© 2013 Grant Thornton UK LLP. All rights reserved.© 2013 Grant Thornton UK LLP. All rights reserved.

Smarter Than You Think - a look at the evidence available from

smart phones and mobile devices

26 June 2013

Agenda

• Introduction

• Range of mobile devices available

• Types of data

• Case studies

• GPS and Geotagging

Agenda

• Mobile Apps

• The future of mobile devices

• Relationship with other digital

disciplines

• Questions?

• Recent press articles

Introduction

Mobile Devices

• Embedded and reliant on mobile devices in our everyday lives – work, personal and leisure.

• Mobile devices often overlooked as a source of potential evidence - awareness level for police constabularies and criminal investigations.

• Individuals often unaware of hidden data stored!• Example – Audience participation with BlackBerry

devices – Event Log

How else are mobile devices used?

Mobile Devices - Popularity

• Research Firm Gartner – Suggest PC's are on the decline

• Not a dip caused by squeeze on household incomes

• 1.9 billion mobile devices to be sold in 2013, where 1 billion estimated will be smart phones

• Social media access – Twitter feeds embedded into Bloomberg terminals at traders desks. Goes against the grain for reluctance of firms to allow access

Manufacturers all have different OS causing complicating forensic investigations

Why Mobile Device Investigations

• Criminal & civil law examples - murder, sexual assault, violent crime, burglary, intent – sabotage and collusion, illicit images of children, financial fraud, commercial espionage, money laundering, and HR related issues.

• Examinations need to be forensically sound to stand up in court with robust procedures (ACPO guidelines).

• Recovery of deleted data.• Recovery of data from damaged mobile devices.

© 2013 Grant Thornton UK LLP. All rights reserved.

• SIM cards• Mobile Phone• Memory Card• USB dongle • Tablets• Watch phone

Range of mobile devices & components

Why Mobile Device Investigations

• SIM cards – Subscriber data used to obtain billing records, contacts, call data, text messages.

• Handset – Typically contacts, call logs, SMS text messages, MMS, emails, Internet history, Social Media, WiFi, Bluetooth, App data, Media (photos, videos and audio), voicemails (selected smart phones only), organiser information, eDocs, metadata and custom dictionary.

• Memory cards – Typically media and backup of phone data

Types of Data

User created

Computer versus the Smart Phone – Any difference?

Case Studies

Examples

• Counterfeit and money laundering case – Suspect unhelpful in investigation and unwilling to provide handset code to device.

• Commercial espionage – Individual hid data on memory card under phone casing.

• Intelligence – Individual identified with fake passport at airport. Handset examined to assist in identity.

GPS and Geotagging

Definitions and Problems

• Global Positioning System (GPS) – activated on handset to locate geographical position.

• Geotagging – adding metadata to media file.• How accurate especially in large cities?• Security issues – giving away location?• Social media issues – privacy and public domain?• False GPS co-ordinates can be generated by user.• Geotags can be edited to give false information.

How easy is it?

Hypothetical Situations?

• Possible to frame innocent parties eg loading edited photo with fake co-ordinates to unsecured phone or website and tip off police.

• Uploading of images to smart phone by military personnel – subsequently transferred to social media site. Potentially giving enemy access to location.

Applications (Apps)

What is an App?

• An "App" is an application - software designed to run on a mobile device with limited function.

• Shortcut to popular web based sites eg email.• 50 Billion Apps have been downloaded from the

Apple store alone.• Equates to 7 apps per person on the planet.• 800 Apps per second are downloaded from Apple.• Data can be forensically retrieved from some Apps

–but not all, due to the vast array encountered.

What information is held?

- Emails- Location- Social Media- Personal information- Degrees of contact- Web-based data

Security Apps – problems for the investigator?

Applications securing transmission of data to and from the handset

The Future…..

Near Field Communication (NFC) – 4G handsets

Google Glasses

How will data be able to be extracted and forensically obtained?

Types of Data – GPS, pairing with mobile devices, microphone, facial recognition?

Relationship with Computer Forensics and eDisclosure

Computer Forensics

- Mobile devices synchronised with other electronic devices

- Even without a physical mobile device, backups can exist on PC's for examination

- Cloud based services

© 2013 Grant Thornton UK LLP. All rights reserved.

eDisclosure Trends

• Increasing use of social media

• Proactive information management

• Ever increasing volumes of data

• Further disparate sources of data

• Thousands of emails can be extracted from smart phones – easy method to screen data via eDisclosure review platforms

© 2013 Grant Thornton UK LLP. All rights reserved.© 2013 Grant Thornton UK LLP. All rights reserved.

Any Questions?

UK Newspaper Articles

Examples of mobile devices and their evidential use

Mobile Devices in the News – Extracts from the UK Press

Mobile Devices in the News

Mobile Devices in the News

Mobile Devices in the News

Mobile Devices in the News

Mobile Devices in the News

Mobile Devices in the News

Mobile Devices in the News

Mobile Devices in the News

Mobile Devices in the News

Mobile Devices in the News

Mobile Devices in the News

Mobile Devices in the News

© 2013 Grant Thornton UK LLP. All rights reserved.

Contact

Chris Clements

Partner and Head of UK Regions Forensic & Investigation Services

+44 (0) 7968 33 88 95chris.m.clements@uk.gt.com

Bruce Keeble

ExecutiveForensic & Investigation Services+44 (0)7891 433 223 bruce.h.keeble@uk.gt.com