homepage
Open menu
Contact Sales
Go one level top
  • Train and Certify
    Free Course Demos

    Free course demos allow you to see course content, watch world-class instructors in action, and evaluate course difficulty.

    Train and Certify
    Immediately apply the skills and techniques learned in SANS courses, ranges, and summits
    Learn More
    • Overview
    • Courses
      • Overview
      • Full Course List
      • By Focus Areas
        • Cloud Security
        • Cyber Defense
        • Cybersecurity and IT Essentials
        • DFIR
        • Industrial Control Systems
        • Offensive Operations
        • Management, Legal, and Audit
      • By Skill Levels
        • New to Cyber
        • Essentials
        • Advanced
        • Expert
      • Training Formats
        • OnDemand
        • In-Person
        • Live Online
      • Free Course Demos
    • Training Roadmaps
      • Skills Roadmap
      • Focus Area Job Roles
        • Cyber Defense Job Roles
        • Offensive Operations Job Roles
        • DFIR Job Roles
        • Cloud Job Roles
        • ICS Job Roles
        • Leadership Job Roles
      • NICE Framework
        • Security Provisionals
        • Operate and Maintain
        • Oversee and Govern
        • Protect and Defend
        • Analyze
        • Collect and Operate
        • Investigate
        • Industrial Control Systems
      • European Skills Framework
    • GIAC Certifications
    • Training Events & Summits
      • Events Overview
      • In-Person Event Locations
        • Asia
        • Australia & New Zealand
        • Latin America
        • Mainland Europe
        • Middle East & Africa
        • Scandinavia
        • United Kingdom & Ireland
        • United States & Canada
      • Live Online Events List
      • Summits
    • OnDemand
    • Get Started in Cyber
      • Overview
      • Degree and Certificate Programs
      • Scholarships
      • Free Training & Resources
    • Cyber Ranges
  • Enterprise Solutions
    New Cyber Trends & Training in 2023

    This eBook offers a glimpse into the key threats that are expected to emerge as forecasted by SANS experts.

    Enterprise Solutions

    Build a world-class cyber team with our workforce development programs.

    Learn More
    • Overview
    • Group Purchasing
    • Build Your Team
      • Assessments
      • Private Training
      • By Industry
        • Health Care
        • Industrial Control Systems Security
        • Military
    • Leadership Training
      • Leadership Courses
      • Executive Cybersecurity Exercises
  • Security Awareness
    2023 Security Awareness Report

    Empowering Security Awareness teams with industry benchmarking, program growth, and career development.

    Security Awareness
    Increase your staff’s cyber awareness, help them change their behaviors, and reduce your organizational risk
    Learn More
    • Overview
    • Products & Services
      • Security Awareness Training
        • EndUser Training
        • Phishing Platform
      • Specialized
        • Developer Training
        • ICS Engineer Training
        • NERC CIP Training
        • IT Administrator
      • Risk Assessments
        • Knowledge Assessment
        • Culture Assessment
        • Behavioral Risk Assessment
    • OUCH! Newsletter
    • Career Development
      • Overview
      • Training & Courses
      • Professional Credential
    • Blog
    • Partners
    • Reports & Case Studies
  • Resources
    Security Policy Templates

    In collaboration with security subject-matter experts, SANS has developed a set of security policy templates for your use.

    Resources
    Enhance your skills with access to thousands of free resources, 150+ instructor-developed tools, and the latest cybersecurity news and analysis
    Browse Here
    • Overview
    • Webcasts
      • Webinars
      • Live Streams
        • Wait Just An Infosec
        • Cybersecurity Leadership
        • SANS Threat Analysis Rundown (STAR)
    • Free Cybersecurity Events
      • Free Events Overview
      • Summits
      • Solutions Forums
      • Community Nights
    • Content
      • Newsletters
        • NewsBites
        • @RISK
        • OUCH! Newsletter
      • Blog
      • Podcasts
        • Blueprint
        • Trust Me, I'm Certified
        • Cloud Ace
        • Wait Just an Infosec
      • Summit Presentations
      • Posters & Cheat Sheets
    • Internet Storm Center
    • Research
      • White Papers
      • Security Policies
    • Tools
    • Focus Areas
      • Cyber Defense
      • Cloud Security
      • Digital Forensics & Incident Response
      • Industrial Control Systems
      • Cyber Security Leadership
      • Offensive Operations
      • Open-Source Intelligence (OSINT)
  • Get Involved
    Join the Community

    Membership of the SANS.org Community grants you access to cutting edge cyber security news, training, and free tools that can't be found elsewhere.

    Get Involved
    Help keep the cyber community one step ahead of threats. Join the SANS community or begin your journey of becoming a SANS Certified Instructor today.
    Learn More
    • Overview
    • Join the Community
    • Work Study
    • Teach for SANS
    • CISO Network
    • Partnerships
    • Sponsorship Opportunities
  • About
    Our Mission

    To empower current and future cybersecurity practitioners around the world with immediately useful knowledge and capabilities, we deliver industry-leading community programs, resources and training.

    About
    Learn more about how SANS empowers and educates current and future cybersecurity practitioners with knowledge and skills
    Learn More
    • SANS
      • Overview
      • Our Founder
      • Awards
    • Instructors
      • Our Instructors
      • Full Instructor List
    • Mission
      • Our Mission
      • Diversity
      • Scholarships
    • Contact
      • Contact Customer Service
      • Contact Sales
      • Press & Media Enquiries
    • Frequent Asked Questions
    • Customer Reviews
    • Press
    • Careers
  • SANS Sites
    • Australia
    • Brazil
    • France
    • India
    • Japan
    • Middle East & Africa
    • Singapore
    • United Kingdom
  • Log In
  • Join
    • Account Dashboard
    • Log Out
  • Contact Sales
  1. Home >
  2. Blog >
  3. Six Steps to Mobile Validation – Working Together for the Common Good

Six Steps to Mobile Validation – Working Together for the Common Good

Six Steps to Successful Mobile Validation is a paper created by mobile forensics experts who joined forces to share key steps for mobile validation

May 21, 2021



Copy_of_SANS_Banners_(9).png

Digital forensics is a complex and ever-changing field that requires a lot of testing, tools, and validation. Mobile forensics is no exception. When handling evidence from mobile devices, documentation, evidence preservation, and validation are critical to successful investigations. In other words, how a mobile device is handled matters.

Mobile validation can take several forms. It can mean acquiring and mounting your dataset in multiple tools, exporting individual files or folders out of your current tool for further inspection in a different utility, or closely examining the raw data file. It most certainly can and should include re-creating scenarios to understand just how an artifact was created and whether the analysis lines up with the action in question.

With the constant state of flux in mobile investigations, it is more important than ever to validate the findings of forensic examinations. Fortunately, investigators have access to some phenomenal tools (both free and paid) that acquire, parse, and analyze smartphone artifacts. However, even though there have been incredible upgrades to these tools over the years in terms of data analysis, examiners still must do their due diligence to validate findings. This is especially important because examiners and tools are constantly playing catch-up with our forensic artifacts.

“Tool reports are not the data. The data is the data. Validate everything that matters. This paper shows how you can do it,” explains Alexis Brignoni, a co-author of Six Steps to Mobile Validation.

Brignoni is one of the 10 top mobile forensics experts from different backgrounds, organizations, and jurisdictions who collaborated to create the paper. Together the co-authors have decades of experience in research, tool development, and validation, as well as in providing testimony. The focus of their collaboration is to educate the community about the optimal steps to ensure that mobile data is extracted, examined, and reported in a trustworthy manner.

“Now more than ever, the community needs to take a stance and help law enforcement understand why validation matters in mobile forensics,” explains co-author Heather Mahalik. “This paper is a collaboration between those who I see as experts in the field, those with research experience, and those who are great representatives of the tools we all rely on to do our jobs. Mobile forensics is constantly evolving, and we need to adapt, adjust, and validate our findings.”

The authors note that, despite there being many tools and methods to support smartphone forensics, no one tool is perfect. Not every step recommended in the paper is necessarily applicable for every investigation. On the other hand, mobile forensics is so broad that the steps recommended, by definition, cannot be exhaustive, and more research or guidance might be necessary depending on the investigation. Ultimately it is the investigators themselves who need to decide which steps are required to obtain the information that they need and are authorized to access, and that answer the key questions at hand.

In short, Six Steps to Mobile Validation guides examiners down a path to ensure that their smartphone examinations are completed successfully.

Capture.PNG


Here are some additional final thoughts from co-authors about Six Steps to Mobile Validation and their collaboration in preparing it:

“I’ve never seen all the key mobile forensic industry players come together like this before. It’s great to see that when the need arises, we can act in the best interests of the community.” – Mike Dickinson, MSAB

“This paper is designed to walk you through six simple steps that will help you gain confidence that you worked the case in a way other experts would. We hope you find it helpful, and, more importantly, we hope you verify and validate what we suggest to you! Follow these steps and feel free to take it further. Ask questions and ask for help. We are a small but mighty DFIR community.” – Heather Mahalik, SANS

“Now more than ever, the community needs to take a stance and help law enforcement understand why validation matters in mobile forensics.  This paper is a collaboration of those who I see as experts in the field, those with research experience and those who are great representatives of the tools we all rely on to do our jobs. Mobile forensics is constantly evolving and we need to adapt, adjust and validate our findings” says paper co-author Heather Mahalik

Copy_of_SANS_Banners_(5).png


Paper Co-Authors:

John Bair: Senior Consultant for an eDiscovery firm in Seattle for which he conducts forensic services and provides expert testimony. John spent 30 years in law enforcement, including 13 years devoted to mobile forensic investigations related to violent crimes.

