×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Book Review: Digital Forensics For Handheld Devices

samzenpus posted about a year and a half ago | from the read-all-about-it dept.

Books 87

benrothke writes "Today's handheld device is the mainframe of years past. An iPhone 5 with 64 GB of storage and the Apple A6 system-on-a-chip processor has more raw computing power entire data centers had some years ago. With billions of handheld devices in use worldwide, it is imperative that digital forensics investigators and others know how to ensure that the information contained in them, can be legally preserved if needed." Read on for the rest of Ben's review.In Digital Forensics for Handheld Devices, author Eamon Doherty provides an invaluable resource on how one can obtain data, examine it and prepare it as evidence for court. One of the reasons many computer crime cases fail to be prosecuted is that the evidence was not properly handled and could therefore not be admitted into court.

Once of the first things a defense attorney will do in a computer crime case is to attack how the digital evidence was obtained and preserved. In far too many cases, it was done incorrectly and the evidence, no matter that it may be a smoking gun, can't be admitted into court. The case then is dismissed, to the chagrin of the victim.

The books 8 chapters of nearly 300 pages are densely packed text, where Doherty brings significant real-world experience to every chapter. As the cybercrime training lab director at Fairleigh Dickinson University, he brings both an academic formality in additional to real-world experience in this highly tactical guide.

Chapter 1 details cell phone forensics. After a brief introduction to the history of the cell phone, it details the entire inner workings of a cell phone. The chapter also details differences in cell phones worldwide. An important fact is that many Asian countries have cell phones available 12-18 months before they appear in the US. With that, American forensic investigators need to be cognizant of this when entering into an investigation.

The chapter includes an overview of the Susteen Secure View application which is an extremely powerful tool for the mobile phone forensic investigator. Besides that tool, in each chapter, Doherty lists many tools that provide specific assistance to the topic at hand. The book is worth it for those listings alone.

Chapter 2 is similar to the previous chapter except this is about digital camera forensics. The chapter provides a detailed overview of how digital cameras operate and how the underlying hardware works. The chapter includes an extremely comprehensive overview of seemingly every tool available to investigate images on a digital camera.

The chapter also includes a number of fascinating case studies on how to effectively perform a forensics analysis of a digital camera. It concludes with an observation that when considering a career in forensics, as fascinating as it is; it may not be for everyone.

Doherty notes that as a forensics investigator, the examiner is often exposed to disturbing material. He quotes a report that studied investigators from over 500 agencies who had been exposed to child pornography during investigation of crime involving child exportation. The report noted an alarming 35% of the participants had problems arising from work exposure to child pornography.

Chapter 5 provides an extremely detailed look at forensics investigation on a corporate network. Throughout the book, Doherty stresses the need for effective chain of custody and other issues to preserve digital evidence. It is imperative to preserve the integrity of the digital evidence obtained from the time it was seized until it is presented in court.

To facilitate this, the book states a best practice to use checklists to ensure nothing is forgotten. The importance of checklists has been detailed in The Checklist Manifesto: How to Get Things Right where author Atul Gawande makes a compelling case for the use of checklists.

As to evidence and checklists, Doherty writes that once the evidence is obtained, a chain of custody form should be filled out. Each time the evidence is copied, processed, or transported, it should be documented on the chain of custody form. If others receive a copy of the evidence for prosecution or defense purposes, they too should sign for it. This is an imperative if it expected that the evidence would end up in court or be used for human resources purposes. But at the corporate setting detailed in chapter 5, that same level of diligence is not necessarily required.

Chapter 5 also has overviews of nearly 50 different forensic tools for every imaginable purpose.

While the book has exploratory and technical overviews on many tools and numerous case studies, this is not an introductory text on the subject. It is meant for someone with a technical background that is looking for a technical reference to gain competence on the topic of digital forensics.

The only lacking of the book is that while the author is an expert on the topic and the tools, the writing style is one that screams out for an editor. The text suffers from run on sentences and repetition of defining the same acronym, in addition to other readability issues. The book is pervasive its use of passive voice that can be annoying to many readers. It is hoped that the second edition of this book will be updated with the current tools of the time and a good re-editing of the text to ensure its readability doesn't suffer.

