Worldwide of digital forensics, cellular phone investigations are growing exponentially. The number of mobile devices investigated each year has grown nearly tenfold during the last decade. Courtrooms are relying increasingly more about the information inside a cellphone as vital evidence in cases of all. Despite that, the practice of cellular phone forensics remains in its relative infancy. Many digital investigators are a new comer to the area and they are searching for a “Phone Forensics for Dummies.” Unfortunately, that book isn’t available yet, so investigators ought to look elsewhere for information on how to best tackle cell phone analysis. This short article should by no means act as an academic guide. However, it can be used like a starting point to get understanding in the community.
First, it’s essential to know the way we got to where we have been today. In 2005, there have been two billion mobile phones worldwide. Today, there are actually over 5 billion and that number is predicted to increase nearly another billion by 2012. Because of this nearly every people on Earth posesses a cell phone. These phones are not only a method to make and receive calls, but alternatively a resource to keep all information in one’s life. Every time a cellular phone is obtained included in a criminal investigation, an investigator can tell a substantial amount about the owner. In several ways, the information found in a phone is more important when compared to a fingerprint in this it gives you considerably more than identification. Using forensic software, digital investigators can start to see the call list, texts, pictures, videos, and even more all to serve as evidence either convicting or vindicating the suspect.
Lee Reiber, lead instructor and owner of mobile device forensics atlanta., breaks the investigation into three parts-seizure, isolation, and documentation. The seizure component primarily requires the legal ramifications. “If you do not have a legal ability to examine the device or its contents then you certainly will probably have got all the evidence suppressed regardless how hard you possess worked,” says Reiber. The isolation component is a vital “because the cellular phone’s data can be changed, altered, and deleted within the air (OTA). Not simply will be the carrier able to do this, nevertheless the user can employ applications to remotely ‘wipe’ the info from your device.” The documentation process involves photographing the cell phone at the time of seizure. Reiber says the photos should show time settings, state of device, and characteristics.
Right after the phone is come to the digital forensics investigator, the unit should be examined by using a professional tool. Investigating phones manually is really a final option. Manual investigation should just be used if no tool out there will be able to retain the device. Modern cellular phones are exactly like miniature computers that need a sophisticated applications for comprehensive analysis.
When examining a cellular phone, you should protect it from remote access and network signals. As cellular phone jammers are illegal in america and a lot of Europe, Reiber recommends “using a metallic mesh to wrap these devices securely after which placing the telephone into standby mode or airplane mode for transportation, photographing, and after that placing the telephone in a condition to be examined.”
Steve Bunting, Senior Forensic Consultant at Forward Discovery, lays out of the process flow the following.
Achieve and maintain network isolation (Faraday bag, RF-shielded box, or RF-shielded room).
Thoroughly document these devices, noting all information available. Use photography to aid this documentation.
If a SIM card is within place, remove, read, and image the SIM card.
Clone the SIM card.
Together with the cloned SIM card installed, perform a logical extraction in the cell device using a tool. If analyzing a non-SIM device, start here.
Examine the extracted data from the logical examination.
If maintained by both model and the tool, do a physical extraction from the cell device.
View parsed data from physical extraction, that can vary greatly dependant upon the make/kind of the cellphone as well as the tool getting used.
Carve raw image for a variety of file types or strings of web data.
Report your findings.
There are two things an investigator can perform to get credibility within the courtroom. One is cross-validation from the tools used. It really is vastly essential that investigators usually do not depend upon only one tool when investigating a mobile phone. Both Reiber and Bunting adamantly recommend using multiple tools for cross-validation purposes. “By crosschecking data between tools, one may validate one tool using the other,” says Bunting. The process adds significant credibility on the evidence.
Another strategy to add credibility is to ensure the investigator has a solid idea of evidence and just how it absolutely was gathered. Many of the investigations tools are user friendly and require a couple clicks to create a detailed report. Reiber warns against being a “point and click” investigator now that the various tools are really simple to operate. If the investigator takes the stand and struggles to speak intelligently about the technology used to gather the evidence, his credibility will be in question. Steve Bunting puts it this way, “The more knowledge one has from the tool’s function along with the data 68dexmpky and function present in any cell device, the greater number of credibility one will have as being a witness.”
For those who have zero experience and suddenly find yourself called upon to deal with phone examinations for your personal organization, don’t panic. I consult with individuals on a weekly basis in a similar situation seeking direction. My advice is usually exactly the same; join a training course, become certified, seek the counsel of veterans, engage in online digital forensics communities and forums, and talk to representatives of software companies making investigation tools. By taking these steps, you may change from novice to expert within a short period of time.