The mobile phone in today’s society is without a doubt one of the most impressive revolutions of technology embraced by almost every person throughout the world regardless of race, color, or religion. Edmund Locard (1877-1966), a French criminologist, is regarded as a pioneer in the forensic world with his theory: “every contact leaves a trace,” the Locard exchange principle. At the time he was inspired with this theory, I doubt very much he imagined that it would be as relevant in a modern technological world as it is today.

Simply switching on a mobile device—whether calls are made and received or not—will leave traces of data, not just on the handset but across a telecommunication network. Knowing where to look and understanding what can be retrieved to assist in a successful investigation is key to a case’s swift and reliable conclusion. It is for this reason that the mobile phone has become an integral part of any modern day investigation.

Research by Dr. Jason Beckett in Australia has shown that evidence from cellular devices has increased by 500% in recent years. Is this because mobile phones were ignored and placed in the too difficult basket and are now being examined or that they are indeed being manipulated and used more extensively in the commission of criminal activity? Without a doubt the criminal fraternity is looking at mobile forensic manufacturers’ websites and researching which devices are supported or not, as the case may be, prior to making their purchase. This has been evidenced numerous times in Mexico during investigations into organized crime involving the drug cartels.

So where do we go if big league criminals are taking such evasive action? “Back to Basics.” There is a growing demand to return to the flasher box/hex dumping solution in order to retrieve information from suspect devices not supported by the various mobile forensic phone manufacturers. What are the alternatives? Thumb through the screen recording data as it appears? Certainly best practice would suggest that this be the first course of action regardless, when all else fails. Tools such as the Fernico ZRT and ZRT2 HD are excellent, easy to use products to facilitate this process. I use these tools on every single case regardless if it is a computer or mobile phone investigation to record a photographic survey of the device prior to and at the end of a forensic analysis. However, what about the latent data? What about damaged phones? What about phones without a SIM card? What about PIN protected handsets?

From: Flasher Boxes: Back to Basics in Mobile Phone Forensics by John (Zeke) Thackray