Mobile forensics involves using specialized tools and acquisition techniques to recover digital evidence of investigative interest. Contrary to popular belief, it’s not only used by law enforcement agencies.
For instance, businesses can use a mobile forensics service to regain access to data on an employee’s device after they accidentally lock it and forget the password. In this case, they would enlist the help of cell phone forensics services like Secure Forensics. Read on to learn more about mobile forensics and what it involves.
There are namely two different types of methods that forensics specialists can use to acquire data from a mobile device:
Logical Acquisition: Also known as logical extraction, this method involves using a software tool to extract specific files and folders from a device. This can include any particular data type, such as text messages, call history, pictures, calendar entries, and so forth. The backed up data is called a logical image.
Physical Acquisition: Unlike logical acquisition, physical acquisition can include capturing the remnants of data that was already deleted, as opposed to only what’s available. Also called a physical memory dump, this technique initially obtains the data in a raw, unreadable format. Other methods are used later to convert the data into readable forms.
Collectable Data Types
There are several different data types that could be of interest to forensics specialists, some of which are exclusive to mobile devices. Here are the most common types of collectable data:
GPS: Of course, GPS (Global Positioning System) data is especially useful if it is on a criminal’s phone. This valuable source of empirical evidence can help investigators pinpoint the suspect’s movements and discover valuable information, such as the location of their hideout. What’s more is that GPS data helps in finding call logs, images, and SMSs.
CDRs: Mobile network service providers use CDRs (Call Detail Records) for performance improvements. They can also be useful to investigators. For instance, a CDR can help them identify who called somebody and when. Investigators can even find out where the call was made by identifying the originating and terminating towers.
SMS: An SMS is not only useful for the information it contains, but it will also reveal who sent it.
App Data: Most users don’t realize just how much of their data a typical app can access. Depending on the permissions given, this can include media files, location information, and contact details. It can also include the camera and microphone, which could lead to a plethora of information depending on whether and how anything was stored.
Forensics specialists use many different types of tools to extract data from a mobile device. These tools are categorized into a classification system of techniques. In descending order, this includes micro read, chip-off, hex dumping, logical extraction, and manual extraction.
The complexity of these methods ranges from the simple act of looking at data on a device’s touchscreen, which is manual extraction, to using a high-powered electron microscope to read the binary data on a memory chip, as done with a micro read.
Mobile forensics is a fascinating field that’s worth learning more about. We hope that this introduction has piqued your interest.