Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

FBI’s “Investigative Kiosks” allow quick data extraction from cell phones = FAIL

leave a comment »

It seems that every day, manufacturers add features to the garden-variety cell phone that make these mobile devices increasingly valuable as items of evidence. Text messages, call logs, e-mails, photographs, videos—all of this data and more can be found on many cell phones today.

To help local, state, and federal law enforcement deal with an increased demand in analyzing cell-phone data, the FBI has been launching Cell Phone Investigative Kiosks (CPIKs) in FBI Field Offices and Regional Computer Forensics Laboratory (RCFL) locations across the country. The CPIK allows users to extract data from a cell phone, put it into a report, and burn the report onto a CD or DVD in as little as 30 minutes.

Kiosk users only need to have some familiarity with computers and are required to take a one-time only, hour-long training course. Assistance with the kiosks is also available on site at CPIK locations.

Each CPIK has two components: 1) a cell phone examination system that contains software and the necessary cables to download data; and 2) a photographic system that enables a user to take pictures of a cell phone’s screen.

Users of the CPIK are able to:

  • Copy data from a cell phone to a computer hard drive
  • Examine data in a report format on the computer screen
  • Copy the report onto a portable device (such as a CD or DVD)
  • Copy the photographs onto a portable device (such as a CD or DVD)

While the CPIK is intended to be a preview tool—not equivalent to a full-scale cell-phone examination such as that performed by a certified examiner—any evidence produced using the tool is admissible in a court of law.

Non-FBI personnel may access the kiosks at their local RCFL. For CPIKs located at an FBI Field Office, non-FBI personnel must have an FBI escort at all times.
To locate a CPIK near you and to learn more about the program, go to: www.rcfl.gov

What this story fails to mention is that these “point and click” kiosks are just that.. Point and click, there is no expertise being used to look forensically at the data. For that matter, this system can fail to “see” the data in the first place due to the many different types of phone OS’s. Each OS has a different way of storing data, where they store it, how they store it, etc so when the kiosk is used by an unskilled agent, they may in fact be missing much.

How do I know this? I know this from speaking with and listening to a forensics specialist who works for the FBI as a consultant. So, here we have another chink in the forensics chain due to point and click mentality and a deep lack of understanding of Digital Forensics. Of course if you ask any agent or even police officer, you will hear that right now, digital forensics cases are backed up about six months at the labs. There is it seems, a deficit in qualified digital forensics examiners. *hint hint, good time to look into the CHFI kids* and a glut of cases, many many many of them now involving mobile phones and PDA’s.

Think about it.. How many dealers out there are doing their deals by text messages or SMS huh? How many bangers out there are making vids on their phones of beat downs etc? Yeah, there’s a lot of data out there and unless the feds and other LEO’s are performing these initial searches right, they might not only miss data, but in many cases with phones, screw the pooch by altering data.

Yeah…

Time to get your phone forensics on kids…

CoB

Written by Krypt3ia

2010/06/05 at 11:33

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: