Wednesday, June 5, 2013

What are you missing?

As I head home from an amazing conference (Techno Security / Mobile Forensics World), I'm still thinking about one of the presentations given there - "What are you missing?"

The topic was technology neutral - but asked a simple question of the audience, do you know what your chosen tools don't get, aren't doing, and other weak points? Essentially, part of knowing your tools is knowing what your tools don't do or when it's not appropriate to use them. The presenter took a specific case, involving a specific mobile phone, and used the many tools available to show which tools fell short and which shined. If you don't know what you're missing, how will you prepare a case and how well will you defend your findings against a better prepared opponent.

Unspoken, but known to users based on screen-shots, the star of the talk was FINALData's FINALMobile Forensics. Where FINALData beats their competition, hands down, is by not attacking the mobile handset - but by focussing on the chips that are common to all phones. It does either a logical or physical download, parses the data accurately, and displays the results in an easy to understand format. Better still, it'll parse the physical downloads from the competition, often finding more information than their competition. Best yet, it's about a third of the cost of it's next nearest competitor. It was the real star of the Mobile Forensics World show.

But, no matter the discipline, do you know what your tools miss? Do you know where it's not appropriate to use them? If you don't, does it worry you that your opposing expert does? It should.

No comments: