In the world of digital forensics, cellular phone investigations are growing exponentially. The volume of mobile devices investigated each and every year has risen nearly tenfold in the last decade. Courtrooms are relying more and more around the information inside a mobile phone as vital evidence in cases of all types. Despite that, the practice of cellphone forensics continues to be within its relative infancy. Many digital investigators are a novice to the sector and they are trying to find a “Phone Forensics for Dummies.” Unfortunately, that book isn’t available yet, so investigators ought to look elsewhere for information on how to best tackle cellular phone analysis. This post should in no way serve as an academic guide. However, it can be used like a initial step to acquire understanding in the area.
First, it’s important to recognize how we have got to where our company is today. In 2005, there have been two billion mobile phones worldwide. Today, there are actually over 5 billion and therefore number is predicted to develop nearly another billion by 2012. This means that virtually every person on this planet carries a cell phone. These phones are not only ways to make and receive calls, but a resource to hold information in one’s life. Whenever a mobile phone is obtained as an element of a criminal investigation, an investigator has the capacity to tell a substantial amount regarding the owner. In lots of ways, the info found in a phone is much more important than the usual fingerprint in this it offers far more than identification. Using forensic software, digital investigators can easily begin to see the call list, texts, pictures, videos, and a lot more all to serve as evidence either convicting or vindicating the suspect.
Lee Reiber, lead instructor and owner of cell phone data recovery atlanta., breaks within the investigation into three parts-seizure, isolation, and documentation. The seizure component primarily necessitates the legal ramifications. “If there is no need a legal straight to examine these devices or its contents then you certainly will probably have got all evidence suppressed no matter how hard you have worked,” says Reiber. The isolation component is a vital “because the cellular phone’s data could be changed, altered, and deleted within the air (OTA). Not just may be the carrier capable of doing this, nevertheless the user can employ applications to remotely ‘wipe’ the info through the device.” The documentation process involves photographing the phone during the time of seizure. Reiber says the photos should show time settings, state of device, and characteristics.
After the phone is come to the digital forensics investigator, these devices must be examined by using a professional tool. Investigating phones manually is really a last option. Manual investigation should basically be used if no tool on the market will be able to support the device. Modern mobile devices are just like miniature computers which require a sophisticated software packages for comprehensive analysis.
When examining a cellphone, it is important to protect it from remote access and network signals. As mobile phone jammers are illegal in the United States and most of Europe, Reiber recommends “using a metallic mesh to wrap these devices securely then placing the cell phone into standby mode or airplane mode for transportation, photographing, then placing the device in a state to become examined.”
Steve Bunting, Senior Forensic Consultant at Forward Discovery, lays the process flow as follows.
Achieve and sustain network isolation (Faraday bag, RF-shielded box, or RF-shielded room).
Thoroughly document these devices, noting information available. Use photography to back up this documentation.
If your SIM card is at place, remove, read, and image the SIM card.
Clone the SIM card.
Together with the cloned SIM card installed, execute a logical extraction from the cell device with a tool. If analyzing a non-SIM device, start here.
Examine the extracted data from your logical examination.
If backed up by the two model along with the tool, do a physical extraction of the cell device.
View parsed data from physical extraction, which can vary greatly based on the make/style of the cell phone and also the tool used.
Carve raw image for a variety of file types or strings of data.
Report your findings.
There are two things an investigator are capable of doing to get credibility within the courtroom. One is cross-validation of the tools used. It is vastly crucial that investigators will not depend upon only one tool when investigating a cellular phone. Both Reiber and Bunting adamantly recommend using multiple tools for cross-validation purposes. “By crosschecking data between tools, one might validate one tool while using other,” says Bunting. Doing this adds significant credibility on the evidence.
Another strategy to add credibility is to ensure the investigator carries a solid idea of the evidence and how it was actually gathered. A lot of the investigations tools are easy to use and require a couple clicks to create a detailed report. Reiber warns against transforming into a “point and click” investigator given that the various tools are extremely simple to use. If the investigator takes the stand and is not able to speak intelligently concerning the technology accustomed to gather evidence, his credibility will be in question. Steve Bunting puts it similar to this, “The more knowledge one has of your tool’s function and the data 68dexmpky and function located in any cell device, the greater number of credibility you might have being a witness.”
For those who have zero experience and suddenly realise you are called upon to deal with phone examinations for your personal organization, don’t panic. I speak to individuals on a weekly basis within a similar situation trying to find direction. My advice is obviously the same; join a training course, become certified, seek the counsel of veterans, take part in online digital forensics communities and forums, and speak to representatives of software companies making investigation tools. By taking these steps, you may go from novice to expert in the short length of time.