MOBILE DEVICE FORENSICS (Pt 1)

The use of mobile phones has become common in the last decade, and it has become an indispensable tool for everybody. Some people do not leave their homes without it, and it is a useful tool especially for businessmen, politicians, professionals, and anybody who needs to have constant communication.

The functionality and features built into cell phones and other mobile devices have also greatly increased. In the past you could only make phone calls, and then the text messaging feature was added.  Then cell phones became calculators, voice recorders and now almost every mobile phone has a camera on it, with picture quality almost equal or exceeding that of digital cameras. The mobile phone revolution started with Nokia’s market domination but was displaced by the iPhone, the revolutionary smartphone introduced by Apple Corporation in 2007 that changed the mobile device landscape. The iPhone, with its flat slate appearance, touch screen capability and high camera resolution, captivated mobile phone users all over the world. In 2008 along came the Android operating system, and it empowered smartphones and other devices from mobile phone manufacturers such as Samsung, Blackberry, Motorola, HTC, LG and Lenovo. Many mobile phone manufacturers have entered markets all over the world, and each company has its own brand and line of mobile phones with a unique set of features such as device architecture and operating system. Mobile operating systems have been developed such as Google’s Android, Apple’s IOS, Windows Mobile, Blackberry OS, Meego, and the discontinued Hewlett Packard WebOS.

Mobile phones can become important tools in a criminal investigation. The last phone call, the last text message, the last camera snapshot, or the last signal bounced off from a carrier’s transmission tower: these are clues that may lead to a successful investigation. Technologies have been merged and integrated. Today mobile phones have the functionality of chatting with friends via Facebook, posting pictures via Instagram or Facebook, and making tweets on Twitter. Substantial hardware upgrades have also been made, with great increase in the memory and processing capabilities. Smartphones such as the Samsung Galaxy S4 can support removable storage media with capacities of up to 64 gigabytes.  The Samsung Galaxy S4 also contains a 1.4 Gigahertz quad core ARM Cortex A9 Central Processing Unit. Ten years ago in 2003, only desktop computers had that kind of processing power. Now we have that on mobile phones, smartphones, and tablets. 5 in 10 cell phone users in Canada use smartphones, according to a study by the Canadian Wireless Telecom Association. Also, 20% of cell phone users also own a tablet, a one piece mobile computer with touch screen capability.

Data and information that can be analyzed from mobile phones or smart phones are:

  • Phone book list
  • Calendar, Organizer and appointment
  • Email
  • Photos
  • Multimedia messages
  • Text Messages
  • Call Logs ( Dialed Calls, Received Calls, Missed Calls, Call Duration)
  • Audio and Video Recording
  • Date, Time, Language or Location settings
  • Web browsing history
  • Electronic documents ( Word documents, Excel, PDF files)
  • SIM card data
  • Flash Card data
  • Mobile application data
  • GPRS, EDGE, Wi-Fi,  CSD, and other wireless traffic and sessions information

Tools such for data acquisition are required to extract this data from the mobile phone and onto a computer. There is concern regarding the data integrity of mobile phone data for use as evidence and this continues to be addressed. There is no one specific tool for acquiring or analyzing the data from mobile phones, and most software tools currently in use have been developed for a particular phone model, architecture or operating system. As such, there is great diversity in the toolkits available for mobile device forensic study and analysis. The open source and hacker community have developed many freeware and open source tools that can be used in mobile device analysis.  The best method for getting current and or erased data from cell phones is to have an electronics forensic specialist do it for you.