Aside from the grammatical issues, for those looking for a very hands-on guide to gain proficiency on the topic, Digital Forensics for Handheld Devices is a valuable reference. Dr. Eamon Doherty has a unique perspective in that he has academic, law enforcement and very practical experience, which is manifest in every chapter.

The notion of digital forensics is seize it, examine it and then prepare it for evidence in court. In Digital Forensics for Handheld Devices, you found out how to do just that.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

87 comments

to the chagrin of the victim? (4, Insightful)

fustakrakich (1673220) | about a year and a half ago | (#41441025)

I would say it depends who is the 'victim'. Yes, protect your handheld data. Encrypt the hell out of it and/or find a good way to wipe it clean before the wrong people get to it..

Wait! (-1)

macbeth66 (204889) | about a year and a half ago | (#41441027)

it is imperative that digital forensics investigators and others know how to ensure that the information contained in them, can be legally preserved if needed

Is there an app that will make my phone smoke and melt into itself, a la Mission Impossible, taking all of my pr0n with it? I wouldn't want that stuff to fall into the wrong hands. Like my wife.

Oh, wait. I'm dead. Never mind.

Out, damn'd spot! out, I say! (1)

srussia (884021) | about a year and a half ago | (#41441209)

Is there an app that will make my phone smoke and melt into itself, a la Mission Impossible, taking all of my pr0n with it? I wouldn't want that stuff to fall into the wrong hands. Like my wife.

Thanks for clearing up what Lady Macbeth was referring to!

Re:Out, damn'd spot! out, I say! (0)

Anonymous Coward | about a year and a half ago | (#41441253)

there is, it's called a blackberry

Re:Wait! (0)

Anonymous Coward | about a year and a half ago | (#41441325)

You simply need to cover the flash memory with thermite and figure out some way to ignite it.

Re:Wait! (1)

SomePgmr (2021234) | about a year and a half ago | (#41442449)

Model rocket igniter in a packet of thermite, connected to relay off device battery, tripped by a stripped down version of the "android IOIO" type devices with only one io, soldered off the usb ports junction at the board, activated by android service running in background that pings a remote service.

Sounds complicated, but maybe...? :)

Re:Wait! (0)

Anonymous Coward | about a year and a half ago | (#41443173)

Faulty Sony (or other inferior Chinese made Li-Ion) battery. Totally deniability.
Now the tricky part is for you to set it off under full control instead of it bursting into flame on its own. May be some funny code in the charge controller firmware? ;)

Re:Wait! (1)

Tastecicles (1153671) | about a year and a half ago | (#41446483)

easy.

red phosphorous and a cigarette lighter.

I used to make diskette bombs with red phosphorous. Dramatic but fairly harmless. Unless you're a floppy disk drive.

My ass (3, Interesting)

clam666 (1178429) | about a year and a half ago | (#41441159)

If I want it preserved, I'll copy it to local storage or upload it to the cloud if I so choose. Other than that, if I hit the wipe button there better be smoke coming from it.

If I wanted it "preserved" I wouldn't be wiping it out in the first place.

Re:My ass (2)

tlhIngan (30335) | about a year and a half ago | (#41441609)

If I want it preserved, I'll copy it to local storage or upload it to the cloud if I so choose.

I think in some instances, it may be safer on the phone as it isits than in the cloud.

Take an iPhone, say. It's got some very strong protections and all that. But you could get at the same data by looking at the user's iTunes folder if they backed up there and didn't encrypt it. Or subpoena Apple who can dig it out (while the actual disks may be encrypted, the data is not when accessed).

Just knowing there's another copy available may make it easier to access said copy than the original.

Re:My ass (1)

Tastecicles (1153671) | about a year and a half ago | (#41446513)

store important files on the smallest, fastest flash device you can get away with, encrypted (I use a 2GB drive for transient secure filing, archive secure filing is in a secret and secure location that is recorded nowhere but my brain). The wipe button should trigger a military-grade sector-by-sector overwrite, which on a solid state drive will be permanent, instant and unrecoverable.

Truecrypt does this.

Re:My ass (0)

Anonymous Coward | about a year and a half ago | (#41449297)

Found this [amazon.com] on amazon, apparently some company already created it.

(though Truecrypt might be just a little cheaper...)

Re:My ass (1)

EnempE (709151) | about a year and a half ago | (#41446867)

Some of us still read the Subject lines.
So that read:
On the Subject of my ass: If I want it preserved, I'll copy it to local storage or upload it to the cloud if I so choose. Other than that, if I hit the wipe button there better be smoke coming from it.

Which was a little disturbing, but it was followed by the eminently sensible:

If I wanted it "preserved" I wouldn't be wiping it out in the first place.

Which I will now unfortunately have pop into my mind every time I throw used paper into the bowl.

Re:My ass (0)

Anonymous Coward | about a year and a half ago | (#41448017)

Even worse, would you trust the forenzic scientist to have continuity and security in the data and not fabricate to keep his job and get a prosecution? It is rather like the jury that believes Digital Video data is evidence despite the fact that it can be a computer induced hallucination! It is about time we realize that such data is at best worthless for a court of law and may in fact hinder its function.

Sounds pretty good, but... (1)

Anonymous Coward | about a year and a half ago | (#41441165)

How exactly is the datacenter class raw computing power on the Apple A6 system-on-a-chip processor relevant to crime, forensics and the checklists?

Re:Sounds pretty good, but... (2)

rubikscubejunkie (2664793) | about a year and a half ago | (#41441297)

Easier to commit a crime, start a DDOS attack, etc. when you have more computing power. Ever try doing a port scan on a 286? Aint’ fun.

Re:Sounds pretty good, but... (4, Funny)

CanHasDIY (1672858) | about a year and a half ago | (#41441323)

Ever try doing a port scan on a 286? Aint’ fun.

Oh, yea, I did that once, way back in the early '90s...

Still waiting on the results.

Re:Sounds pretty good, but... (1)

rubikscubejunkie (2664793) | about a year and a half ago | (#41441413)

See...told ya so! :)

Re:Sounds pretty good, but... (0)

Anonymous Coward | about a year and a half ago | (#41441467)

See...told ya so! :)

Smurf!

Re:Sounds pretty good, but... (1)

the_B0fh (208483) | about a year and a half ago | (#41442335)

He might be enjoying it - could be a masochist...

Re:Sounds pretty good, but... (1)

CanHasDIY (1672858) | about a year and a half ago | (#41449409)

He might be enjoying it - could be a masochist...

Nope, electro-sadist - I also flog the poor thing regularly with a Cat-o-Nine-Tails, just to keep it in line.

Re:Sounds pretty good, but... (0)

Anonymous Coward | about a year and a half ago | (#41441465)

The book is about the data on the phone.. How is that related?

Amazon summary and the actual review above are a bit quiet about the computing power..
"Approximately 80 percent of the world’s population now owns a cell phone, which can hold evidence or contain logs about communications concerning a crime. Cameras, PDAs, and GPS devices can also contain information related to corporate policy infractions and crimes. Aimed to prepare investigators in the public and private sectors, Digital Forensics for Handheld Devices examines both the theoretical and practical aspects of investigating handheld digital devices.

This book touches on all areas of mobile device forensics, including topics from the legal, technical, academic, and social aspects of the discipline. It provides guidance on how to seize data, examine it, and prepare it as evidence for court. This includes the use of chain of custody forms for seized evidence and Faraday Bags for digital devices to prevent further connectivity and tampering of evidence. Emphasizing the policies required in the work environment, the author provides readers with a clear understanding of the differences between a corporate investigation and a criminal investigation. The book also:

Offers best practices for establishing an incident response policy and seizing data from company or privately owned digital devices Provides guidance in establishing dedicated examinations free of viruses, spyware, and connections to other devices that could taint evidence Supplies guidance on determining protocols for complicated crime scenes with external media and devices that may have connected with the handheld device

Considering important privacy issues and the Fourth Amendment, this book facilitates an understanding of how to use digital forensic tools to investigate the complete range of available digital devices, including flash drives, cell phones, PDAs, digital cameras, and netbooks. It includes examples of commercially available digital forensic tools and ends with a discussion of the education and certifications required for various careers in mobile device forensics. "

Re:Sounds pretty good, but... (2)

BlackTriangle (581416) | about a year and a half ago | (#41441315)

It's extremely relevant to Slashdot avoiding circling the drain, through subliminal advertising.

