Google says PC will be irrelevant in 3 years

Google says PC will be irrelevant in 3 years

Interesting article in The Register:



http://www.theregister.co.uk/2010/03/05/google_says_pc_will_be_irrelevant_in_three_years/



I can see where Google is coming from because I have similar thoughts about how mobile phones and SIM/USIM cards, as devices, are making significant inroads to provide functions and features traditionally provided by computers. This is another area that is forcing change on the work we do and why I believe we cannot afford to rest on any laurels we think we may have in our field of distinction and move as quickly as is reasonably practicable to do so to generate Certified/Validated tools.

Google says PC will be irrelevant in 3 years

Google says PC will be irrelevant in 3 years

Interesting article in The Register:



http://www.theregister.co.uk/2010/03/05/google_says_pc_will_be_irrelevant_in_three_years/



I can see where Google is coming from because I have similar thoughts about how mobile phones and SIM/USIM cards, as devices, are making significant inroads to provide functions and features traditionally provided by computers. This is another area that is forcing change on the work we do and why I believe we cannot afford to rest on any laurels we think we may have in our field of distinction and move as quickly as is reasonably practicable to do so to generate Certified/Validated tools.

Mobile Phone Flash Memory Chip Evidence

Mobile Phone Flash Memory Chip Evidence

.

When recovering data using flasher box devices it may be useful to support the notion of obtaining a detail (IMSI/ICCID/etc) about a previously inserted paricular SIM Card in a particular mobile telephone that the notion about storing such data in memory is:

.

- not new

- not clandestine shady black-box technology

- not a security breach by the handset manufacturer

.

In fact the entire process of maintaining a SIM List in the phone was designed to allow a user with more than one SIM Card to gain access to previously held memory data associated with each particular SIM Card.

.

In order to support that statement it would be helpful to see practitioners using authoratitive statements about the forensic 'reliability' and 'accuracy' of recovered data being obtained using flash reading devices and the evidential 'weight' and 'value' to be given to the data.

.

To assist, here is a statement from a 1996 published Electronic User Guide for the Nokia 2110:

.

SECURITY LEVEL (Menu 5 2) Page 71

"The phone keeps a list of the SIM cards which are used with the phone. This list may contain the information on up to five different SIM cards."

.

However under the same section in the User Guide it states:

.

"Regardless of the selected security level, all temporarily stored phone numbers are erased when a new SIM card is installed. On the other hand, these phone numbers are not erased when a previously used SIM card is inserted, regardless of the selected security level."

.

As a query about forensic reliability and accuracy:

.

- During the acquisition process and the harvesting of the data acquired is there/ has there been anything lost in translation of the data themselves, at first instance? If the IMSI you have recovered from flash memory is presented along with call logs etc, how do you know that those call logs relate to that IMSI and not another IMSI?

.

As a query about evidential weight and value:

.

- What weight can be given to the recovered IMSI being directly associated with those call logs? Moreover, what value is there in using such potentially uncorroborated evidence assigned to the recovered data being presented as evidence?

Mobile Phone Flash Memory Chip Evidence

Mobile Phone Flash Memory Chip Evidence

.

When recovering data using flasher box devices it may be useful to support the notion of obtaining a detail (IMSI/ICCID/etc) about a previously inserted paricular SIM Card in a particular mobile telephone that the notion about storing such data in memory is:

.

- not new

- not clandestine shady black-box technology

- not a security breach by the handset manufacturer

.

In fact the entire process of maintaining a SIM List in the phone was designed to allow a user with more than one SIM Card to gain access to previously held memory data associated with each particular SIM Card.

.

In order to support that statement it would be helpful to see practitioners using authoratitive statements about the forensic 'reliability' and 'accuracy' of recovered data being obtained using flash reading devices and the evidential 'weight' and 'value' to be given to the data.

.

To assist, here is a statement from a 1996 published Electronic User Guide for the Nokia 2110:

.

SECURITY LEVEL (Menu 5 2) Page 71

"The phone keeps a list of the SIM cards which are used with the phone. This list may contain the information on up to five different SIM cards."

.

However under the same section in the User Guide it states:

.

"Regardless of the selected security level, all temporarily stored phone numbers are erased when a new SIM card is installed. On the other hand, these phone numbers are not erased when a previously used SIM card is inserted, regardless of the selected security level."

.

As a query about forensic reliability and accuracy:

.

- During the acquisition process and the harvesting of the data acquired is there/ has there been anything lost in translation of the data themselves, at first instance? If the IMSI you have recovered from flash memory is presented along with call logs etc, how do you know that those call logs relate to that IMSI and not another IMSI?

.

As a query about evidential weight and value:

.

- What weight can be given to the recovered IMSI being directly associated with those call logs? Moreover, what value is there in using such potentially uncorroborated evidence assigned to the recovered data being presented as evidence?