mobile incident response and investigation white paper

Mobile Incident Response and Investigations (Project 3)

The mobile platform is experiencing explosive growth, and with that growth comes cyber-incident analysis and response challenges. There are literally several thousand types of mobile devices, with many types of interfaces, operating systems, and connectivity options. This type of environment has many implications for the incident responder. The number of devices makes it impossible to be well versed in each one, complicating analyses. The sheer number of devices also creates a massive expense simply trying to stay abreast of the major players in the market space. Complicating this further is that mobile devices can be the target of a security incident, but mobile devices can also prove to be an elusive means to coordinate, support, or execute an attack. The nature of mobile devices presents other challenges as well, including the ability to remotely access devices and the ability to remotely wipe out evidence, an evidence destruction process that can occur rapidly in a flash memory environment.