On the planet of digital forensics, cellular phone investigations are growing exponentially. The volume of mobile devices investigated each and every year has increased nearly tenfold within the last decade. Courtrooms are relying a lot more on the information in a cell phone as vital evidence in cases of all types. Despite that, the concept of cellular phone forensics remains to be in their relative infancy. Many digital investigators are a novice to the field and they are trying to find a “Phone Forensics for Dummies.” Unfortunately, that book isn’t available yet, so investigators have to look elsewhere for information on how to best tackle cellular phone analysis. This informative article should in no way work as an academic guide. However, you can use it as a first step to get understanding in the community.
First, it’s vital that you know how we reached where our company is today. In 2005, there was two billion cell phones worldwide. Today, you will find over 5 billion and this number is anticipated to cultivate nearly another billion by 2012. Consequently virtually every people on the planet has a mobile phone. These phones are not just ways to make and receive calls, but rather a resource to store information in one’s life. Whenever a cellphone is obtained included in a criminal investigation, an investigator has the capacity to tell a substantial amount concerning the owner. In several ways, the details found inside a phone is more important than a fingerprint in this it offers considerably more than identification. Using forensic software, digital investigators can easily begin to see the call list, text messages, pictures, videos, and a lot more all to serve as evidence either convicting or vindicating the suspect.
Lee Reiber, lead instructor and owner of cell phone analysis atlanta., breaks within the investigation into three parts-seizure, isolation, and documentation. The seizure component primarily requires the legal ramifications. “If there is no need a legitimate straight to examine the product or its contents then you are likely to have the evidence suppressed no matter how hard you might have worked,” says Reiber. The isolation component is an essential “because the cellular phone’s data might be changed, altered, and deleted across the air (OTA). Not simply is definitely the carrier able to do this, however the user can employ applications to remotely ‘wipe’ your data from your device.” The documentation process involves photographing the telephone at the time of seizure. Reiber says the photos should show time settings, state of device, and characteristics.
Once the phone is taken up digital forensics investigator, the product ought to be examined with a professional tool. Investigating phones manually is really a last option. Manual investigation should basically be used if no tool in the marketplace will be able to keep the device. Modern mobile phones are like miniature computers which need a sophisticated software packages for comprehensive analysis.
When examining a cellular phone, it is very important protect it from remote access and network signals. As mobile phone jammers are illegal in the states and a lot of Europe, Reiber recommends “using a metallic mesh to wrap the unit securely after which placing the telephone into standby mode or airplane mode for transportation, photographing, after which placing the phone in a condition to get examined.”
Steve Bunting, Senior Forensic Consultant at Forward Discovery, lays out your process flow as follows.
Achieve and sustain network isolation (Faraday bag, RF-shielded box, or RF-shielded room).
Thoroughly document the unit, noting information available. Use photography to support this documentation.
If your SIM card is at place, remove, read, and image the SIM card.
Clone the SIM card.
Using the cloned SIM card installed, perform a logical extraction in the cell device by using a tool. If analyzing a non-SIM device, start here.
Examine the extracted data from the logical examination.
If backed up by both model as well as the tool, do a physical extraction in the cell device.
View parsed data from physical extraction, which can vary greatly depending on the make/model of the cellphone along with the tool being utilized.
Carve raw image for a number of file types or strings of data.
Report your findings.
There are 2 things an investigator are capable of doing to gain credibility in the courtroom. One is cross-validation from the tools used. It can be vastly crucial that investigators will not depend on just one single tool when investigating a cellular phone. Both Reiber and Bunting adamantly recommend using multiple tools for cross-validation purposes. “By crosschecking data between tools, one may validate one tool using the other,” says Bunting. Doing so adds significant credibility on the evidence.
The second way to add credibility is to make sure the investigator features a solid comprehension of the evidence and how it absolutely was gathered. Lots of the investigations tools are user friendly and require only a couple clicks to create a complete report. Reiber warns against learning to be a “point and click” investigator given that the various tools are really user friendly. If the investigator takes the stand and is unable to speak intelligently about the technology utilized to gather evidence, his credibility are usually in question. Steve Bunting puts it similar to this, “The more knowledge one has from the tool’s function as well as the data 68dexmpky and performance seen in any cell device, the better credibility you might have as being a witness.”
In case you have zero experience and suddenly find yourself called upon to deal with phone examinations for your organization, don’t panic. I speak with individuals with a weekly basis within a similar situation trying to find direction. My advice is definitely the same; sign up for a training course, become certified, seek the counsel of veterans, participate in online digital forensics communities and forums, and talk to representatives of software companies making investigation tools. By using these steps, you can move from novice to expert inside a short amount of time.