Mobile and Cloud Data are Becoming More Important

Expect big changes to come with new phones in 2024 that stretch beyond the processor and camera upgrades we typically see each year. New AI-fuelled features could make phones much smarter, potentially turning them into capable personal assistants rather than pocket-sized portals to the internet.

It’s clear that smartphones will soon be getting even smarter. In the mid-2000s, mobile phones could only do a tiny fraction of the things that their modern counterparts are capable of. Now, thanks to several recent technological advancements, it looks as though there will be no shortage of new smartphone features in the future to keep us evermore attached to our little digital devices.

When you combine this emerging technology with other existing applications that can track things like blood-pressure and heart rate, it’s easy to see how smartphones could soon bring about a revolution in medical care.

There's no doubt that with the popularity of smartphones that can manage virtually every aspect of our lives, the trend in technology is to get more and more "connectivity" into smaller and smaller packages. Simultaneously, wrist watches have become a lesson in technological redundancy for many people. Ask a friend for the time of day and they're just as likely to glance at their smartphone as they are to look at an actual wrist-bound timepiece. The newest wave of smart watches aims to change all that.

Mobile devices are growing in importance and are vital to a range of investigations. So, what’s behind this growth? We can find some clues by examining the frequency with which mobile devices are used in different investigations. Phishing tops the list, well ahead of employee misconduct, which itself outpaces malware-infected endpoints, misuse of assets or policy violations, and data exfiltration or IP theft. As noted earlier, business e-mail communication is a pervasive threat, and most BEC frauds begin from the victim’s perspective with a phishing email. Similarly, many malware attacks also start with an email, which may contain a malicious attachment or link. A sizeable number of these emails will be opened on a mobile device and, with many organisations actively enabling BYOD, many devices used for such official activities are unmanaged. Compounding the risk, many unmanaged devices are jailbroken or rooted—making them more susceptible to malicious apps.

Digital investigations have really evolved over the years. Often, we’re looking at multiple pieces of evidence from not only the endpoint but also various logs, cloud, and mobile data as well. This inherently creates more complex investigations for examiners as they build incredibly detailed reports containing multiple pieces of evidence into a report for their stakeholders.

This has led to the need for mobile data collection and analysis to be improved. Mobile attacks are a growing threat, and a successful compromise can allow a threat actor to harvest credentials and sensitive information from the device itself, while also leveraging the device to access the organization’s wider IT environment.

To protect the organisation and employees, corporate digital forensic investigative professionals often need to gain access to communications and data on mobile devices, but the complexity and ever-growing diversity of mobile devices can present several challenges. A comprehensive and detailed data extraction can provide investigators with critical evidence and information, but a large group of DFI indicated that they are only able to extract limited data. For example, the inability to gain access to devices in question, and collect from devices remotely. Plus, in most corporate environments, team members will be unable or unwilling to surrender their mobile devices for an extended period. Mobile devices are becoming more important to corporate forensics.

Outsourcing investigations is considered cost effective and is often required. There are many reasons why an organisation would bring in a third-party service provider to perform or assist with DFIR activities.

The digital forensic investigation process is a complex and constantly evolving domain, but it’s never been more important for today’s organisations. The Cybercrime Act and the POPI Act have also contributed to the complexity. Digital forensics within corporate environments may originate with legal obligations and human resources issues, but the field’s future will be closely linked with cyber incident response—which itself should be a top-of-mind issue for leadership.

Viewed through this lens, a robust DFIR function—whether in-house, from a third party, or through a combination—becomes not an expense, but an investment in risk management and business continuity. Invest in a balanced DFIR portfolio that enables investigators to keep pace with ever - changing needs - Investigations for HR/internal issues and to support eDiscovery/litigation aren’t going away. At the same time, IR processes are increasingly reliant upon digital forensics to uncover data that is essential for helping the organization recover from cyberattacks, strengthen resilience, and demonstrate that reasonable safeguards were in place (i.e., to support cyber insurance claims).

Risk Diversion and our Magnet Forensic Partner claims meeting these concurrent and evolving needs requires a balanced approach that allows corporate DFIR practitioners to perform a variety of investigations and to keep pace with data extraction and analysis demands. Already, investigators collect from cloud and mobile data sources at about the same frequency as they collect from traditional computers—and there’s every indication that cloud and mobile data sources are only going to grow in importance. As data volumes soar, it’s imperative that DFIR professionals are equipped with modern tooling that can extract data—including full file system collections—from a range of sources, that makes it easy for investigators to combine sources into one coherent view. Using automated DFIR processes to manage risk increase quality and efficiency as today’s corporate DFIR professionals are under enormous pressure to conduct fast and thorough investigations. Unfortunately, the landscape in which they operate can be characterized by one word: more.

As in more investigation types, more investigations overall, and more data involved with each investigation. Automation is commonplace in the IT and security world, but it is relatively new to digital forensics. Nevertheless, automating forensics’ data extraction and transformation pipelines is already increasing the quality and efficiency of DFIR activities—and practitioners are adamant that they see tremendous value in automation investments. Strategically leveraging third-party service providers, many organisations already lean on third-party forensic service providers to assist with investigations, for a range of reasons. Security, IT, and HR leaders should work with their internal teams to determine the ideal role for FSPs and how best to leverage them.