NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage

mobile security and Forensics

Mobile Forensics

Mobile devices, such as Personal Digital Assistants (PDAs), Blackberry, and cell phones have become essential tools in our personal and professional lives. The capabilities of these devices are continually evolving, providing users with greater storage capacities, better Internet connectivity, and enhanced Personal Information Management (PIM) capabilities. Devices with cellular capabilities provide users with the ability to perform additional tasks such as SNS (Short Message Service) messaging, Multi-Media Messaging Service (MMS) messaging, IM (Instant Messaging), electronic mail, and Web browsing. Over time, these devices accumulate a sizeable amount of information about the owner and the activities conducted with the device, which may be of value to law enforcement or other security officials as digital evidence.

When mobile devices are involved in a crime or other incident, forensic examiners require tools that allow the proper retrieval of information present on the device and associated media. In order to meet quality standards of forensic laboratories, a foundation for establishing reference materials for tool assessment along with procedures for assessing the quality of mobile forensic tools are needed. Moreover, proper techniques from seizure to final report generation must be in place and followed to ensure quality and consistent results.

Mobile Devices

With the trend toward a highly mobile workforce, the acquisition of handheld devices such as Personal Digital Assistants (PDAs) and PC tablets is growing at an ever-increasing rate. These devices offer productivity tools in a compact form and are quickly becoming a necessity in today's business environment. Many manufacturers make handheld devices using a broad range of hardware and software. Handheld devices are characterized by small physical size, limited storage and processing power, restricted stylus-oriented user interface, and the means for synchronizing data with a more capable notebook or desktop computer. Typically, they are equipped with the capability to communicate wirelessly over limited distances to other devices using infrared or radio signals. Many handheld devices can also send and receive electronic mail and access the Internet.

While such devices have their limitations, they are nonetheless extremely useful in managing appointments and contact information, reviewing documents, corresponding via electronic mail, delivering presentations, and accessing corporate data. Moreover, because of their relatively low cost, they are becoming ubiquitous within office environments, often purchased by the employees themselves as an efficiency aid. Unfortunately, several major issues loom over the use of such devices, including the following items:

  • Because of their small size, handheld devices may be misplaced, left unattended, or stolen.
  • User authentication may be disabled, a common default mode, divulging the contents of the device to anyone who possesses it.
  • Even if user authentication is enabled, the authentication mechanism may be weak or easily circumvented.
  • Wireless transmissions may be intercepted and, if unencrypted or encrypted under a flawed protocol, their contents made known.
  • The ease with which handheld devices can be interconnected wirelessly, combined with weak or no authentication of the parties involved, provides new avenues for the introduction of viruses or other types of malicious code, and also other forms of attack such as a man-in-the-middle attack.

Mobile Agents

Mobile agents are autonomous software entities that can halt their execution, transport themselves to another agent-enabled host on the network, and continue their execution on the new host, deciding where to go and what to do along the way. Mobile agents are goal-oriented, adaptive, can communicate with other agents, and can continue to operate even after the machine that launched them has been removed from the network.

Mobile agents applications are currently being developed by industry, government, and academia for use in such areas as telecommunications systems, personal digital assistants, information management, on-line auctions, service brokering, contract negotiation, air traffic control, parallel processing, and computer simulation.

The mobile agent computing paradigm raises several security concerns, which are one of the main obstacles to the widespread use and adaptation of this new technology. Mobile agent security issues include: authentication, identification, secure messaging, certification, resource control, non-repudiation, trusted third parties, and denial of service. Moreover, the mobile agent frameworks must be able to counter new threats as agent hosts must be protected from malicious agents, agents must be protected from malicious hosts, and agents must be protected from malicious agents.