New IoT devices with cameras, 5G, and AI analytics coming in 2019 will change the digital forensic landscape forever, says HancomGMD.
In late 2016, South Korea was rocked by one of its biggest political corruption scandals in history that eventually led to former President Park Guen-Hye being impeached and jailed.
A special prosecutor was elected to proceed with the slew of bribery charges.
By law, investigators had limited days to investigate and prosecute. They had confiscated over several hundreds of smartphones as evidence. With more in the form of notebooks and desktops – from suspects and needed to analyze tens of thousands of phone records and chat messages under a tight deadline. A single piece of evidence from any one of them could have been the smoking gun needed for a successful indictment.
The prosecutors called on HancomGMD, South Korea’s largest digital forensics firm, to analyze the smartphones, and the company sent five of its top experts. The team successfully analyzed all of the data in the confiscated smartphones; not only that, among the data extracted was crucial evidence that helped the prosecutors successfully indict and jail some of the country’s most powerful politicians.
“It was a special case not just because of the national attention it received but the deadline,” said Jessy Jun, managing director and team leader of HancomGMD’s forensic business. “You need a team that can recover and analyze data from multiple devices quickly and correctly.”
SMARTPHONE: THE RISE OF DIGITAL FORENSICS
To say smartphones have changed the digital forensic landscape is an understatement. The device has become the core of every criminal investigation and helped propel digital forensics as a serious, scientific investigation tool.
“Today, mobile forensics account for over 80 percent of the total digital forensic that global investigators are performing,” said Jun.
A single smartphone contains contacts, memos, call records, text messages, instant messages, pictures, videos, and GPS data of a person. An investigator’s dream it seems, but not quite. Smartphones have strengthened security over the years to include data encryption and strong authentication.
People also change their phones, on average, every two years and there are constant updates to apps and operating systems.
“You need to keep up with the pace of changes in the smartphone to analyze their data correctly,” said the managing director.
Recovering data from sea water drowned smartphone with noticeable damages.
“For instance, in criminal cases, a lot of the time, you have to find a suspect’s old phone and decipher that data to fully understand the context of the data found in his or her more recent phone. And most of the data is incomplete by itself, so you need to contextualize it with other data you have collected,” he said.
“As a digital forensic team, you need a wealth of experience and a lot of registered devices on your database to fully extract data.”
The myriad of data types in smartphones has also made digital forensics challenging – images need to be converted to text, and vice versa. New techniques have also been developed to recover data without damaging the integrity of smartphones.
The company’s MD-LIVE program performs “selective and lives acquisition” to gather evidence at the crime scene. This is important as smartphones are evidence that needs to be safely returned after an investigation.
Drowned phones are the company’s staple: the company can extract the damaged hardware, clean them, and move the data to its own storage and restore them.
HancomGMD has been assisting South Korean investigators since 2005 and has been involved in some 150 major investigation agencies locally and globally.
One of them included extracting data from a Samsung phone owned by a suspected terrorist. Another famous case was a notorious one in 2016 when a newborn baby died.
HancomGMD extracted the data from phones of the hospital staff which proved that the doctor who claimed they oversaw the birth was not present and instead had only nurses oversee the procedure.
“We now have over 15,000 registered smartphones and tablets by different manufacturers; we have over 900 apps,” said Jun.
IoT AND 5G: THE EXPLOSION OF DIGITAL EVIDENCE
5G is expected to be commercialized early this year. This will be a further catalyst for growth in digital evidence. Already, data is being saved through smart home services such as home security and pet monitoring. Drones and autonomous vehicles are producing new multimedia data each day. CCTV, DVRs, and black boxes in cars among other Internet of Things (IoT) devices are increasingly becoming more sophisticated.
There will be an explosion of data, and digital forensics is evolving further to meet that demand, says Jun.
“Videos are becoming increasingly high resolution and there are a variety of codecs being developed and uses. In CCTV, each manufacturer uses a different media format to save data.
The time it takes to recover and analyze data is increasing; there is a demand for accelerating recovery by high-performance hardware,” the managing director said.
“For investigators, they now have to consider every peripheral device besides the smartphones for evidence. This is a challenge, but it is also a great opportunity.”
Data saved on IoT devices is also stored via gateways on the cloud; this data is in turn viewed again by consumers usually through their mobile devices.
MD-CLOUD, Cloud forensic software for extraction and analysis of cloud data
“Anyone of these data intersections can be the subject of forensics; the more routes data takes, the higher the possibility to recover that data,” Jun added.
HancomGMD is planning to launch a new product that recovers data from the cloud, though privacy regulations in each country are expected to be a challenge to overcome.
Autonomous vehicles are also a big opportunity.
“Already we are saving navigation data, driving history, and various data from services that links the car to smartphones. Now we will have sensor data and video data around the cars as well. Autonomous cars will be a centerpiece for digital forensics that will help solve a lot of crimes”, said Jun.
Drones are also of increased interest in digital forensics; HancomGMD has hosted classes for investigators that explain its techniques to investigate shot down drones by analyzing wind velocity and their course. It already has over 10 drones, including those made by DJI and major manufacturers, in its database.
HancomGMD has over 15,000 smartphones and tablets by different manufacturers registered in its database; it plans to add more AI speakers, smart TVs, and drones in 2019.
AI, BIG DATA ANALYTICS
The explosion of digital evidence through the rise of 5G and IoT presents another problem, which is how to analyze the immense amount of accumulated data.
“Smartphone forensic market will continue to rise. Drones, vehicles and other IoT devices will further increase uptake for digital. In other words, there is just too much data and too little time for an investigator,” the managing director said.
“And more and bigger data analytics that sort all this data out will be accepted as a scientific investigative method used by investigators.”
Keyword search is obviously available already for texts, but more analytics tools are expected to be developed for video.
“We are adding detection summary for our video recovery programs. Next will be adding object detection such face and car plate numbers: users will input, in a text, the name of the object and the program will search for the correct target among the available data,” he said.
HancomGMD already offers visual guides, such as “Social relationship graphs”, for investigators to put crimes into context. By analyzing the complete set of communication data available to them involved in a crime, the company can draw a map that shows the social relationship, type, and amount of data exchanges between the suspects involved.
"We are already present in 10 countries globally and will meet this growing uptake for digital forensics to expand to 30 countries within three years," said Jun. "Mobile forensics will just get bigger and bigger."