Alexis Brignoni: FBI Special Agent, Certified Computer Analysis Response Team Examiner, and open-source digital forensics tool developer.

Mattia Epifani: Digital Forensics Analyst and CEO at Reality Net, SANS Certified Instructor, Researcher at the Italian National Council of Research, and Contract Professor at the University of Genoa.

Jessica Hyde: Director, Forensics at Magnet Forensics, and Adjunct Professor at George Mason University.

Paul Lorentz: Technical Account Expert/Senior Solutions Engineer, Cellebrite. Paul previously worked in law enforcement.

Heather Mahalik: Senior Director of Digital Intelligence, Cellebrite, and SANS DFIR Curriculum Lead/Senior Instructor/Author. Heather has over 19 years of experience supporting Law Enforcement, government, and DFIR, and is the co-author of Practical Mobile Forensics.

Christophe Poirier: Sworn Forensic Examiner since 2017 and a cybersecurity expert in the energy sector.

Lee Reiber: Chief Operations Officer, Oxygen Forensics. Lee has over 25 years of experience in law enforcement and support for law enforcement DFIR, and is the author of Mobile Forensic Investigations: A Guide to Evidence Collection, Analysis, and Presentation.

Ian Whiffin: Senior Digital Intelligence Expert, Cellebrite. Ian previously worked in law enforcement and specializes in digital and mobile forensics.

Mike Williamson: Technical Forensic Consultant, Magnet Forensics. Mike previously worked in law enforcement and specializes in digital forensics, software development, and reverse engineering.

Six_stepd_logos.PNG


.


Share:
TwitterLinkedInFacebook
Copy url Url was copied to clipboard
Subscribe to SANS Newsletters
Receive curated news, vulnerabilities, & security awareness tips
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
North Macedonia
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Swaziland
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Zambia
Zimbabwe

By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Recommended Training

  • SEC301: Introduction to Cyber Security
  • SEC505: Securing Windows and PowerShell Automation
  • FOR608: Enterprise-Class Incident Response & Threat Hunting

Tags:
  • Digital Forensics, Incident Response & Threat Hunting

Related Content

Blog
Linux_IR_-_syslog.png
Digital Forensics, Incident Response & Threat Hunting
November 26, 2023
Linux Incident Response - A Guide to syslog-ng
Syslog-ng stands as a sophisticated evolution of the syslog protocol, designed to offer advanced logging capabilities within Linux systems.
Taz_Wake_2.png
Tarot (Taz) Wake
read more
Blog
Linux_IR_-SS.png
Digital Forensics, Incident Response & Threat Hunting
November 22, 2023
Linux Incident Response - Using ss for Network Analysis
Understanding the ss command is crucial for analyzing network connections & traffic, to identify and investigate potentially malicious activities.
Taz_Wake_2.png
Tarot (Taz) Wake
read more
Blog
Linux_IR_-_Rootkits.png
Digital Forensics, Incident Response & Threat Hunting
November 22, 2023
Linux Incident Response - Introduction to Rootkits
Learn about intricacies of Linux rootkits, the diverse types they encompass, their intricate construction techniques, & their historical evolution.
Taz_Wake_2.png
Tarot (Taz) Wake
read more
  • Register to Learn
  • Courses
  • Certifications
  • Degree Programs
  • Cyber Ranges
  • Job Tools
  • Security Policy Project
  • Posters & Cheat Sheets
  • White Papers
  • Focus Areas
  • Cyber Defense
  • Cloud Security
  • Cybersecurity Leadership
  • Digital Forensics
  • Industrial Control Systems
  • Offensive Operations
Subscribe to SANS Newsletters
Receive curated news, vulnerabilities, & security awareness tips
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
North Macedonia
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Swaziland
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Zambia
Zimbabwe

By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
  • © 2023 SANS™ Institute
  • Privacy Policy
  • Terms and Conditions
  • Do Not Sell/Share My Personal Information
  • Contact
  • Careers
  • Twitter
  • Facebook
  • Youtube
  • LinkedIn