POLICE Magazine Supplements

Investigative Technologies 2018

Magazine for police and law enforcement

Issue link: https://policemag.epubxp.com/i/1037198

Contents of this Issue


Page 11 of 19

I mmediately following the Decem- ber 2015 San Bernardino, CA, ter- ror attack, the FBI started looking at one of the terrorist's smartphones. It was an Apple iPhone 5C used by gun- man Syed Farook. e FBI wanted all the data on that phone, but it was locked with a user passcode that prevents anyone from Volunt ar y Dat a Release e easiest way to gain access to data from a person's smartphone is if they give that data to you. MSAB makes a kiosk that agencies can set up in a secure location where witnesses can download video or images from their phones to secure law enforcement stor- age. is allows the witnesses to share are about Apple devices. e reason for this is simple. Apple devices use end-to- end encryption, meaning everything saved on the phone from your best friend's phone number to the note you made about your dentist appointment is scrambled into incomprehensible strings of code until someone types in the right passcode or gives the phone 12 | SP E C I A L R E P O RT | I N V E S T IG AT I V E T E C H NO L O G I E S THE CHALLENGE OF SMARTPHONES gaining access to the data. Guessing at the password would have led to de- struction of the data and the economy model 5C did not have touch ID, so the feds couldn't just put the dead man's €nger on the touch pad. ey went to Apple for help and that's when a debate over privacy and law enforcement ac- cess to smartphone data under warrant became a subject of discussion in the mainstream media. As the FBI's insistence on recover- ing the data on Farook's phone became more strident, so did Apple's argument for user privacy. e company also told law enforcement nationwide something it didn't want to hear and something many people don't believe, that Apple can't just break into an iPhone. Lawyers got involved but before the case went any further, the feds withdrew their request. ey no longer needed Apple's help because they had hired an expert in Israel to crack the device. e terror phone case brought to the forefront the di†culty that investi- gators are having when they need evi- dence from a smartphone, which really isn't a phone at all; it's a powerful hand- held computer with a phone applica- tion. Smartphones can hold a wealth of data about a suspect, including photos, documents, and contacts. the €les without surrendering their phones to law enforcement. People don't want to do that for at least two reasons: they have personal informa- tion on the phone, and they don't want to lose use of their phone for however long it takes a forensic examiner to pull o‰ the €les. If investigators have access to an un- locked smartphone, there are a number of tools that can be used to image the memory. For example, MSAB's XRY can extract a wide range of information from the device's GPS, apps, call logs, contacts, and text messages. In the past, gaining access to phones equipped with touch ID biometrics was possible. ere is precedent in the courts for compelling suspects to give law enforcement access to €ngerprints. But at least on iPhones this window has closed. ere are multiple ways on an iPhone to quickly disable the touch ID until the phone receives a numeric passcode. And there is legal precedent that says you cannot compel a suspect to surrender his or her passcode. Android vs. A pple Even the most casual reader of law en- forcement news is probably aware that most controversies involving smart- phone access in criminal investigations the authorized biometric information to unlock it. Android has also started updating its operating system to feature end-to-end encryption. But few people update their Android operating systems a'er pur- chase. Apple users are part of a closed environment controlled entirely by Ap- ple where a single company makes both the hardware and operating system so'ware, and they constantly receive messages to update their iOS so'ware. ese messages can be quite insistent, so Apple users tend to update their so'- ware more o'en. Apple also prides itself on protect- ing its customers' security. As soon as an exploit into the system is developed, Apple does its best to eliminate it. For example, perhaps the worst thing Apple ever did to digital forensic specialists is that it closed o‰ the number one exploit examiners use to gain access to pass- code locked devices. In the past if a cyber forensics spe- cialist needed access to a locked device, it would be subjected to what's known as a "brute force" attack. An analyst would hook the device up to a computer and let it cycle through numbers until it hit the passcode. e reason the FBI did not do this with Syed Farook's ter- ror phone is that the iOS will only allow GAINING ACCESS TO THE ENCRYPTED DATA ON SMARTPHONES OWNED BY SUSPECTS AND VICTIMS IS ONE OF THE GREATEST FRUSTRATIONS FACING CYBER FORENSIC EXPERTS. D A V I D G R I F F I T H

Articles in this issue

Archives of this issue

view archives of POLICE Magazine Supplements - Investigative Technologies 2018