Challenges in Computer and Mobile Forensics

1. Challenges in Computer and Mobile Forensics The typical customer uses an increasing number of internet accounts each year. The spread of secure, encrypted password protection systems is evolving into a new difficulty, even as password reuse and the usage of cloud services to store and synchronise passwords make experts' jobs easier. Now that we know the current difficulties in desktop and mobile forensics, we can see what lies ahead. Challenges with Computer forensics Desktop forensics is exhibiting several significant trends. The usage of data encryption is the first and most important challenge. Since Windows 8, BitLocker Device Encryption, a Microsoft full-disk encryption application, has been able to protect small and lightweight devices automatically. Once the user logged on to their computer using their Microsoft Account credentials, BitLocker Device Encryption was activated automatically on all devices satisfying certain requirements (such as the usage of a TPM2.0 module and support for Connected Standby) (as opposed to using their local credentials). The adoption of solid-state media to replace magnetic hard drives presents the second significant hurdle. Almost immediately after a file is erased or a disc is (quickly) formatted, SSD devices obliterate any evidence. Regardless of whether the data is still present in the NAND cells, the SSD controller will always respond to SATA instructions with zeroes once the data has been declared destroyed. By using standard methods, it is difficult to reach deleted data or stop the SSD drive from erasing deleted data in the background (write-blocking SATA devices are of little assistance). Life after Trim offered a viable solution to the problem. Microsoft Account use

2. Microsoft keeps encouraging Windows users to sign in to their Windows using a Microsoft Account. Recent Windows 10 releases make it difficult for even seasoned pros to set up a new machine without a Microsoft Account. Regular users might not even be aware that the local option exists. Challenges with mobile forensics Encryption continues to be the key obstacle in mobile forensics. Even though it first emerged in Android 6 devices, extractions have only lately begun to have difficulties due to encryption in Android handsets. Full Disk Encryption (FDE), a less secure encryption method that secures data with a "default password" as a seed for the encryption key, was previously utilised by many mid-range Android smartphones and all Samsung phones made before 2019 to save storage space. The more secure File-Based Encryption (FBE), a more recent encryption system that encrypts data with a key based on the user's screen lock passcode, is nearly universally available on new handsets this year. Many times, specialists could circumvent the FDE; however, the more recent FBE encryption presents a serious difficulty that has yet to be fully understood. Forensics for Android Forensics of Android devices is challenging for a completely other reason. Thousands of models have swamped the market. These morels come with a variety of chipsets produced by various suppliers. There are effective direct acquisition techniques like EDL extraction, which uses a unique engineering mode found on most devices. However, these low-level techniques are restricted to particular manufacturers, models, and chipsets. Additionally, based on the device settings that may enforce an advanced encryption mode that is not susceptible to this method, these methods may or may not be effective. Conclusion Technology-based forensics lacks a "silver bullet." Every step of an examination cannot be handled by a single tool or a collection of tools. Even if one has access to every forensic tool ever created, the results may still be subpar owing to improper methodology, careless errors, bad workflow, or just missing something little but crucial, such as the incorrect time zone or some concealed file metadata.