Re:Sounds pretty good, but... (1)

RobertLTux (260313) | about a year and a half ago | (#41441423)

Back in the Day to do a "live report" in %remote location% you had to

1 fly a dozen support folks to %remote location%
2 with Trucks of equipment
3 and a sat uplink truck

and then hope and pray that something did not go wrong

Today (ignoring 3 for a bit)

1 fly your reporter to %remote location% WITH HIS iPhone (or Android device)

or

2 Airdrop your reporter with a Big BackPack (and his personal Mobile Computing Device)

and all you are praying for is that he gets Close Enough (but not To Close) to The Action

The Elder Reporters would have sold Bodies (or Parts of Them) to get the tech we have today.

(and oh sure leave all your files "On The Cloud" the TLAs love that kind of thing)

Re:Sounds pretty good, but... (0)

Anonymous Coward | about a year and a half ago | (#41445387)

the titel of the book is : Digital Forensics for Handheld Devices ....you draw the conclusion.

It might be best to give up. (0)

Anonymous Coward | about a year and a half ago | (#41441183)

Computing. Some Hitler or cult leader might come along and you never know. With the likes of this guy.

Double-edged sword... (2)

mlts (1038732) | about a year and a half ago | (#41441221)

On one hand, dumping the contacts, text messages, and other items from a phone would be a vast boon for exposing a crime ring for investigators. However, on the other hand, any forensic device that can be used by LEOs can be used by criminals for gain as well.

If one separates a corporate officer from their phone and is able to completely dump the contents, it would mean a gold mine. Competitors would buy contact lists, spreadsheets (accounts payable/receivable), unannounced product sheets, etc. Employee payroll info can be sold to ID thieves, and the fact that these employees are at work at this time can be sold to local gangs for burglaries/home invasions. If the employee has any military employment, that info and their family info can be sold to foreign intel agencies, etc.

The trick is defense in depth. Yes, iPhones and some Android devices have device encryption, but the best thing is having encryption on the app level. To get around that, the blackhats would have to find a way to stick a keylogger on the device, as opposed to just a single snatch of the device and a dump.

Re:Double-edged sword... (1)

dgatwood (11270) | about a year and a half ago | (#41441523)

Computationally speaking, device-level encryption is probably sufficient, assuming there aren't any serious flaws found in AES-128. The weakness, if any exists, is in the choice of passphrase, and that won't be helped by adding more encryption tied to the same passphrase....

Re:Double-edged sword... (2)

mlts (1038732) | about a year and a half ago | (#41441693)

The trick with cellphones is less encryption than authentication. With the very small keyspace most people chose for a PIN, a device maker wants to have the PIN checking done on a hardened chip before the true 128 or 256 bit key is released. That way an intruder either has to guess through the chip (and be stopped/slowed down after a number of tries), or has to physically uncap the chip and go at it with an electron microscope (good luck.)

Of course, with a chip being the gatekeeper, it can easily be backdoored, so that is the downside of that type of security measure.

Re:Double-edged sword... (2)

Cajun Hell (725246) | about a year and a half ago | (#41443471)

Computationally speaking, device-level encryption is probably sufficient, assuming there aren't any serious flaws found in AES-128.

And assuming you have a magic UI that is both convenient yet also somehow lets people enter keys of sufficient entropy. If the user is entering 4-digit-PINs or stuff like that for a key, then it doesn't matter how excellent the cipher is.

