Recent news articles have lightly touched upon the problems Police Forces are experiencing with Remote Wiping of Digital Evidence, and its understandable with the increased complexity of mobile devices continuing to be the ever-changing battle for digital forensic experts. While it seem like essential security parameters for the average user, features like Multi-factor authentication and remote wiping capabilities have posed problems forensically.
The Ultimate Kill-switch?
But which phones can Remote Wipe? Well in short – most of them. Apple’s prestigious “Find My iPhone” and Google’s “Android Device Manager” extend their services to remotely lock and then wipe the phone data, this causes a problem for digital forensics experts, like us, who need to act fast when it comes to investigations. Following from the articles of impossible encryption within Apple and Google devices – the struggle does continue.
Its simple to see why criminals resort to this tactic, while in the USA the ever popular Fifth Amendment, the “right to remain silent”, is common in legal practice, over here criminals could find themselves guilty of an additional offence. RIPA (Regulation of Investigatory Powers Act) means refusing to release your phones pin number is treated as an offence punishable by prison sentence, so its easy to see why criminals may resort to other means to hide incriminating evidence.
But this problem doesn’t extend to law enforcement cases. BYOD (Bring Your Own Device) is an ever-expanding concept sweeping the commercial sector. As the name suggests, the concept concerns employees utilizing their own digital devices for work purposes, which comes with its own security woes. The use of Remote Wiping makes gaining evidence of unauthorized actions within the workplace an uphill battle; meaning discretion is required ever more.
Therefore, being vigilant is always an advantage.
How Do We Fight Against It As Forensics Experts?
The answer lies in the extensive tools, equipment and techniques at our disposal, as well as our continued Research and Development. Faraday Cages are unique equipment designed to block external electric fields. This form of shield allows for work on the device while it is impervious the remote wiping attempts. Faraday Cages work by distributing a charge around the outside of the box, which cancels out charges or radiation inside. This means Bluetooth, Wifi and cellular signals are completely redundant, allowing our full forensic processes to take place.
The recent BBC news article identifies that in a number of instances the lack of faraday equipment and radio frequency shielded bags have not meant the end for digital evidence. The BBC indicate that putting the mobile device in a microwave can help in stopping the signal being broadcasted and/or received from the device, although our experts state this may not be the most effective solution relying heavily on the density of the metal. As microwave ovens are built to contain microwave energy, it can be seen as ideal, however, simpler answers exist.
IntaForensics always recommend powering down the digital device – regardless of type e.g. computer, mobile phone, satnav. Without power, this not only restricts the signal to the device but also stops the device from writing data, a top cause of loss of digital evidence. Also consider Airplane Mode – while turning off the device is advisable, a cheeky alarm may reactivate your phone without you knowing, and your evidence is immediately susceptible to remote wiping attempts.
Saves you wrapping your phone in foil doesn’t it? (another crazy yet proven solution for you).
If you have a Mobile Phone Forensics case, trust the experts. IntaForensics are an ISO 9001 and 27001 accredited organisation, so you know you’re receiving the highest quality service. Call your local IntaForensics office using the details below or by emailing info@intaforensics.com.
Nuneaton – 024 7771 7780