• Oliver Laurence

Digital Forensics - Enhancing White Collar Crime Investigations Globally.


It could be argued that a mobile phone, tablet, or other smart device will have some level of involvement in 99.9% of all investigations that are undertaken today. Regardless of the type of matter, the fast paced evolution of the smart device and what it can store, means investigators and litigators alike need to have some form of knowledge and understanding as to the forensic capability to analyse such devices.


Smart devices are with us everywhere, they track our movements, they record our conversations and assist us in our daily activities of ordering groceries, allow us to search the web, send and receive emails, book a cab, and do our online banking, to name just a few important tasks we use our phones and smart devices to make life easier every day, there is very little they can’t do.


These powerful mini computers that are carried around nearly everywhere with us in our pockets and in our cars can be crucial to any investigation, and should always be one of the top priority investigative items an investigator or litigator should seek to assess in the early stages of their investigation, the value of the evidence these devices can hold can not be understated.


While it should be noted that the conventional methodologies of the investigator should never be put on the shelf, the uniqueness of digital intelligence gathering via a phone or smart device allows investigators to direct their inquiries much quicker, and search for significant clues and answers very early on in the investigation.


“Investigators still have to canvass, they still have to speak to people, interview them, obtain statements, and review this information, through their effective investigation case management systems. One cannot assume that forensic technology will solve an investigation, but it will certainly open doors quicker, and generate significant lines of inquiry.”



I-OnAsia’s global phone forensic capability is one that has provided unique insights into investigations to support both prosecution and white collar defence matters.


From recovering deleted data in the form of text messages, images, videos and username & passwords, digital evidence gathering through the use of Cellebrite technology has supported both legal and corporate clients to quickly identify real facts, which has allowed them to make even quicker decisions as to how they should proceed with a matter, and in most cases reduced the investigator hours required.


Of course, even when data is collected, it doesn’t mean the larger picture is immediately obvious, but there is no better way to review large amounts of smart device data very quickly then having it forensically examined and presented by a team of qualified analysts.


Often we are asked, what qualifications our I-OnAsia forensic teams maintain to carry out this important and critical forensic work?

An incredibly important question, and one that should be asked prior to any formal engagement of a forensic team.


I-OnAsia's global forensic investigators who analyse smart devices wherever there is a requirement, undertake weeks of training in the safe and compliant extraction and analysis of smart phones and other devices.


Each device has it weaknesses and obstructions, and the training that is attended by our global team ensures that we are able to tackle these complex examinations with confidence. Each one of our analysts is a certified Cellebrite operator/extractor and a certified analyst, undertaking review training every 12 months to ensure currency of their qualifications.

Our forensic instruments are updated regularly as Cellebrite finds new and innovative ways of overcoming new smart device software releases that try to prevent access of the critical data litigators and investigators need to prove their cases.

We are quite often asked these top five question by our clients about this unique phone and smart device forensic capability;


Q1. What different types of extraction or examinations can you do?


Full Extraction analysis - Attention to Spyware / Malware - Smart Device Bug Sweep


Often clients will come to us with concerns that their spouse or partner knows far too much information and appears to be ahead of every action they take, and they are concerned that their being monitored, or as is commonly referred to, ‘being spied on’.


Our phone forensic technology allows us to review all common and known spyware and malware intrusions which can affect various devices and their communicating abilities outside the phone, this includes I-pads, and other smart devices.


This investigation will also have us reviewing all the common applications that are on the phone or smart device and identify any foreign ones that the client is not familiar with.



"Thank you I-OnAsia, for your team's quick response, you put my mind at ease that all was well with my phone & tablet."

Full Evidence Extraction


A full logical and advanced logical extraction for evidentiary purposes can be carried out at any stage of the litigation process to provide legal representatives with evidence which is secured and accessible at any stage of the investigation. In some instances, a full file system extraction can be carried out, however, on later model ‘smart’ phones this investigative extraction methodology is not always possible due to the security settings placed in smart device software. An assessment of the device will quickly determine what is, and what isn't accessible.

It is imperative that once a determination is made that the phone or smart device is critical evidence in a matter that the data on that device be imaged and secured to prevent either accidental deletion, corruption, or even worse, permanent loss. In some instances, deleted data can be recovered, however, each device is unique and until this process is carried out the operator cannot make that assessment.


Full Evidence Analysis


At the completion of the logical and advanced logical extraction the certified I-OnAsia operator will then analyse the data and present in a way that assists the legal team in their presentation of this evidence.