Apple ad? (1, Informative)

Anonymous Coward | about a year and a half ago | (#41441243)

iPhone and Apple are trademarks..a generic "smartphone" terminology would have done the job pretty well

Re:Apple ad? (1)

boristdog (133725) | about a year and a half ago | (#41442081)

Yeah, and people still see my tiny $40 32GB Sandisk Sansa MP3 player and call it an "iPod".

You gotta hand it to those folks in Cupertino, they are marketing geniuses.

Re:Apple ad? (0)

Anonymous Coward | about a year and a half ago | (#41443221)

That might also be because it looks like an ipod a little, if you squint

Something Apple will be good at, I'm sure! (1)

na1led (1030470) | about a year and a half ago | (#41441245)

Since the iPhone is locked down so much, and all you all data is backed up to their cloud. What have you got to worry about?

Re:Something Apple will be good at, I'm sure! (1)

PNutts (199112) | about a year and a half ago | (#41441367)

I'm not sure if you are serious, but you are correct, except for you don't have to back up anything to the cloud. Also, the "disk" is encrypted and it has local and remote wipe capabilities.

Re:Something Apple will be good at, I'm sure! (1)

na1led (1030470) | about a year and a half ago | (#41441677)

Considering the popularity of the iPhone, I'm sure forensics will have no problem retrieving you data, no matter how many times you try to wipe it.

Re:Something Apple will be good at, I'm sure! (1)

Lumpy (12016) | about a year and a half ago | (#41441853)

Drill press through the Flash chip will "wipe it so that even the best forensics guys cant recover the data. another one is a good bon fire.

Re:Something Apple will be good at, I'm sure! (1)

rubikscubejunkie (2664793) | about a year and a half ago | (#41442705)

not true. if the chip is not completely disinigrate, then you still can read from it.

Re:Something Apple will be good at, I'm sure! (1)

Tastecicles (1153671) | about a year and a half ago | (#41446599)

-1 Dead Wrong.

Also, you don't need anything as expensive as a drill press. A hammer will do the job. All you have to do is split the core.

Re:Something Apple will be good at, I'm sure! (1)

rubikscubejunkie (2664793) | about a year and a half ago | (#41448195)

if the core is split, there is still memory on the fragments that can be resonstructed.....

Re:Something Apple will be good at, I'm sure! (0)

Anonymous Coward | about a year and a half ago | (#41449345)

Really? When did they start making chip from magic dust of fairies?

This cuts both ways... (1)

sohmc (595388) | about a year and a half ago | (#41441377)

Unlike other physical and tangle forms of evidence, digital evidence is both nothing and something at the same time. It's too easy to both plant evidence (by either the defendant or the prosecution) and sometimes impossible to deny the evidence.

Furthermore, digital evidence doesn't necessary mean that I am the author. I don't have my phone on me at all times. I let friends use it.

This being said, I'm not discounting the importance of forensics. I just think more needs to happen before we can say something is evidence. Mind you, the large majority of crimes are committed by idiots who post pictures of their crime on Facebook. But for the small percentage of us who are either nefarious and trying to take advantage of the legal system or an innocent victim to circumstance, it's too ambiguous to say all the data on my phone is my own. (Wasn't Carrier ID a few years ago?)

Granted every piece of evidence has some sort of flaw of authentication. But I fear the day that I get arrested for posting "I just robbed this place!" about getting free coffee next to a bank that was getting robbed. (Yes, I would have an alibi, but let's not let this flaw ruin a good analogy.)

Re:This cuts both ways... (1)

dave562 (969951) | about a year and a half ago | (#41441777)

The decision about what is or is not evidence is not addressed at the time of the collection. The collection takes place, and then the lawyers sort through what they have to determine what is or is not relevant to the particular dispute or litigation taking place. Of course they will exclude those pictures of your cat, but you can bet that someone will have to look at that picture of your cat to determine that it truly is a picture of your cat.

Years? More like decades (0)

Anonymous Coward | about a year and a half ago | (#41441409)

Today's handheld device is the mainframe of years past. An iPhone 5 with 64 GB of storage and the Apple A6 system-on-a-chip processor has more raw computing power entire data centers had some years ago.

