Home News archive Digital Forensics Digital Forensics and the problems we can and will meet
Digital Forensics and the problems we can and will meet

Digital Forensics and the problems we can and will meet

Details
Written by Frode Roarson

Mobile phone - part 1

 

Digital forensic investigators have recently experienced a large increase in requests to perform investigations and research with data from mobile phones. The mobile phone has progressed to so much more than a device on which you make and receive phone calls. They have become small computers that are becoming progressively more powerful. This in turn offers greater opportunities to carry out tasks, previously only possible with a computer.

 

Mobile phones and the ways in which they might be used are still evolving. With the arrival of smart phones, it is no longer sufficient to document only the phone book, call history, text messages, pictures, calendar entries and notes. The data from an ever-increasing number of apps must be documented as these applications provide an abundance of information such as passwords, GPS locations, browsing history, IM messages, etc.

 

An investigator will face many problems including that the number of phones examined over time using a variety of tools and techniques can make it difficult to remember how to perform an investigation of a specific phone. This is further complicated by the differences in make and brand. There is a huge range of mobile phones on the market, which includes a number of proprietary operating systems and embedded file systems, applications, services and peripherals. The different brands of phones often have their own version of an OS (eg Android). These small changes in the OS means that one may need to use a different procedure to do an investigation of the given mobile phone.

 

Mobile phones are designed to communicate over different types of networks such as: GSM, UMTS and other mobile networks, via Bluetooth, infrared and wireless networks. In order to best preserve the data on a phone, it is necessary to isolate the unit from the neighboring networks. This is not always possible. Another problem arising during an investigation of a mobile phone is the battery life, optimally one should not do anything physical or tamper with the evidence (phone) however in the case of a mobile phone. One must also consider that evidence may be lost if the phone turns off. It would therefore be wise to have a variety of cables and chargers available.

 

Mobile phones today use many different data storage options, they may be internal, removable or online. In most cases, it is necessary to use more than one tool to extract and document the required data from the given mobile phone and storage media. In some cases, these tools report conflicting or incorrect information, therefore it is essential to ensure the integrity and authenticity of the data from the mobile phone. While the amount of data stored on mobile phones is still small compared to the storage capacity of a computer, the storage capacity of these units is becoming larger and larger. The greater storage capacity in mobile phones will give an investigator the same problems they experience with computers today. The share amount of data makes it difficult and time consuming.