There is also the issue of wiretapping VoIP calls. According to the National Institute of Justice (NIJ), part of the Department of Justice (DOJ), we are behind in developing and delivering forensic tools for these technologies.
As we move into newer forms of computing devices such as smartphones that are used in business, these devices need to be protected from invasion. Even game consoles and the emerging Internet capabilities of TVs pose security problems.
Let's look at cell phones. They come with various capabilities, multiple operating systems and thousands of apps. We can send and receive e-mail, access the Internet, download an ever expanding number of entertainment sites, send SMS, MMS and VoIP. What is stored in your cell phone? It may be very rewarding to a hacker to access it and steal information.
The evolution of the cell phone from 1G to 3G and now 4G devices opens up even more issues. Memory has expanded, operating systems are becoming well known, computing power has increased and the amount of information transmitted, received and stored has substantially increased. All these factors increase the attraction and advantages to those breaking security.
Forensic tools are used to locate and process evidence of hacking and invasion of the cell phone. The subscriber identity module (SIM) card stores this data. One problem is that information can be stored in many file locations. Some of the previously non-relevant storage area may become relevant and most forensic tools do not help in this analysis. The problem is compounded by the number of cell phones on the market as well as the number of generations of cell phones still in use.
You may have seen the introduction of game consoles that can be used with a TV for Internet access. Don't you think that remotely working at home may be done through the TV and game console? At this time, these devices have small memory. The data will probably be written over frequently, thereby destroying any relevant data for forensic tools to access. The game consoles do not save browser history and sites accessed.
Cloud computing is another problem. The lack of hard drive use and the use of remote applications complicates forensic analysis. When data is stored in a virtual environment, it will be hard to prove that the data stored is original data.
The growth of VoIP calls, both for consumers and the enterprise, opens another area. Call log data, signaling, the calls themselves, pose additional problems for forensic tools.
Finally, the car manufacturers are promoting their in-car computers with access to the Internet. Event data recorders (EDR) in the car can be used for accident investigation. What if the EDR data has been compromised or modified to change the recorded information; can the EDR be relied upon for criminal and civil cases? The NIJ is seeking answers to these problems by working with the industry. Research proposals are being sought by the NIJ as well as the demonstrations and evaluations of existing tools that solve some of the forensic problems. The funding for projects in this area can be as high as $500,000. The Computer Forensic Tool Testing program is described at http://www.cftt.nist.gov/.
The goal of the Computer Forensic Tool Testing (CFTT) project at the National Institute of Standards and Technology (NIST) is to establish a methodology for testing computer forensic software tools by development of general tool specifications, test procedures, test criteria, test sets, and test hardware. The results provide the information necessary for toolmakers to improve tools, for users to make informed choices about acquiring and using computer forensics tools, and for interested parties to understand the tools’ capabilities. A capability is required to ensure that forensic software tools consistently produce accurate and objective test results. Our approach for testing computer forensic tools is based on well-recognized international methodologies for conformance testing and quality testing.
The FBI's Director, Robert Mueller, recently visited Facebook and other technology firms to discuss the FBI proposal that would make it easier to wiretap communications. The FBI is proposing that firms like Facebook design their systems to intercept and decrypt messages. In the proposal, international based services would have to pass their traffic through U.S.-based servers so they can be wiretapped.
Enterprises may not like these efforts by the DOJ and FBI. Enterprises may want to participate in the FBI proposal review. They may also want to look closely at what devices will be allowed to access and use their internal information services. The continued addition of new device and computing models like cloud computing will make security and privacy even bigger issues for the enterprise.
