On the planet of digital forensics, cellphone investigations are growing exponentially. The quantity of cell phones investigated each year has risen nearly tenfold during the last decade. Courtrooms are relying increasingly more in the information within a mobile phone as vital evidence in cases of all types. Despite that, the concept of cellular phone forensics remains in its relative infancy. Many digital investigators are unfamiliar with the sector and they are searching for a “Phone Forensics for Dummies.” Unfortunately, that book isn’t available yet, so investigators must look elsewhere for information about how to best tackle cellular phone analysis. This post should by no means act as an academic guide. However, it can be used like a 1st step to get understanding in the area.
First, it’s vital that you know how we got to where our company is today. In 2005, there was two billion cell phones worldwide. Today, there are over 5 billion and that number is predicted to cultivate nearly another billion by 2012. Which means that virtually every people on Earth comes with a cell phone. These phones are not only a method to make and receive calls, but alternatively a resource to store information in one’s life. Whenever a cellphone is obtained included in a criminal investigation, an investigator has the capacity to tell an important amount regarding the owner. In many ways, the details found within a phone is much more important than a fingerprint because it gives considerably more than identification. Using forensic software, digital investigators have the ability to start to see the call list, text messages, pictures, videos, and a lot more all to provide as evidence either convicting or vindicating the suspect.
Lee Reiber, lead instructor and owner of mobile phone data recovery., breaks within the investigation into three parts-seizure, isolation, and documentation. The seizure component primarily necessitates the legal ramifications. “If you do not have a legitimate right to examine the product or its contents then you certainly will likely supply the evidence suppressed irrespective of how hard you possess worked,” says Reiber. The isolation component is an essential “because the cellular phone’s data might be changed, altered, and deleted on the air (OTA). Not only is definitely the carrier capable of doing this, however the user can employ applications to remotely ‘wipe’ your data from your device.” The documentation process involves photographing the cell phone in the course of seizure. Reiber says the photos should show time settings, state of device, and characteristics.
After the phone is delivered to digital forensics investigator, the unit ought to be examined with a professional tool. Investigating phones manually can be a last option. Manual investigation should basically be used if no tool out there is able to secure the device. Modern mobile devices are similar to miniature computers that require a sophisticated software applications for comprehensive analysis.
When examining a cellular phone, you should protect it from remote access and network signals. As mobile phone jammers are illegal in america and many of Europe, Reiber recommends “using a metallic mesh to wrap the device securely after which placing the telephone into standby mode or airplane mode for transportation, photographing, then placing the device in a condition to become examined.”
Steve Bunting, Senior Forensic Consultant at Forward Discovery, lays the process flow as follows.
Achieve and keep network isolation (Faraday bag, RF-shielded box, or RF-shielded room).
Thoroughly document these devices, noting all information available. Use photography to assist this documentation.
In case a SIM card is within place, remove, read, and image the SIM card.
Clone the SIM card.
Together with the cloned SIM card installed, do a logical extraction of the cell device using a tool. If analyzing a non-SIM device, start here.
Examine the extracted data from the logical examination.
If maintained by the model along with the tool, execute a physical extraction of the cell device.
View parsed data from physical extraction, that will vary greatly dependant upon the make/style of the cellphone along with the tool being utilized.
Carve raw image for a number of file types or strings of data.
Report your findings.
There are 2 things an investigator are capable of doing to acquire credibility from the courtroom. The initial one is cross-validation from the tools used. It is vastly essential that investigators do not depend on just one tool when investigating a cellular phone. Both Reiber and Bunting adamantly recommend using multiple tools for cross-validation purposes. “By crosschecking data between tools, one could validate one tool using the other,” says Bunting. Accomplishing this adds significant credibility to the evidence.
Another strategy to add credibility is to make certain the investigator features a solid comprehension of evidence and exactly how it was gathered. Many of the investigations tools are simple to use and require a couple clicks to generate a complete report. Reiber warns against transforming into a “point and click” investigator since the tools are so easy to use. If the investigator takes the stand and struggles to speak intelligently concerning the technology used to gather the evidence, his credibility are usually in question. Steve Bunting puts it such as this, “The more knowledge one has in the tool’s function as well as the data 68dexmpky and function seen in any given cell device, the greater credibility you will have like a witness.”
If you have zero experience and suddenly realise you are called upon to take care of phone examinations to your organization, don’t panic. I talk to individuals with a weekly basis in the similar situation trying to find direction. My advice is obviously a similar; sign up for a training course, become certified, seek the counsel of veterans, participate in online digital forensics communities and forums, and speak with representatives of software companies making investigation tools. If you take these steps, you are able to move from novice to expert inside a short length of time.