It is estimated that approximately 800 million cellular phones were produced in China in 2011,...
Since its release in 2007, the iPhone has been extremely popular. Sales have especially increased within the past three years. With its growing popularity and larger user population, there is a greater chance of coming across a case which involves forensically examining an iPhone.
A privacy watchdog group is going after Snapchat for deceiving users about self-destructing messages that don't actually self-destruct. The smartphone app has become popular with young people for sending messages that a few seconds later disappear. The Electronic Privacy Information Center has filed a complaint with the Federal Trade Commission.
To perform forensics on Android devices, it is important to understand the Android system. In this chapter, we will walk through file system specifics.
When handling evidence from cell phones and other handheld devices, certain precautions must be taken from collection through analysis.
The underlying technology has changed since 400 B.C., but covered writing is alive and well. Unfortunately, modern sentries are as overwhelmed, and possibly as oblivious, as they were then.
Most digital activities leave definite traces, allowing investigators to obtain essential evidence, solve criminal cases, and prevent crimes.
The lack of manufacturing standards in the Chinese cell phone industry makes analysis of these devices challenging.
Mobile device forensics forecast: continued oscillation, chance of cloud computing.
A large number of data hiding Apps for Android, iOS, and Windows mobile platforms are rapidly emerging. Being able to identify them and the resulting covert communications is essential.
Analyzing a SIM card can provide the geographical location(s) where the SIM card, the phone, and the owner of the phone (suspect) may have been.
As mobile devices penetrate our daily lives, it is appropriate to evaluate the effect that these new devices have on our safety and privacy. We must also ensure that the law provides sufficient resources to investigators and prosecutors who investigate and prevent crimes against Americans who increasingly conduct their lives using this new medium.
The previous article included a partial listing of the data or information that may reside on a SIM card, all of which could have potential probative value in an investigation. Although a thorough discussion of all the potential evidence that could be on a SIM card is beyond the scope of this article, some of that information will be discussed in this and a future article.
The value of collecting evidence from GPS devices has been well established over the last several years. Most investigators think in terms of being able to obtain GPS evidence in the form of the “breadcrumb trail” known as trackpoints, but much more data is available from these devices.
In the world of digital forensics, mobile phone investigations are growing exponentially. The number of cell phones investigated each year has increased nearly tenfold over the past decade. This article can be used as a first step to gain understanding on how to best tackle cell phone analysis.
SIMs are found in GSM, iDEN, and Blackberry handsets. Under the GSM framework, a cell phone is termed a Mobile Station, consisting of a SIM card and a handset. From an investigative perspective, one useful feature of a SIM card is that it can be moved from one GSM compatible phone to another.
Most computer users are aware that a computer’s hard drive contains more information and data than just the files that they create or download. That same awareness cannot be attributed to most cell phone users. This can serve to an investigator’s advantage. The following represents some of the data that can typically be extracted from a cell phone.
Familiarity with the five main cell phone operating systems can aid your investigation.
Telephone technology has evolved by leaps and bounds. It is important to understand some of the key terminology used when discussing cellular phones and other mobile devices.
There is no one “press-the-button” solution (yet) to get all your search terms from a physical cell phone dump. There is, however, a certain approach that can help you solve some of these challenges.
A flasher box adds flexibility to the forensic analysis of mobile devices and gives you the opportunity to take that extra step in your investigation.
This webinar will discuss the processing hierarchy for cellular phones, maintaining and preserving the integrity of volatile cellular phone evidence, and acquisition techniques for cell phone data. It will also discuss and demonstrate current best practice techniques.
Consumers have gone mad over the iPhone and iPad, so now more than ever, forensic examiners need to understand and be able to acquire, exploit, and report on these devices. This article is about understanding one of the structures used to store data on the iPhone and its siblings: the SQLite database.
There is a growing demand to return to the flasher box/hex dumping solution in order to retrieve information from suspect devices not supported by the various mobile phone forensic manufacturers. Here are some considerations to effectively incorporate flasher boxes in your mobile phone investigation.
In the world of digital forensics, the power to seek and find is key. The faster and more accurate the search, the faster you can zero in on your target and find the evidence you need to convict, prevent, or locate. Regular expressions are the key to this power.
Applications for Android are developed in Java and run in a separate Dalvik virtual machine with a unique user id and process which is a key mechanism used to enforce data security. As a result, forensic examiners do not have a built-in mechanism we can use on the phone to extract core user data. Instead, new techniques must be developed which require some interaction with the device.