to take hold. As nebusiness's The Journal pointed out (http://www.nebusiness.co.utechnology-leap-set-to-make-apps-redundant) "HTML5 builds on the technology of the existing internet but, as every web user knows, if you lose your connection, you lose your work. With HTML5 you don’t – you can go from connected to disconnected and never notice: files can be saved locally and remotely when needed, just like normal apps. Quietly, we’re starting to see more HTML5 apps, like that of the FT, which work on all devices. The FT app is amazing. Try it out. It’s all in HTML5 and as good as, if not better, than a native iPhone app."

With HTML5 there is a sense that forensics might see improvement in interpreting data that could be properly rendered for viewing; currently this can require other apps to assist that process. Moreover, vast quantities of unintelligible random code and data which could not be rendered by handsets can be found during physical dumps that no one really makes sense to identify what it is. Were unravelling and decoding of random code/data to be explained in itself it still might not explicitly or implicity confirm whether the handset user could see/access rendered versions of that code and data on the handset screen or select content by using the handset UI. HTML5 may yet assist in solving some of these issues, so is it a future trend forensic practitioners should be aware?

Well, I think it is something that cannot be excluded largely due to the fact it is at present being used, mobile browsers are making use of it and widely used mobile handsets support or portions of it in e.g. Apple's iOS 4.2, Android, Samsung, Nokia and so on.

So what can HTML5 do for mobile web browsing?
Well, it helps standardise those issues which had previously been problematical to mobile web browsing and, for mobile web developers, to get testable, cross-platform and standards-based interface for developing content that, prior to HTML5, required _fit_the_need_of_the_technology_ methods or proprietory APIs to achieve the level of rendering needed for rich content and browsing.

HTML5 and Forensics
It opens up the door for new or improved evidence. Do remember, particularly for those readers not involved with forensics, evidence doesn't necessarily mean recovered data that is detrimental or that some massive spying operation is in progress. Mobile HTML5 could have benefits to assist retain data that could help resolve a dispute, track a missing person and so on. Location awareness, localised data caching when mobile connectivity is lost and a range of other features that I shall be discussing later on.

What is possible to say at this stage, omitted data previously breaking the chain of causation needed for forensic evaluation may well be greatly assisted by HMTL5 but without a forensic examiner having to put, metaphorically speaking, all his/her sought artefact-eggs into one evidential-methodology basket. Nice !

Saturday, July 02, 2011

Windows Phone Apps reach new market levels

Windows Phone Apps reach new market levels

Back in 2006 Vodafone announced news to standardise handsets (here) and I commented then that it might be a good idea if users could profile their own handsets with the apps they actually use.  There is much market evidence to suggest the evolving mobile is moving in that direction. Android, Apple, Blackberry, Java and Symbian apps stores are a good example of this. The growth in mobile apps has not been limited to the five previously mentioned, Window Phone apps, too, are storming ahead with over 25,235 apps available.

There is a brief synopsis of the Windows Phone apps growth at winrumors. The chart below is courtesy of windowsphoneapplist.


windows phone 7 applications


Knowing these stats can be helpful but unless there is some inter-related commentary about the technology (so to speak) that links those stats to forensics, it can all become pretty meaningless. My take on those stats is they do present challenges that the mobile forensic community will need to adapt, sooner rather than later. There is a wealth of information in apps that cannot be gleaned from using many of the evidence recovery automated handset readers. This has happened because evidence tools may not have been designed for that purpose; recovering app info and the content they store.

Firstly, it is important to understand the distinction between apps accessible through interface/emulator tools, designed for app builders and programmers (so to speak), and those tools said to be designed for collecting evidence.

Secondly, it doesn't automatically follow that just because an examiner obtains an evidential physical dump from flash memory ( a ) the examiner has dumped everything from the correct component ( b ) that the dump's content will be 'visible' and 'legible' (PACE 1984) and 'intelligible' (DPA1984).

Holding such a view doesn't mean, nor is it intented to suggest, that I think there is an impossibility here that cannot be overcome. Do I think the mobile forensic communty, working together, will find the solutions? Yes, absolutely, naturally.