CISSP · Question #454
Why are mobile devices something difficult to investigate in a forensic examination?
The correct answer is C. They may contain cryptographic protection.. Mobile device forensics is challenging primarily because modern devices often employ strong cryptographic protection (full-disk or file-based encryption) that can make data inaccessible without proper keys or credentials.
Question
Options
- AThere are no forensics tools available for examination.
- BThey may have proprietary software installed to protect them.
- CThey may contain cryptographic protection.
- DThey have password-based security at logon.
How the community answered
(36 responses)- A6% (2)
- B3% (1)
- C78% (28)
- D14% (5)
Why each option
Mobile device forensics is challenging primarily because modern devices often employ strong cryptographic protection (full-disk or file-based encryption) that can make data inaccessible without proper keys or credentials.
This is factually incorrect; numerous mature forensic tools exist specifically for mobile devices, such as Cellebrite UFED, Oxygen Forensic Detective, and Magnet AXIOM, making tool availability a non-issue.
While some devices may have proprietary software, this is not the primary forensic challenge; proprietary software alone does not prevent data extraction the way cryptographic protection does.
Modern mobile devices implement full-disk or file-based encryption using strong cryptographic algorithms (e.g., AES-256), meaning that even if a forensic examiner can physically access the storage medium, the data remains unreadable without the decryption key. This encryption is often tied to the user's PIN, password, or biometric, and hardware-backed key storage (like a Secure Enclave or Trusted Execution Environment) actively resists brute-force and bypass attempts. This makes acquisition and analysis of evidentiary data significantly more difficult compared to traditional unencrypted media.
Password-based logon security is a relatively weak barrier in forensics because many tools can bypass or exploit the logon mechanism, and it does not protect the underlying data storage the way encryption does.
Concept tested: Mobile device encryption challenges in forensic investigations
Source: https://www.nist.gov/publications/guidelines-mobile-device-forensics
Topics
Community Discussion
No community discussion yet for this question.