Sorry, the opening line was just stupid. Sure, mobile devices are more powerful than desktop computers from a handful of years ago, but you have to go back a lot longer to match an entire datacenter.

Re:Years? More like decades (1)

Tastecicles (1153671) | about a year and a half ago | (#41446667)

if an iPad2 is comparable to a 1985 Cray 2, then an iPhone is a fully specced 1997 Compaq Proliant 2500 6/250H Model 1 (if you got one of the systems with matched Xeon processors like I have, then clock speed is 233MHz instead of 200). Not a minicomputer, more a small server.

Not your ass, his ass (-1)

Anonymous Coward | about a year and a half ago | (#41441427)

"An iPhone 5 with 64 GB of storage and the Apple A6 system-on-a-chip processor has more raw computing power entire data centers had some years ago"

Nice English, write much? And uhm no..no it doesn't. You dumb sonofabitch, you seem to be confusing clock speeds and amounts of RAM with reality. Those numbers have never told the whole story. How do you shit eating morons survive in this bad economy? Do people have money to waste on your mindless shit? Just like today, some years ago people could run their whole business with their "entire data center" but nobody runs their whole business on an iPhone, not even you, girlfriend. So I guess your numbers don't really add up after all.

"it is imperative that digital forensics investigators and others know how to ensure that the information contained in them, can be legally preserved if needed."

Well fuck you, you damn fascist pig! You can take your shitty book and shove it up your ass. A good colonoscopy and resection will then be imperative to legal preserve it, if needed. Your appointment at Dr. Kutchikokoff's office is Monday at 9:30. With friends like you, who needs enemas?

Re:Not your ass, his ass (1)

rubikscubejunkie (2664793) | about a year and a half ago | (#41442759)

Dudeâ¦.get a gripâ¦he was trying to make a point and I think you took way too literal of an interpretation of it.

Re:Not your ass, his ass (0)

Anonymous Coward | about a year and a half ago | (#41442937)

sometimes and intro is just an intro....

Re:Not your ass, his ass (0)

Anonymous Coward | about a year and a half ago | (#41442981)

'some years ago' could mean 25 years....and in that case, yes; an iPhone 5 def. has more memory and CPU power than an IBM mainframe circa 1987.

chill.

Re:Not your ass, his ass (0)

Anonymous Coward | about a year and a half ago | (#41445341)

Wow, What a well thought out, rationale response by an expert in the field....

Re:Not your ass, his ass (0)

Anonymous Coward | about a year and a half ago | (#41445491)

Dude - take an anger mgmt class.

Re:Not your ass, his ass (0)

Anonymous Coward | about a year and a half ago | (#41448429)

The person who posted this has to be sane, as an insane persone could never come up w/ such a rediculous comment.

Thank Goodness... (1)

rmdingler (1955220) | about a year and a half ago | (#41441567)

someone is out there helping the French Su^rete' tighten up their evidence chains. What? Don't you hate the terrorists?

Forensics and BYOD (3, Informative)

dave562 (969951) | about a year and a half ago | (#41441685)

BYOD deserves mention in this context. While a lot of people are in love with the idea of bringing their own devices to work, they have not fully considered the legal implications of doing that. If an employer is involved in a dispute and there is any potential that any relevant information could be on the device, the device will be subjected to collection activities. Personal contacts, emails, photos, passwords (potentially) will be collected. The device owner will be without the device for hours, or potentially even days or weeks while the forensics are done.

I have seen it happen. I work with a company that has an established presence in the eDiscovery / EDRM space. Our teams are out doing forensic collections all the time, and it is more and more common to see employees end up in pissing matches with their internal legal and HR departments over who "owns" a device that has been used for work purposes. The employee always loses. Having paid for a device does not exclude them from the collection process.

Re:Forensics and BYOD (1)

swb (14022) | about a year and a half ago | (#41442801)

And when the employee decides to just quit, what do you do then? Or if they decide to just not provide it to you, smash it or otherwise wreck it (how long does an iPhone have to be submerged in water to render the electronics inoperable)?

Re:Forensics and BYOD (1)

dave562 (969951) | about a year and a half ago | (#41442881)

Then that employee gets to explain to the judge why they destroyed evidence. There is zero lag time between the employee being notified that they need to preserve their data and the requirement that they preserve their data. Once the employee is given notice, they are legally bound by a court order to cooperate. If they decide not to, they can have fun hanging out in jail.

If the employee has problems with their device being subject to litigation, they should not use their device for work related activities. I have two phones for that very reason.

Re:Forensics and BYOD (0)

Anonymous Coward | about a year and a half ago | (#41442935)

What exactly is on the phone that is work-related that would be evidence in a case?

Assuming we're talking about something like IMAP or Exchange, the emails are stored on the server, not the handset. The phone may cache the last X messages on local storage, but they are always in sync with the server. Anything that is deleted on the server is deleted on the phone and vice-verse. Anything that is on the phone is stored on the server. There is zero reason to analyze it - it's a waste of time.

What if I have information on the phone that is subject to privilege such as HIPAA-protected medical information or attorney-client correspondence? You guys are *not* entitled to that information and handling it without permission would subject you to liabilities.

Re:Forensics and BYOD (0)

Anonymous Coward | about a year and a half ago | (#41447345)

Worker checks emails, downloads attachment to phone. Company policy delete document from company servers, copy still exists on phone, employee used own device to access company documents, device is discoverable.

Re:Forensics and BYOD (0)

Anonymous Coward | about a year and a half ago | (#41445339)

If the employee has problems with their device being subject to litigation, they should not use their device for work related activities. I have two phones for that very reason.

Do you think opposing counsel isn't going to go after your "personal" phone? Do you think they'll just take your word that there's no corporate data on it? And what kind of shady business is your employer in that they're always being sued?

Re:Forensics and BYOD (1)

hoggoth (414195) | about a year and a half ago | (#41481829)

> what kind of shady business is your employer in that they're always being sued?

hahaha. You must not be from the U.S.

Re:Forensics and BYOD (0)

Anonymous Coward | about a year and a half ago | (#41442873)

(1) Why does this happen "all the time"? Are your employees that frequently the subject of criminal/civil investigations?

(2) What if I refuse to hand over my personal device? Do your goons try to strong-arm me or do you just tell me I'm fired?

Re:Forensics and BYOD (0)

Anonymous Coward | about a year and a half ago | (#41443079)

It's not an issue of loss of use, only one of privacy which might be protected by the limits on what the discovery team can do with the information they get.

Apple goes to great lengths to make it easy to backup and move to a new computer.
      Don't they do this for iPhones as well.

If so, the legal beagle should show up with a replacement iPhone for the poor employee to clone onto before the forensics folks take his original.

Otherwise, it's just harassment on the part of the folks doing the discovery.

Re:Forensics and BYOD (2)

mlwmohawk (801821) | about a year and a half ago | (#41444947)

common to see employees end up in pissing matches with their internal legal and HR departments over who "owns" a device that has been used for work purposes.

Wrong, absolutely wrong. "Ownership" is not ambiguous. I have a true story. About 30 years ago I worked at a bank. One teller would put a stack of $20bills in his pocket every day. ($2000). Every night, he would take it out of his pocket and put it in his cash draw and settle. I asked him why he did this, he said, "in case I am robbed, I get to keep it."

Back to the phone. If the employee buys the phone and pays the bills, the company has no "rights" to that device. In fact "sarbanes oxley" says that companies should only allow communications over corporate systems. This is why larger companies are starting to provide digital phones for their employees so that they can have access to this information.

At work I always have two laptops. (1) My work laptop. (2) My personal laptop. Never does personal and business cross. Its cleaner that way.

Re:Forensics and BYOD (0)

Anonymous Coward | about a year and a half ago | (#41445865)

> Having paid for a device does not exclude them from the collection process.
No, but a punch to the face might dissuade them from inspecting your device data.

If the value of the assault charge is less than the IP on the device, its worth it.

"No, I will not comply, is the best policy."

