On the planet of digital forensics, mobile phone investigations are growing exponentially. The volume of cellular phones investigated annually has increased nearly tenfold within the last decade. Courtrooms are relying a growing number of in the information within a cellphone as vital evidence in the event of all. Despite that, practicing cellphone forensics continues to be in their relative infancy. Many digital investigators are new to the area and they are trying to find a “Phone Forensics for Dummies.” Unfortunately, that book isn’t available yet, so investigators need to look elsewhere for information on how to best tackle mobile phone analysis. This post should by no means act as an academic guide. However, you can use it as being a 1st step to acquire understanding in your community.
First, it’s important to know the way we reached where we have been today. In 2005, there are two billion cell phones worldwide. Today, you will find over 5 billion which number is expected to develop nearly another billion by 2012. This means that nearly every human being on Earth has a cellular phone. These phones are not just ways to make and receive calls, but instead a resource to store all information in one’s life. Whenever a cellular phone is obtained as part of a criminal investigation, an investigator will be able to tell an important amount in regards to the owner. In lots of ways, the data found in a phone is much more important compared to a fingerprint in that it gives much more than identification. Using forensic software, digital investigators are able to start to see the call list, sms messages, pictures, videos, and a lot more all to serve as evidence either convicting or vindicating the suspect.
Lee Reiber, lead instructor and owner of mobile device forensics atlanta., breaks within the investigation into three parts-seizure, isolation, and documentation. The seizure component primarily necessitates the legal ramifications. “If you do not have a legitimate ability to examine these devices or its contents then you certainly are likely to supply the evidence suppressed regardless of how hard you have worked,” says Reiber. The isolation component is an essential “because the cellular phone’s data might be changed, altered, and deleted on the air (OTA). Not just will be the carrier capable of doing this, nevertheless the user can employ applications to remotely ‘wipe’ the data in the device.” The documentation process involves photographing the phone in the course of seizure. Reiber says the photos should show time settings, state of device, and characteristics.
After the phone is taken up digital forensics investigator, the device must be examined having a professional tool. Investigating phones manually is actually a last resort. Manual investigation should just be used if no tool available on the market has the capacity to support the device. Modern cell phones are just like miniature computers which need a sophisticated software programs for comprehensive analysis.
When examining a mobile phone, it is important to protect it from remote access and network signals. As mobile phone jammers are illegal in america and a lot of Europe, Reiber recommends “using a metallic mesh to wrap the unit securely then placing the device into standby mode or airplane mode for transportation, photographing, after which placing the device in a condition to be examined.”
Steve Bunting, Senior Forensic Consultant at Forward Discovery, lays out your process flow the following.
Achieve and look after network isolation (Faraday bag, RF-shielded box, and RF-shielded room).
Thoroughly document the product, noting information available. Use photography to aid this documentation.
In case a SIM card is within place, remove, read, and image the SIM card.
Clone the SIM card.
Using the cloned SIM card installed, conduct a logical extraction in the cell device using a tool. If analyzing a non-SIM device, start here.
Examine the extracted data from the logical examination.
If backed by the model as well as the tool, execute a physical extraction of your cell device.
View parsed data from physical extraction, that can vary greatly according to the make/model of the cell phone as well as the tool used.
Carve raw image for a variety of file types or strings of information.
Report your findings.
There are 2 things an investigator are capable of doing to acquire credibility inside the courtroom. The first is cross-validation in the tools used. It is actually vastly important that investigators usually do not depend on merely one tool when investigating a cellphone. Both Reiber and Bunting adamantly recommend using multiple tools for cross-validation purposes. “By crosschecking data between tools, one could validate one tool using the other,” says Bunting. Doing this adds significant credibility for the evidence.
The 2nd method to add credibility is to ensure the investigator features a solid idea of the evidence and how it absolutely was gathered. Many of the investigations tools are user friendly and require a couple clicks to produce a comprehensive report. Reiber warns against transforming into a “point and click” investigator seeing that the tools are extremely simple to operate. If the investigator takes the stand and struggles to speak intelligently regarding the technology used to gather evidence, his credibility are usually in question. Steve Bunting puts it similar to this, “The more knowledge one has in the tool’s function and also the data 68dexmpky and function seen in any given cell device, the greater number of credibility you will have being a witness.”
For those who have zero experience and suddenly discover youself to be called upon to deal with phone examinations to your organization, don’t panic. I speak to individuals on a weekly basis within a similar situation looking for direction. My advice is obviously the same; join a training course, become certified, seek the counsel of veterans, take part in online digital forensics communities and forums, and speak with representatives of software companies making investigation tools. By using these steps, you may go from novice to expert within a short period of time.