Mobile Part 1

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

17 hours 41 minutes
Video Transcription
Hey, everyone, welcome back to the course. So the last module we wrapped up our discussion on email crimes
in this video, we're gonna talk about different steps we need to take before mobile investigation.
So just a quick pre assessment question here. Data loss is a top threat for mobile devices. Is that true? Riffles?
All right, so that was kind of easy, right? We all know that's true. Data loss is a top three firm mobile devices as well as all other devices, right? We don't want to lose our data.
So mobile forensics. So just like any other type of forensics were extracting, recovering in analyzing data, Some of the places we get it from on a mobile device. We're gonna be the internal memory, the SD card, the SIM card. And then you could take a look at missed SP 800. Dash 101 would cover some more information on mobile forensic investigations.
So our internal phone memory is going to be things like our Ram. Our rahm Also the flash memory. Our SIM card is gonna be our contact list right to our address book. It's also gonna contain messages and then we've got different external memory. That'll be things like SD cards, micro SD, mini, SD, etcetera, etcetera.
Different steps we need to take before a mobile forensic investigation. So before we get started as an investigator, what do we need to take a Sfar? Stepwise.
So number one building him a mobile for us. He's been building a forensic work station,
uh, then building it for an investigation team reviewing different laws or policies that are applicable, notified and decision makers in obtaining authorization from them.
Performing a risk assessment on this Well, as a building out a mobile mobile for forensics tool kit. Excuse me? Their stuff a little bit.
All right, So mobile forensic work station. So we need to consider to do we want a laptop or desktop? Like, what do we actually need? We may need both, right. We realistically probably do need both. That way we could be mobile a CZ. Well, as if a mobile device comes to our lab, we can assess it as well,
having things like a USB connector. Um, you know, cables, Sim card reader, You know, again, the mobile forensic tool kit. So that way we can go to different scenes
and then also a micro SD memory card reader.
So building our investigation team generally, it should have all these people on it. Right? So we should have an expert witness, evidence manager and documentary, an investigator, attorney or someone legal photographer, Incident response or the decision maker needs to be involved, right? They may not necessarily go to the crime scene, but they're gonna be involved in the process
as well as an incident analyzer.
We need to review a different, you know, laws in policy. So, for example, like federal or state laws as well as local laws, Right? So if there's something at the local level we need to follow regarding mobile crimes, then we need to follow it, right? We shouldn't try to just say, hey, well, you know, at the federal state level doesn't say anything. Well, that doesn't matter. You know. It still might get your case thrown out
and then also following any policies. So, like, policies that our organization has a ce faras ah mobile investigation. So making sure we're compliant with those
notifying decision makers. So obviously decisionmakers implement the policies and procedures. So if we don't see ah policy on something, for example. So hey, I don't see a policy on, you know, I o s, you know,
phone recovery. Then let your decision maker No. So they can give you direction on that. And then, of course, obtaining authorization from them
before me. Your risk assessment. So what? We're going for the mobile data, Like, what are some of our risk? Right, So Well, maybe, you know, maybe we're gonna lose some of that internal memory. No. So things like our ramen Haram. So let's go ahead and prioritize and acquire that first right before we do anything else. So that's all the risk assessment is is we're just trying to get a better handle on
what kind of data we need to acquire first
and then building on our mobile forensics tool kits. So again, this is gonna be dependent upon, you know, whatever device it is, So whether it's an iPhone or an android or even like a BlackBerry, for example,
whatever kind of device it is, it tells us like what kind of cables we need and what other you hardware and software tools that we might need to actually acquire the data.
So in this video. We talked about different steps we need to take before mobile investigation.
In the next video, we're gonna talk about some different mobile threats as well. Some laws that we don't need to be aware off.
Up Next