Mobile Phone Forensics Tools – Realize How Cell Phone Investigative Forensics is Assisting Police Force Authorities.

Worldwide of digital forensics, mobile phone investigations are growing exponentially. The volume of cell phones investigated every year has increased nearly tenfold during the last decade. Courtrooms are relying more and more about the information inside a mobile phone as vital evidence in cases of all. Despite that, the concept of cellular phone forensics remains to be in its relative infancy. Many digital investigators are a new comer to the area and therefore are in search of a “Phone Forensics for Dummies.” Unfortunately, that book isn’t available yet, so investigators have to look elsewhere for information on how to best tackle mobile phone analysis. This post should in no way work as an academic guide. However, you can use it being a first step to achieve understanding in the region.

First, it’s essential to know how we got to where our company is today. In 2005, there have been two billion cell phones worldwide. Today, there are over 5 billion and that number is predicted to develop nearly another billion by 2012. This means that just about any people on this planet comes with a cell phone. These phones are not just ways to make and receive calls, but alternatively a resource to keep all information in one’s life. Every time a cellphone is obtained included in a criminal investigation, an investigator can tell a substantial amount concerning the owner. In many ways, the data found in a phone is much more important than a fingerprint for the reason that it gives you much more than identification. Using forensic software, digital investigators have the ability to start to see the call list, text messages, pictures, videos, plus much more all to serve as evidence either convicting or vindicating the suspect.

Lee Reiber, lead instructor and owner of mobile device forensics tools., breaks in the investigation into three parts-seizure, isolation, and documentation. The seizure component primarily requires the legal ramifications. “If there is no need a legal directly to examine these devices or its contents then you definitely will likely supply evidence suppressed no matter how hard you possess worked,” says Reiber. The isolation component is a vital “because the cellular phone’s data might be changed, altered, and deleted within the air (OTA). Not merely is definitely the carrier able to perform this, nevertheless the user can employ applications to remotely ‘wipe’ the data through the device.” The documentation process involves photographing the device at the time of seizure. Reiber says the photos should show time settings, state of device, and characteristics.

Right after the phone is come to the digital forensics investigator, these devices should be examined with a professional tool. Investigating phones manually is really a final option. Manual investigation should simply be used if no tool out there is able to retain the device. Modern mobile phones are like miniature computers that need a sophisticated software programs for comprehensive analysis.

When examining a cellphone, it is essential to protect it from remote access and network signals. As cell phone jammers are illegal in the states and most of Europe, Reiber recommends “using a metallic mesh to wrap the device securely and after that placing the cell phone into standby mode or airplane mode for transportation, photographing, and after that placing the telephone in a state to become examined.”

Steve Bunting, Senior Forensic Consultant at Forward Discovery, lays out the process flow as follows.

Achieve and sustain network isolation (Faraday bag, RF-shielded box, or RF-shielded room).

Thoroughly document the product, noting information available. Use photography to aid this documentation.

If your SIM card is place, remove, read, and image the SIM card.

Clone the SIM card.

Together with the cloned SIM card installed, perform a logical extraction from the cell device by using a tool. If analyzing a non-SIM device, start here.

Examine the extracted data through the logical examination.

If backed up by both the model and also the tool, conduct a physical extraction from the cell device.

View parsed data from physical extraction, that can vary greatly according to the make/style of the mobile phone and the tool being utilized.

Carve raw image for a variety of file types or strings of web data.

Report your findings.

There are two things an investigator can perform to gain credibility within the courtroom. The first is cross-validation of the tools used. It is vastly important that investigators will not count on just one single tool when investigating a cellular phone. Both Reiber and Bunting adamantly recommend using multiple tools for cross-validation purposes. “By crosschecking data between tools, one might validate one tool utilizing the other,” says Bunting. Doing so adds significant credibility on the evidence.

The second approach to add credibility is to make sure the investigator features a solid understanding of evidence and the way it absolutely was gathered. Lots of the investigations tools are user friendly and require only a couple clicks to build a detailed report. Reiber warns against becoming a “point and click” investigator given that the tools are extremely user friendly. If the investigator takes the stand and struggles to speak intelligently regarding the technology employed to gather evidence, his credibility are usually in question. Steve Bunting puts it such as this, “The more knowledge one has from the tool’s function as well as the data 68dexmpky and performance located in any cell device, the better credibility one will have as a witness.”

When you have zero experience and suddenly discover youself to be called upon to deal with phone examinations to your organization, don’t panic. I consult with individuals with a weekly basis inside a similar situation seeking direction. My advice is always the same; join a training course, become certified, seek the counsel of veterans, engage in online digital forensics communities and forums, and talk to representatives of software companies making investigation tools. By using these steps, it is possible to go from novice to expert within a short length of time.