Enter the 21st century. Cell phones are everywhere. Tech companies are further developing and coming up with new versions of products almost every year. Moreover, modern developers also refined nanotechnology and nano memory, making today’s smartphones nearly equivalent to desktops or laptops.
Some experts even predict that in the foreseeable future, people might not even need desktops/ computers. Well, that’s still irrelevant for now. The topic of concern is that the ubiquitous nature of cell phone usage is also increasing cybercrimes. Not only that, the crimes, in general, are growing in number as well.
That’s how mobile forensics came into the picture. It is a method that allows the investigators to think ahead of the perpetrators to protect and safeguard the common people.
To understand better, we’ve rounded up different aspects of mobile device forensics and why there is a need for one. But before that, let’s shed some light on the term first.
Mobile Device Forensics: What is it?
Mobile forensics is a subset of digital forensics which involves everything around mobile devices. In this field, the investigators use mobile phones to receive digital evidence that could be helpful in criminal investigations. When the term “mobile forensics” pops up, it usually consists of a Cell Phone Forensics Software application in alignment with the international guidelines of acquisition and examination. In other words, the idea is to retrieve data without altering the examined evidence.
The law enforcement agencies typically use three stages of the investigation process to retrieve the data. It includes:
Seizure – Digital forensics bases its operation on the principle that evidence must be preserved, processed, and admissible in a court of law. This is why the officers are always fearful of two risks: lock activation and cellular connection.
Experts advise achieving network isolation via airplane mode/ disabling Wi-Fi and Hotspots, or cloning the SIM card. Also, mobile devices need to be “on” at all times. So, make sure to avoid a shutdown at all times. They use a faraday box to isolate the mobile device from any network communications. The same device helps with the safe transportation of evidence. Doing so will enable you to protect the integrity of the device.
Acquisition – The goal is to retrieve data from the mobile device. You can unlock the screen using the correct PIN, password, pattern, or biometrics. However, not all laws protect such approaches. For instance, according to a ruling, fingerprints are not protected, but passcodes are. Similarly, lock measures might be there on apps. In other words, it is hard to control data on mobile since data is mobile as well.
The investigators need to be attentive enough to gather data using a mobile. Create a complete list of apps and check the archive and backup data. The experts suggest using SIM card imaging to collect information to keep the original intact.
Examination/Analysis – As the first step of any mobile device investigation, you need to identify the type of mobile device, type of network, carrier, and service provider. Ideally, using cell phone forensic software will help you acquire and analyze this data. But, remember, no size fits all. So, keep a diverse range of tools handy to streamline your process. You must present all the information clearly and concisely for better results in the court of law.
In a nutshell, the investigators use the following preservation method of the collected evidence. They safeguard the Wi-Fi signals, telecommunications systems, GPS network and keep the battery charged so that the device is “On” until the investigation process is complete.
Now that you know about the process, the next step is to understand the types of mobile forensics processes.
Types of Mobile Forensics Processes
Ideally, the processes are based on the following parameters.
- Type of the cell phone
- Operating system
- Encryption level
- Availability of unlocking system
So, let’s start with different methods that investigators use to investigate the digital device.
Manual Method: In this method, forensic specialists browse the device manually. They access/ observe the data directly using a keypad. It is a quick method since the examiner knows where to start. However, this method is most prone to human error or biases. Also, it takes a lot of time to capture the data using this method.
Logical Method: This is one of the quickest ways to extract data from the user files directly. The advantage of this method is that you can view the data using mobile forensic tools. However, the disadvantage is that you can’t recover the deleted data from the mobile device using this process.
Physical Method: In this method, the examiner accesses the flash memory of the phone and extracts data from the space. They access the drive directly to garner the existing data and capture the deleted data. A lot of tools are available to bypass the security patch.
File system: In this method, the investigator extracts data from the system level of the mobile. So, they get access to the data related to the applications present in the mobile.
Mobile Device Digital Forensics: Why Is There So Much Hype Around it?
As per a research study, more than 90% of Americans use a mobile phone. Besides that, people living in urban areas in the age group of 18-29 are likely to own a smartphone. Further, in another study by the FBI Internet Crime Complaint Center, the number of ransomware, tech support fraud, extortion/ sextortion victims increases. And guess what? The financial impact of such crimes is staggering.
And mobile phones have the capability of storing a diverse range of evidence. Yes, you heard it right! Here is what you can gather from a mobile device as a piece of evidence.
Types of Evidence
You can retrieve common types of evidence from a mobile device. These usually include:
- Digital photographs, videos, audio files, voice messages.
- SMS text messages and application-based and multimedia messages.
- Call logs (incoming, outgoing, and missed call history)
- Contact list (phonebook or other application)
- Internet browsing history, content, cookies, search history, analytics.
- Notes, calendar, ringtones.
- Documents, spreadsheets, presentation files, and user-created data.
- GPS data, swipe codes, Wi-Fi connection information
- Installed apps content
- Deleted data.
- SMS text messages, call logs, web browser history, and downloaded media.
For instance, there is an arrest of a suspect for allegedly selling drugs or distributing child pornography. The digital forensic investigator can use mobile device forensics software to examine its phone and determine other perpetrators. Thus, allowing them to make further criminal arrests.
In this age, when mobile device technology gravitates around cloud services and streamlines interface technology, it is vital that digital forensics tools must be advanced enough to decode the patterns. Also, as technology continues to evolve, using an application that can scale up and grow with the emerging technologies can help law enforcement agencies to tackle new-age criminals quickly and efficiently.
Further, with the growing demand for the examination of the cellular phone, there is a need to develop the process guidelines. This is because every device differs, so adopting similar measures for all the devices won’t help examiners retrieve quality data admissible in the court of law.
So, the companies need to develop cutting-edge technologies that can cater to the needs of today and the foreseeable future. After all, with so many new models developed every day, it will be challenging to rely on a single process or a tool to address all the possibilities during a criminal investigation.
Tell us, are you using modern technology to navigate the challenges or still stuck with age-old methods.
The author is an IT expert by profession and a writer by passion. While he works as the CTO with a reputed IT services company, he loves pursuing his writing skills as well.