NIST develops experimental validation tool for cell phone forensics

December 2, 2009

Viewers of TV dramas don't focus on the technology behind how a forensics crime team tracks a terrorist or drug ring using cell phone data, but scientists at the National Institute of Standards and Technology do. NIST researchers have developed a new technique aimed at improving the validation of a crime lab's cell phone forensics tools. Early experiments show promise for easier, faster and more rigorous assessments than with existing methods.

Cell phones reveal much about our daily communications—the who, when and what of our calls and texts. A small chip card within most phones, called an identity module, stores this and other data for a subscriber. A subscriber identity module (SIM) accommodates phonebook entries, recently dialed numbers, text messages and information. Forensic examiners use off-the-shelf software tools to extract the data, allowing them to "connect the dots" in a criminal case such as identifying affiliations or detecting mobile phone activity around the time of an event.

But for this information to be used as evidence in court or other formal proceedings, the software tools that forensic teams employ are normally validated to determine suitability for use. Currently, preparing test materials for assessing tools is labor intensive and may require learning new command languages to perform the process.

NIST scientists detail their proof-of-concept research in a NIST Interagency Report, Mobile Forensic Reference Materials: A Methodology and Reification (available online at http://csrc.nist.gov/publications/nistir/ir7617/nistir-7617.pdf.) They also developed an experimental application, called SIMfill, and a preliminary test dataset that follows the methodology described in the report. SIMfill can be used to automatically upload cell phone data such as phone numbers and text messages to "populate" test SIMs that can then be recovered by forensic cell phone tools. In this way, examiners can use SIMfill as one method to assess the quality of their off-the-shelf tool.

The SIMfill software and dataset may be downloaded for free at http://csrc.nist.gov/groups/SNS/mobile_security/mobile_forensics_software.html.

"In this report," explains coauthor Wayne Jansen, "we document the results of a recent experiment with a number of commonly used mobile phone forensics tools. No tool was found to work perfectly and some worked poorly on fairly simple test cases."

The automated features of the applications and XML representation of test data allow technicians to develop new test cases easily. This offers a simple alternative to using manual means or specialized tools with higher learning curves. The data can be adapted to different languages with alternate character sets.

"Our research was a proof of concept," Jansen says. "Hopefully, forensic examiners will use our work to validate mobile forensics tools thoroughly before they employ them." The next step in the research is open. Scientists could expand the technique for mobile handsets and other types of identity modules, or the forensic community could decide to adopt this dataset and application as an open source project, according to Jansen.

Source: National Institute of Standards and Technology (news : web)

Explore further: Improving Security of Handheld IT Devices

Related Stories

Improving Security of Handheld IT Devices

August 29, 2005

Handheld devices such as personal digital assistants are becoming indispensable tools for today’s highly mobile workforce. Small and relatively inexpensive, these devices can be used for many functions, including sending ...

Wake-up call: Draft security pub looks at cell phones, PDAs

July 10, 2008

In recent years cell phones and PDAs—"Personal Digital Assistants"—have exploded in power, performance and features. They now often boast expanded memory, cameras, Global Positioning System receivers and the ability to ...

New publication offers security tips for WiMAX networks

October 7, 2009

Government agencies and other organizations planning to use WiMAX -- Worldwide Interoperability for Microwave Access—networks can get technical advice on improving the security of their systems from a draft computer security ...

Texts to reveal 'Whodunnit'

August 10, 2006

Psychologists at the University of Leicester are to investigate texting language to provide new tools for criminal investigation.

New authentication code urged for digital data

June 3, 2005

The National Institute of Standards and Technology (NIST) is recommending a new algorithm for authenticating digital data for federal agencies. Called CMAC (cipher-based message authentication code), the algorithm can authenticate ...

Recommended for you

A not-quite-random walk demystifies the algorithm

December 15, 2017

The algorithm is having a cultural moment. Originally a math and computer science term, algorithms are now used to account for everything from military drone strikes and financial market forecasts to Google search results.

US faces moment of truth on 'net neutrality'

December 14, 2017

The acrimonious battle over "net neutrality" in America comes to a head Thursday with a US agency set to vote to roll back rules enacted two years earlier aimed at preventing a "two-speed" internet.

FCC votes along party lines to end 'net neutrality' (Update)

December 14, 2017

The Federal Communications Commission repealed the Obama-era "net neutrality" rules Thursday, giving internet service providers like Verizon, Comcast and AT&T a free hand to slow or block websites and apps as they see fit ...

The wet road to fast and stable batteries

December 14, 2017

An international team of scientists—including several researchers from the U.S. Department of Energy's (DOE) Argonne National Laboratory—has discovered an anode battery material with superfast charging and stable operation ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.