Forensic investigators should routinely determine if backup files exist during their initial case assessment. A backup file is a like a snapshot of the devices memory in time. It is an excellent alternative to a lost or locked device or when other forensic procedures cannot recover the data. A backup may be found in the cloud or may be stored on a computer or mobile device. It would require the user’s credentials or a forensic acquisition of the device it was stored in. Attempts to restore a backup without the proper training could result in the contamination and permanent loss of data. A backup file is also a good alternative when faced with a locked device with an unknown pass code. However, advances in technology allow examiners to overcome more locked devices than ever before. Because of the rapid pace of technology, the forensic community lags behind. New tools are created regularly so reviewing the latest forensic capabilities periodically is recommended. Damaged devices can often be accessed after making only minor repairs, more often than not. For example, the simple and inexpensive process of replacing a broken screen may be the only thing preventing the examiner from accessing the device. Water damage can also be easily mitigated, but requires the investigator to follow a recently updated standard procedure. Depending on the device and the current state of the devices power certain actions should be taken. See the iPhone Collection Flowchart and the Android Collection Flowchart.
The FBI on Saturday rebutted media reports that San Bernardino County technicians acted without the agency's consent when they reset the password for the Apple iCloud account belonging to one of the shooters involved in the Dec. 2 terror attack at a county facility that killed 14 people. Read the full LA Times Article here>
Reversing course, a key congressman said lawmakers will need to step into the debate over encryption vs. privacy after Apple said it would oppose a court order demanding it help the FBI hack a spree killer's cell phone. Read the full article here>