On the planet of digital forensics, cellphone investigations are growing exponentially. The volume of mobile devices investigated annually has risen nearly tenfold in the last decade. Courtrooms are relying increasingly more around the information within a cell phone as vital evidence in the event of all types. Despite that, practicing mobile phone forensics continues to be in the relative infancy. Many digital investigators are a novice to the sector and so are searching for a “Phone Forensics for Dummies.” Unfortunately, that book isn’t available yet, so investigators have to look elsewhere for information about how to best tackle cell phone analysis. This informative article should in no way work as an academic guide. However, you can use it like a first step to gain understanding in the area.
First, it’s crucial that you understand how we have got to where our company is today. In 2005, there was two billion mobile phones worldwide. Today, there are over 5 billion and that number is anticipated to grow nearly another billion by 2012. Consequently virtually every human being on Earth carries a mobile phone. These phones are not only a way to make and receive calls, but instead a resource to hold all information in one’s life. Every time a cellphone is obtained as part of a criminal investigation, an investigator will be able to tell a substantial amount regarding the owner. In lots of ways, the data found in the phone is a lot more important compared to a fingerprint in that it gives you a lot more than identification. Using forensic software, digital investigators can start to see the call list, sms messages, pictures, videos, and a lot more all to provide as evidence either convicting or vindicating the suspect.
Lee Reiber, lead instructor and owner of cell phone data recovery atlanta., breaks the investigation into three parts-seizure, isolation, and documentation. The seizure component primarily requires the legal ramifications. “If there is no need a legitimate straight to examine these devices or its contents then you will likely supply the evidence suppressed regardless of how hard you have worked,” says Reiber. The isolation component is the most essential “because the cellular phone’s data can be changed, altered, and deleted on the air (OTA). Not simply will be the carrier capable of doing this, however the user can employ applications to remotely ‘wipe’ the data in the device.” The documentation process involves photographing the phone in the course of seizure. Reiber says the photos should show time settings, state of device, and characteristics.
After the phone is delivered to the digital forensics investigator, the product ought to be examined having a professional tool. Investigating phones manually is really a last resort. Manual investigation should only be used if no tool out there will be able to keep the device. Modern mobile phones are just like miniature computers which require a sophisticated software programs for comprehensive analysis.
When examining a mobile phone, it is important to protect it from remote access and network signals. As mobile phone jammers are illegal in america and a lot of Europe, Reiber recommends “using a metallic mesh to wrap the product securely then placing the cell phone into standby mode or airplane mode for transportation, photographing, and then placing the cell phone in a condition to become examined.”
Steve Bunting, Senior Forensic Consultant at Forward Discovery, lays out your process flow the following.
Achieve and maintain network isolation (Faraday bag, RF-shielded box, or RF-shielded room).
Thoroughly document the unit, noting all information available. Use photography to back up this documentation.
If your SIM card is at place, remove, read, and image the SIM card.
Clone the SIM card.
With all the cloned SIM card installed, execute a logical extraction in the cell device having a tool. If analyzing a non-SIM device, start here.
Examine the extracted data from your logical examination.
If backed up by the two model along with the tool, do a physical extraction of your cell device.
View parsed data from physical extraction, which will vary greatly depending on the make/type of the mobile phone and also the tool getting used.
Carve raw image for various file types or strings of data.
Report your findings.
There are two things an investigator are capable of doing to gain credibility within the courtroom. The first is cross-validation of the tools used. It really is vastly important that investigators tend not to depend on just one tool when investigating a cellular phone. Both Reiber and Bunting adamantly recommend using multiple tools for cross-validation purposes. “By crosschecking data between tools, one may validate one tool while using other,” says Bunting. Doing this adds significant credibility for the evidence.
The second strategy to add credibility is to make sure the investigator carries a solid comprehension of the evidence and exactly how it was actually gathered. Most of the investigations tools are simple to use and require only a couple clicks to generate a complete report. Reiber warns against being a “point and click” investigator since the instruments are so user friendly. If an investigator takes the stand and is not able to speak intelligently regarding the technology employed to gather the evidence, his credibility will be in question. Steve Bunting puts it like this, “The more knowledge one has in the tool’s function along with the data 68dexmpky and function present in any given cell device, the greater number of credibility you will have as a witness.”
When you have zero experience and suddenly end up called upon to take care of phone examinations for your organization, don’t panic. I speak with individuals on the weekly basis inside a similar situation looking for direction. My advice is usually exactly the same; enroll in a training course, become certified, seek the counsel of veterans, engage in online digital forensics communities and forums, and talk to representatives of software companies making investigation tools. By using these steps, you can go from novice to expert in a short period of time.