Mobile Device Forensics – Find Out Cellular Phone Undercover Forensics is Aiding Law Enforcement Authorities.

On earth of digital forensics, mobile phone investigations are growing exponentially. The volume of mobile phones investigated each year has grown nearly tenfold within the last decade. Courtrooms are relying a growing number of about the information within a cell phone as vital evidence in the event of all types. Despite that, the practice of mobile phone forensics continues to be in their relative infancy. Many digital investigators are new to the sector and so are trying to find a “Phone Forensics for Dummies.” Unfortunately, that book isn’t available yet, so investigators need to look elsewhere for information about how to best tackle cellphone analysis. This post should by no means act as an academic guide. However, it can be used as being a 1st step to acquire understanding in the area.

First, it’s important to recognize how we reached where we are today. In 2005, there was two billion cell phones worldwide. Today, there are actually over 5 billion and this number is predicted to increase nearly another billion by 2012. Which means that virtually every human being on the planet carries a cellular phone. These phones are not just ways to make and receive calls, but alternatively a resource to keep all information in one’s life. Each time a cell phone is obtained as part of a criminal investigation, an investigator can tell a tremendous amount concerning the owner. In lots of ways, the info found within a phone is a lot more important than the usual fingerprint in that it provides much more than identification. Using forensic software, digital investigators can easily view the call list, texts, pictures, videos, plus much more all to offer as evidence either convicting or vindicating the suspect.

Lee Reiber, lead instructor and owner of mobile phone forensics atlanta., breaks within the investigation into three parts-seizure, isolation, and documentation. The seizure component primarily necessitates the legal ramifications. “If there is no need a legitimate ability to examine these devices or its contents then you certainly will probably have got all the evidence suppressed regardless how hard you have worked,” says Reiber. The isolation component is a vital “because the cellular phone’s data may be changed, altered, and deleted over the air (OTA). Not simply will be the carrier able to do this, but the user can employ applications to remotely ‘wipe’ the information in the device.” The documentation process involves photographing the device during the time of seizure. Reiber says the photos should show time settings, state of device, and characteristics.

After the phone is taken to a digital forensics investigator, these devices ought to be examined having a professional tool. Investigating phones manually is really a last resort. Manual investigation should only be used if no tool out there can support the device. Modern mobile devices are similar to miniature computers which need a sophisticated software programs for comprehensive analysis.

When examining a mobile phone, it is essential to protect it from remote access and network signals. As cellphone jammers are illegal in the usa and many of Europe, Reiber recommends “using a metallic mesh to wrap the product securely after which placing the phone into standby mode or airplane mode for transportation, photographing, and then placing the telephone in a state to get examined.”

Steve Bunting, Senior Forensic Consultant at Forward Discovery, lays the process flow as follows.

Achieve and maintain network isolation (Faraday bag, RF-shielded box, or RF-shielded room).

Thoroughly document the device, noting all information available. Use photography to support this documentation.

When a SIM card is place, remove, read, and image the SIM card.

Clone the SIM card.

With all the cloned SIM card installed, execute a logical extraction of your cell device having a tool. If analyzing a non-SIM device, start here.

Examine the extracted data in the logical examination.

If supported by both model and also the tool, execute a physical extraction in the cell device.

View parsed data from physical extraction, which will vary greatly based on the make/style of the cellphone and also the tool being used.

Carve raw image for a number of file types or strings of information.

Report your findings.

There are two things an investigator can do to acquire credibility from the courtroom. The first is cross-validation of the tools used. It can be vastly critical that investigators usually do not depend on only one tool when investigating a cellphone. Both Reiber and Bunting adamantly recommend using multiple tools for cross-validation purposes. “By crosschecking data between tools, one may validate one tool making use of the other,” says Bunting. The process adds significant credibility to the evidence.

The second strategy to add credibility is to make sure the investigator includes a solid comprehension of the evidence and just how it absolutely was gathered. Most of the investigations tools are easy to use and require only a couple clicks to generate a complete report. Reiber warns against becoming a “point and click” investigator given that the tools are extremely user friendly. If the investigator takes the stand and struggles to speak intelligently regarding the technology accustomed to gather evidence, his credibility are usually in question. Steve Bunting puts it like this, “The more knowledge one has of the tool’s function and also the data 68dexmpky and function located in any cell device, the greater credibility one will have as being a witness.”

In case you have zero experience and suddenly discover youself to be called upon to handle phone examinations for your personal organization, don’t panic. I speak with individuals over a weekly basis inside a similar situation seeking direction. My advice is always exactly the same; register for a training course, become certified, seek the counsel of veterans, participate in online digital forensics communities and forums, and speak to representatives of software companies making investigation tools. By using these steps, it is possible to move from novice to expert within a short period of time.