Mobile phones have become part of our lives. Today almost everyone, from children to adults uses a mobile phone. It has come a long way from just communication devices to feature-rich kits such as high-quality cameras, 4G/5G technology, HD Video resolution and great game playing graphics. These contain a lot of information about users and user activity. Mobile devices such as cell phones, smartphones and tablets present special challenges to the digital forensic investigator.
Mobile phones can provide an abundance of information. The most obvious types of data you can get from a phone are call logs, contact lists and text messages. However, various other types of mobile evidence are certain documents from notes or calendar events, miscellaneous documents and data files as well as locations which can also provide valuable clues for the investigation. This evidence is very fragile in nature and can be tampered easily so it must be taken with utmost care.
Challenges Faced
There are various challenges faced in mobile forensics in relation to its authenticity and integrity. As mobile technology has seen rapid growth over the years going, forensic experts must be advanced with the new techniques to deal with the new challenges.
1. Data Protection
The information on the mobile device can be compromised by breaking the device security using various tools. The server and hard drive are discrete from mobile devices in the construction of the file system. In cell phones, the structure is scattered and available across numerous apps and utilities. This Secure system varies from handset consumer locks to SIM cards, PINs, PUKs and tool encryption. A tool locked through a PIN or Password is probably unlocked both through the proper software program application or through facts from the proprietor of the tool. Encryption is going deeper, securing statistics at a software program or hardware level and is commonly very difficult to decrypt.
2. Manufacturers
The identification of the phone is necessary in the case of mobile forensics investigation as there are multiple device manufacturers which makes identifying difficult. A particular model of a single hardware manufacturer may be sold by different carriers under different names. Mobile phones can sometimes be identified by removing the device's battery, which also prudent the risk of forcing a user to lock or losing data from volatile memory. Even mobile forensics professionals can find it very toilsome to identify a smartphone-based solely on its appearance. For example, the Mobile Forensics Toolkit provides the ability to automatically identify devices when connected.
3. Power and Connectors
Here the problem arises is the power supply to the device for how long can the battery last unplugged as it has information stored on its volatile memory which can be the crucial evidence and if the power goes off, there is loss of the volatile data. So, an appropriate driver must be found to have a communication connection with the computer.
4. Mobile Device Signals
Here the challenge is to block cell phone signals to prevent new access to the device. The essence of this challenge is to block access to all signals that reduce the power efficiency of the battery. Therefore, investigations must be conducted in isolated forensic laboratories to prevent telephone power problems. The device can be put in the faraday’s bag to prevent the incoming and outgoing of signals.
5. Data Content
The amount of data is appropriate for developing growth that is because of the magnificent increase in the storage capacity. However, modern-day gadgets are restrained in processing strength and storage capacity. As an end result of such an elevated proportion of data, cloud providers are used to storing the data, however, in the cloud, it can no longer be easy to recognize wherein the information is truly located, which makes the investigation technique extra difficult.
6. Data Extraction
Different types of data are available on mobile devices such as contacts, text messages, call history, photos, and videos which are considered as evidence. The problem in extraction is whether the data obtained is authentic or not. If evidence, is not error-free then it cannot be used in a court of law. This means mobile data is manipulated. Servers and hard drives have a different file system structure than mobile devices.
How do gather data from Mobile Devices?
Data that can be collected from mobile devices are SMS, Contacts, Call logs, Media, App data, Files, Hidden files and Deleted files. Techniques to gather such data are:
Physical Acquisition: It is a technique for capturing all data including deleted data from a mobile device. The received data is originally in raw format which is converted into human readable format.
Logical Acquisition: It is a technique for extracting files and folders without any deleted data from the device. It makes a copy of the file using a software tool. For example, iTunes backups are used to create logical image for the iPhone or iPad.
Tools Used
In recent years, various tools related to hardware, software and packages have emerged to recover the logical and physical evidence of mobile devices. The hardware contains various cables to connect the phone to the forensic acquisition engine. The package is designed to extract evidence and often analyze it.
Recently, a rhetoric tool for mobile devices was developed. This is often a response to both military unit requirements, and anti-terrorist information and Execution is a rhetorical foresight in crime scenes, execution of arrest warrants or emergency situations. In general, for anyone tool to capture all evidence from all mobile devices is not possible it requires various different working model software.
Commercial Forensic Tools
- Mobiledit Forensic- Retrieve all data from a phone which includes call history, phonebook, SMS, media, files, calendars and raw application data with information on the Operating system, IMEI, ICCID and location.
- Oxygen Forensic- It is a platform where data can be extracted, decoded and analyzed from multiple digital sources.
- Paraben DDS- It is a forensic analysis tool kit which allows to gather the digital data for a variety of different source like networking email, computer, cloud storage, internet data and phones.
- Cellebrite- It provides tools for federal, state, local law enforcement agencies, businesses and service providers to collect, review and analyze the digital data.
- Belkasoft Trial- It captures different mobile devices and performs different analytical tasks, performs case wide searches, bookmark artifacts and generate reports.
- Elcomsoft Los Forensic Toolkit- It performs complete file system and logical survey of iPhone, iPad and iPod Touch devices. It creates image of the device file system, extracts the device password, encryption key, protected data and can decrypt the file system image.
Free tools
- AFLogical OSE
- FTK Imager
- Andriller
- Autopsy
- Linux Memory Extractor
Conclusion
Mobile device rhetoric is a developing field filled with many challenges and opportunities after mobile devices have been analysed for forensic evidence to support criminal investigations. The method is often more difficult than the forensics of older laptops due to the nature of the electronic evidence. Although the forensic toolkit exists most of the tool area units have not been fully developed and do not provide the full multi-device utility. Budget Constraints Law enforcement agencies needs to purchase high quality software packages for use by various mobile device manufacturers.
The secret of investigators is to use an acceptable toolset to analysis in a good way to support criminal cases. Mobile forensics is an integral part of modern criminal investigations. In most cases, at least one type of mobile device is involved and may contain valuable information. While regular mobile phones can usually provide the call data and SMS information, the rise of smartphones and the increasing number of features can provide far more valuable data.
In addition, the rapidly changing areas of mobile forensics have forced professionals to stay up to date as its important to know what data and how much data can be extracted with the usage of a particular toolkit. Therefore, continued training on mobile forensics and the knowledge to the professionals is important to successfully address the challenges of mobile forensics.
SIFS India is the best-renowned laboratory to provide its services for analysis of each type of evidence ranging from Fingerprint to Document, Blood group testing to DNA Fingerprinting and Insurance Investigation to accident reconstruction. They also provide their services for fingerprint verification for PCC from different countries around the globe. At the same time, SIFS India is also a recognized and beloved institution by students and forensic fraternity from India and other countries for their best and renowned expert forensic training by the best faculty. Along with training and teaching, they also provide educational assistance to the students and lifetime learners of Forensic Science in form of Forensic Quiz Series, Expert Talks, Workshops, International Conferences as well as other Forensic Events from time to time on an online platform with diverse personalities of forensic science. So for any assistance from evidence analysis to training, learning, and certification, SIFS India is the one-stop solution for all forensic needs.
Learning at SIFS INDIA
To learn more, visit the Sherlock Institute of Forensic Science India where the team of expert professionals and certified faculty provides you with a great opportunity to learn forensics by attending different forensic events organized from time to time. Also, you can learn by registering yourself in forensic courses and training programs offered by SIFS India both in online and offline mode. You can also visit our YouTube channel for all the events recoding.