Forensics Journal - Stevenson University 2015 | Page 7

FORENSICS JOURNAL capture and analyze the contents of RAM in a running computer to gather running processes, passwords, and other volatile data, network traffic captured by firewalls, routers, and intrusion detection systems, mobile phones, and system backups. Provided the procedure to capture and analyze this data is appropriately documented and meets certain industry standards, these techniques are forensically sound. WHAT IS THE DISTINCTION BETWEEN A “SMART” PHONE AND A “DUMB” PHONE? “Smart phone” is the term used for mobile phones which can do more than just make phone calls and send text messages. They have more memory, better screens, more robust processors, have the ability to surf the web, download/run apps, and establish VPN connections. They function like computers, which can make phone calls. Android and Apple phones fall into this class. Dumb phones can perform only basic functions, such as making calls and sending text messages. A few of them have some built-in apps such as alarm clocks and calculators. These phones are smaller, have low-end processors, typically cannot surf the Internet, and do not allow the user to download/run third-party apps. Example: the cheap $10 phone you can buy at the grocery store. The terms “smart phone” and “feature phone” are real terms and are actually used in the industry. However, the industry has moved away from using the term “dumb” phone and went to “feature” phone. WILL HAVING A PASSWORD ON MY MOBILE PHONE PROTECT IT FROM HAVING THE DATA ACCESSED? Many people use passwords to lock the keyboard and screen on dumb phones. Dumb phones allow a user to lock their phones to avoid the so-called “butt dialing” or to prevent a stranger from picking up the phone and scrolling through it. The passcode typically does not lock the data port on the phone. Therefore, in many, but not all situations, a mobile device forensic tool can be used to conduct an acquisition of the locked phone, which will recover the user data from the phone. On smart phones, the password may or may not protect the phone and its data from being accessed. Popular mobile device forensic tools have been configured to access many, but not all locked phones. It will vary on a case-by-case basis. Locked iPhones (4S and newer) and BlackBerries typically enable encryption to prevent unauthorized access to the phone. For Android phones, “USB debugging” should be disabled, when it is not in use to ensure data is not accessed through the micro-USB port. 5