What is the first thing a forensic investigator should do in mobile phone investigations?
The most successful mobile phone investigations typically combine human investigative expertise with easy-to-use software technology Show By Evan Dixon In the world of digital forensics, mobile phone investigations are growing exponentially. The number of cell phones investigated each year has increased nearly tenfold over the past decade. Courtrooms are relying more and more on the information inside a cell phone as vital evidence in cases of all types. Despite that, the practice of mobile phone forensics is still in its relative infancy. Many digital investigators are new to the field and are in search of a “Phone Forensics for Dummies.” Unfortunately, that book isn’t available yet, so investigators have to look elsewhere for information on how to best tackle cell phone analysis. This article by no means should serve as an academic guide. However, it can be used as a first step to gaining understanding in this area. The History of Phone Forensics The
Step-by-Step Investigation Process After the phone is taken to the digital forensics investigator, the device should be examined with a professional tool. These tools include products such as MOBILedit! Forensic, Paraben Device Seizure, Susteen SecureView, and AccessData MPE. It is absolutely a last resort to investigate phones manually. Manual investigation should only be used if no tool on the market is able to support the device. Modern cell phones are like miniature computers that require a sophisticated software program for comprehensive analysis. When examining a cell phone, it is important to protect it from remote access and a network signal. As cell phone jammers are illegal in the United States and most of Europe, Reiber recommends “using a metallic mesh to wrap the device securely and then placing the phone into standby mode or airplane mode from transportation, photographing and then placing the phone in a state to be examined.” Steve Bunting, Senior Forensic Consultant at Forward Discovery, lays out the process flow as follows.
Credibility on the Stand The second way to add credibility is to make sure the investigator has a solid understanding of the evidence and how it was gathered. Many of the investigations tools are simple to use and require only a couple clicks to generate a detailed report. Reiber warns against becoming a “point and click” investigator now that the tools are so easy to use. If an investigator takes the stand and is unable to speak intelligently about the technology used to gather the evidence, his credibility will be in question. Steve Bunting puts it like this, “The more knowledge one has of the tool’s function and the data structures and function found in any given cell device, the more credibility one will have as a witness.” Getting Started Evan Dixon serves as Director of International Operations for Compelson Laboratories, makers of MOBILedit! Forensic. He has more than six years of experience in mobile phone forensics examination and training. Dixon holds a BS from the University of Colorado and an MBA from Pepperdine University. What are the steps in the mobile forensics process?Generally, the process can be broken down into three main categories: seizure, acquisition, and examination/analysis. Other aspects of the computer forensic process, such as intake, validation, documentation/reporting, and archiving still apply.
What is the first step in a digital forensic investigation?The Digital Forensic Process
First, investigators find evidence on electronic devices and save the data to a safe drive. Then, they analyze and document the information. Once it's ready, they give the digital evidence to police to help solve a crime or present it in court to help convict a criminal.
What are the 4 steps of the forensic process?The general phases of the forensic process are: the identification of potential evidence; the acquisition of that evidence; analysis of the evidence; and production of a report.
What is the main concern in conducting a forensic investigation that includes a mobile device?One of the biggest forensic challenges when it comes to the mobile platform is the fact that data can be accessed, stored, and synchronized across multiple devices. As the data is volatile and can be quickly transformed or deleted remotely, more effort is required for the preservation of this data.
|