Mobile Devices
SUBSCRIBE TO FREE
DFI News EMAIL NEWSLETTER
A New Perspective on Siri Forensics
May 21, 2013 8:52 am | by Julie Desautels | Blogs | CommentsSince its release in 2007, the iPhone has been extremely popular. Sales have especially increased within the past three years. With its growing popularity and larger user population, there is a greater chance of coming across a case which involves forensically examining an iPhone.
Complaint Filed against Snapchat
May 20, 2013 11:47 am | News | CommentsA privacy watchdog group is going after Snapchat for deceiving users about self-destructing messages that don't actually self-destruct. The smartphone app has become popular with young people for sending messages that a few seconds later disappear. The Electronic Privacy Information Center has filed a complaint with the Federal Trade Commission.
Book Excerpt: Android Security: Attacks and Defenses
April 10, 2013 7:38 am | Articles | CommentsTo perform forensics on Android devices, it is important to understand the Android system. In this chapter, we will walk through file system specifics.
Book Excerpt: Digital Forensics for Handheld Devices
August 28, 2012 8:00 pm | Articles | CommentsWhen handling evidence from cell phones and other handheld devices, certain precautions must be taken from collection through analysis.
Covered-Writing Then and Now
May 30, 2012 1:47 pm | by Chet Hosmer | Articles | CommentsThe underlying technology has changed since 400 B.C., but covered writing is alive and well. Unfortunately, modern sentries are as overwhelmed, and possibly as oblivious, as they were then.
Retrieving Digital Evidence Methods, Techniques, and Issues
May 30, 2012 1:40 pm | by Yuri Gubanov | Articles | CommentsMost digital activities leave definite traces, allowing investigators to obtain essential evidence, solve criminal cases, and prevent crimes.
The Chinese Cell Phone Menace
May 30, 2012 1:24 pm | by Kevin J. North | Articles | CommentsThe lack of manufacturing standards in the Chinese cell phone industry makes analysis of these devices challenging.
CSI Cell Phone
February 23, 2012 12:52 pm | by Douglas Page | Articles | CommentsMobile device forensics forecast: continued oscillation, chance of cloud computing.
Steganography and Smart Phones
February 8, 2012 8:56 am | by Chet Hosmer | Articles | CommentsA large number of data hiding Apps for Android, iOS, and Windows mobile platforms are rapidly emerging. Being able to identify them and the resulting covert communications is essential.
SIM Forensics: Part 3
July 19, 2011 9:24 am | by John J. Barbara | Articles | CommentsAnalyzing a SIM card can provide the geographical location(s) where the SIM card, the phone, and the owner of the phone (suspect) may have been.
Privacy, Technology, and the Law
May 18, 2011 5:19 am | Articles | CommentsAs mobile devices penetrate our daily lives, it is appropriate to evaluate the effect that these new devices have on our safety and privacy. We must also ensure that the law provides sufficient resources to investigators and prosecutors who investigate and prevent crimes against Americans who increasingly conduct their lives using this new medium.
SIM Forensics: Part 2
May 4, 2011 7:09 am | by John J. Barbara | Articles | CommentsThe previous article included a partial listing of the data or information that may reside on a SIM card, all of which could have potential probative value in an investigation. Although a thorough discussion of all the potential evidence that could be on a SIM card is beyond the scope of this article, some of that information will be discussed in this and a future article.
Enhancing Investigations with GPS Evidence
April 13, 2011 4:47 am | by Ben LeMere | Articles | CommentsThe value of collecting evidence from GPS devices has been well established over the last several years. Most investigators think in terms of being able to obtain GPS evidence in the form of the “breadcrumb trail” known as trackpoints, but much more data is available from these devices.
Mobile Phone Investigations: Best Practices
March 30, 2011 4:42 am | by Evan Dixon | Articles | CommentsIn the world of digital forensics, mobile phone investigations are growing exponentially. The number of cell phones investigated each year has increased nearly tenfold over the past decade. This article can be used as a first step to gain understanding on how to best tackle cell phone analysis.
SIM Forensics: Part 1
March 23, 2011 6:19 am | by John J. Barbara | Articles | CommentsSIMs are found in GSM, iDEN, and Blackberry handsets. Under the GSM framework, a cell phone is termed a Mobile Station, consisting of a SIM card and a handset. From an investigative perspective, one useful feature of a SIM card is that it can be moved from one GSM compatible phone to another.
Understanding the World of Cellular Telephones: Part 3
January 19, 2011 11:20 am | by John J. Barbara | Articles | CommentsMost computer users are aware that a computer’s hard drive contains more information and data than just the files that they create or download. That same awareness cannot be attributed to most cell phone users. This can serve to an investigator’s advantage. The following represents some of the data that can typically be extracted from a cell phone.
Understanding the World of Cellular Telephones: Part 2
November 17, 2010 9:57 am | by John J. Barbara | Articles | CommentsFamiliarity with the five main cell phone operating systems can aid your investigation.
Understanding the World of Cellular Telephones: Part 1
October 5, 2010 8:00 pm | by John J. Barbara | Articles | CommentsTelephone technology has evolved by leaps and bounds. It is important to understand some of the key terminology used when discussing cellular phones and other mobile devices.
Data Extraction from a Physical Dump
September 29, 2010 9:58 am | by Bram Mooij | Articles | CommentsThere is no one “press-the-button” solution (yet) to get all your search terms from a physical cell phone dump. There is, however, a certain approach that can help you solve some of these challenges.
USB Port Monitoring and Flasher Boxes
August 18, 2010 11:16 am | by Bram Mooij | Articles | CommentsA flasher box adds flexibility to the forensic analysis of mobile devices and gives you the opportunity to take that extra step in your investigation.
Introduction to Forensic Processing and Analysis of Cellular Phones
August 2, 2010 1:41 am | WebinarsThis webinar will discuss the processing hierarchy for cellular phones, maintaining and preserving the integrity of volatile cellular phone evidence, and acquisition techniques for cell phone data. It will also discuss and demonstrate current best practice techniques.
Pieces of Eight: iPods, iPads, iPhones, and SQLite
July 28, 2010 11:58 am | by Michael Harrington, CFCE, EnCE | Articles | CommentsConsumers have gone mad over the iPhone and iPad, so now more than ever, forensic examiners need to understand and be able to acquire, exploit, and report on these devices. This article is about understanding one of the structures used to store data on the iPhone and its siblings: the SQLite database.
Flasher Boxes: Back to Basics in Mobile Phone Forensics
July 13, 2010 10:46 am | by John (Zeke) Thackray | Product Releases | CommentsThere is a growing demand to return to the flasher box/hex dumping solution in order to retrieve information from suspect devices not supported by the various mobile phone forensic manufacturers. Here are some considerations to effectively incorporate flasher boxes in your mobile phone investigation.
Seek and You Shall Find: Using Regular Expressions for Fast, Accurate Mobile Device Data Searches
May 7, 2010 6:10 am | by Michael Harrington, CFCE, EnCE | Articles | CommentsIn the world of digital forensics, the power to seek and find is key. The faster and more accurate the search, the faster you can zero in on your target and find the evidence you need to convict, prevent, or locate. Regular expressions are the key to this power.
An Introduction to Android Forensics
April 30, 2010 6:10 am | by Andrew Hoog | Articles | CommentsApplications for Android are developed in Java and run in a separate Dalvik virtual machine with a unique user id and process which is a key mechanism used to enforce data security. As a result, forensic examiners do not have a built-in mechanism we can use on the phone to extract core user data. Instead, new techniques must be developed which require some interaction with the device.