It is of note that this process can take some time as it is dependent on the quantity of information stored on the phone or smart device which needs to be searched, then verified, and recorded in order to withstand scrutiny during any potential hearing.


Q2. Can my smart phone or tablet really be hacked?


It must be noted that the ability to upload such 'hacking software' onto a smart device requires significant thought, planning and execution. However, mobile phones and smart devices are hacked every day, although most of us will never be hacked it is estimated that a hacker attempts to hack a phone or smart device somewhere in the world every 39 seconds, that equates to 2,244 attempts a day.

But, if you suspect your phone or smart device might have been the victim of a hack, or has been breached in anyway, it’s worth going through a simple phone and smart device bugging detection checklist with one of I-OnAsia's global forensic analysts.


These are the six signs you need to look out for, which should cause some level of concern, and result in your phone or smart device being assessed.


1. Your phone or smart device overheats even when not in use.

2. Your battery life drains rapidly.

3. You identify applications that you didn't install.

4. You hear echoes on the line during calls.

5. Someone in your life seems to have far more knowledge of your affairs than they should.

6. Contacts in your phone are receiving requests from you which you have not sent, often requesting money.


Leave the phone or smart device at home or in the office, and call us from elsewhere, for a free confidential risk assessment where we will asses the information you provide and develop an immediate strategy to support you.


We can carry these investigations out on site, at a client’s home or at a chosen law firm during a consultation, wherever the device is located we can travel to (additional fees for travel may apply).


Q3. Can this technology map the contents on my phone? And map out where the device has been?


Yes!


The smart device forensic capability is incredibly unique and powerful in its ability to extract all the data points of where the phone has been, what WiFi hot spots it has tried to connect too, which leaves a trail of its connection path.


This information can be crucial to proving a persons location at a specific time and date, or in fact disproving where they are alleged to have been at the time of an incident.


Example - An insurance investigator is investigating a house fire where an insured person outlines that at the time their house burnt down, they were 100 miles away visiting their parents. The insured offers their phone up for analysis to corroborate this version.


The phone analysis of the phone supports this version when the mapping and geo-location of the insureds calls and texts are reviewed and analysed. More still needs to be done to validate that the Subject was in possession of their phone at the time, but it is a significant piece of intelligence to corroborate the version. Again, the mere presence of forensic information does not mean that an investigator then stops investigating.

The forensic tool can also map the contents of a Subjects phone, their network and how they are all connected.


This allows an investigator to gather prompt intelligence and determine the direction their investigation needs to head in.



Q4. What happens with all my data that you download?


A incredibly important question to ask.


Data from the smart device is downloaded through the forensic tool onto a external hard drive, from this hard drive the information is then put through the forensic analysis platform that really performs all the magic of the analysis work, allowing an analyst to quickly search the thousands of files for the specific information required, or begin mapping the data we have demonstrated above, each requirement is unique, so there is no set format as to how this is carried out.


If some partial data has been found in binary code, the analyst will have to spend some time converting this data to 'legible data sets'. At the conclusion of the assessment, this information is converted into a formal report which can be provided in both soft and hard formats, the hard drive will be handed to the client containing their data, nothing will be retained by investigator, other than a copy of their findings. Should further questions need to be asked, the client can re produce the external hard drive to the investigator who can, if required search for additional information.


Q5. The phone I have is badly fire damaged, I don't need the information for court or any litigation, I just need it for my own personal affairs, can you help?


Surprisingly, we get a lot of these inquiries from corporate executives and high net worth individuals who drop, break or damage a phone which has years of memories and important information they require stored on it.


As long as the phone or smart device is yours, and you know the pass-code, we can assess what information is on the phone, download it for you, and provide you all the information we are able to find to help recover those important memories or files you desperately require.

If you don't know the pass-code, it is highly likely our forensic teams wont be able to carry out an extraction, however, an assessment of this can be made very quickly once the phone is delivered.


I-OnAsia's global forensic team regularly give demonstrations on the use of this digital investigative capability to showcase what litigators can gain from having such powerful investigational tools at their disposal, and how they can support particular matters.


Please contact us should you wish to have a 'virtual' or in-person demonstration of I-OnAsia's phone and smart device extraction technology available out of all our global offices.

Hong Kong: +852 9281 9932

New York: +1 917 608 3476

London: +44 777 075 8640


https://www.ionasia.com.hk/digital-forensics



38 views0 comments