Digital Forensics degree (1)

neghvar1 (1705616) | about a year and a half ago | (#41441727)

I am presently working on a degree in digital forensics. Courses include how to work with mobile devices.

Re:Digital Forensics degree (0)

Anonymous Coward | about a year and a half ago | (#41442371)

and .. ?

Re:Digital Forensics degree (0)

Anonymous Coward | about a year and a half ago | (#41443225)

He's just proud of how far he has come in life thanks to DeVry (*limited transferability of credits).

Good read. (1)

Lumpy (12016) | about a year and a half ago | (#41441819)

Step 1 NEVER use any cloud systems for backups. all they have to do is supeona Apple to get your iphone data, or Google to get your android data.
step 2 set the encryption. They cant read the contents if you have strong encryption.
step 3 Live paranoid. If you are near a river and a cop is trying to steal your phone, Throw it hard into the river. They will never recover it. Be ready to destroy it, I mean really destroy it like wrapped in Det cord, thermite, drill press through the flash chip kind of destroy it.

Otherwise, just give it up and smile you have nothing to hide do you citizen.....

Re:Good read. (0)

Anonymous Coward | about a year and a half ago | (#41442891)

give it up and smile

Except smiling could brand you as a terrorist due to facial recognition.

"it is imperative" (1)

stevegee58 (1179505) | about a year and a half ago | (#41442067)

it is imperative that users install and use the highest level crypto they can lay their hands on in order to thwart the police state from seizing their data without a court order.

Re:"it is imperative" (0)

Anonymous Coward | about a year and a half ago | (#41443009)

or in spite of a court order.

Re:"it is imperative" (1)

Jeremy Erwin (2054) | about a year and a half ago | (#41443417)

Indeed. There's no reason to assume that the courts are not an integral. opponent of a functioning police state.

Re:"it is imperative" (1)

Jeremy Erwin (2054) | about a year and a half ago | (#41443469)

integral component, not integral opponent. Cripes. the cops must have implanted something on my iPad that neutralizes my impassioned political critiques.

more Apple bias from slashdot (0)

Anonymous Coward | about a year and a half ago | (#41442577)

Seriously, there's no reason why you couldn't have left the headline smartphone-agnostic rather than add fanboy comments.

In a long ago, far away place. (0)

Anonymous Coward | about a year and a half ago | (#41444933)

Today's handheld device is the mainframe of years past. An iPhone 5 with 64 GB of storage and the Apple A6 system-on-a-chip processor has more raw computing power entire data centers had some years ago.

How long ago was this? When data centers used tubes?

Re:In a long ago, far away place. (0)

Anonymous Coward | about a year and a half ago | (#41445369)

and if it was? so what..true statement....

Good old passive voice (1)

digipres (877201) | about a year and a half ago | (#41446123)

"The book is pervasive its use of passive voice that can be annoying to many readers. It is hoped that the second edition of this book will be updated with the current tools of the time and a good re-editing of the text to ensure its readability doesn't suffer."

It is to be hoped that critiques of the use of the passive voice are not self conciously ironic.

Supercomputer of yore (1)

aNonnyMouseCowered (2693969) | about a year and a half ago | (#41447715)

"Today's handheld device is the mainframe of years past."

Isn't it more like today's handheld is the supercomputer of decades past? A mainfarme excels in crunching databases, while a supercomputer excels at doing "tasks" faster than even the typical liquid nitrogen-cooled desktop.

Note that I'm using "task" in not in the computer sense of "multitasking", but int the human sense of an activity that a single user might want a computer to perform, like solving a complex equation or modeling a hurricane. While the difference isn't absolute, a mainframe would be more multi-user oriented than a supercomputer.

Typical use cases for supercomputers are in the field of visualization. That's why we get these jokes about future Windows version requiring a supercomputer to boot. So comparison with a supercomputer, rather than a mainframe, is more apt, especially for graphically lush gadgets such as smartphones.

Re:Supercomputer of yore (0)

Anonymous Coward | about a year and a half ago | (#41447853)

Why have about 30% of the posting obsessed on that intro?

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...