What is the main concern in conducting a forensic investigation that includes a mobile device?

Mobile Forensics vs. Computer Forensics: Changes and Challenges for The New Digital Era

Originally, the field of technological forensics that involved computing devices was referred to as computer forensics. This term was first coined in the 1960s, in the age of tape drives and large minicomputers. These were non-networked devices that were stationary and less complex than modern laptops and mobile phones.

However, much has changed. Now, the field is referred to as mobile forensics. Not only does the term “mobile forensics” refer to the mobile and networked nature of communications today, it is also a much more disciplined and scientific process.

Computer forensics was carried out in an ad hoc manner by system administrators who did not investigate in a disciplined or scientific manner. Today, mobile forensics is carried out by dedicated professionals who use systematic methodologies and scientific procedures to assist government and law enforcement to construct a timeline of events. Professionals who conduct mobile forensics use a variety of titles, but their work is now a discrete discipline.

The Internet of Things and the Evolution of Mobile Device Forensics

The field of mobile phone forensics differs from older forms of computer forensics in that systems are no longer isolated and discrete. Instead, devices like cars, refrigerators, doorbells, homes, heating systems and cameras are all interconnected.

Investigative professionals must be able to construct the history of events by tracing data and occurrences throughout all these devices and their associated network, which can potentially span the world. This also includes email, SMS texting and back-end communications.

A phone forensics specialist must be able to understand all these systems to provide a picture to stakeholders of how a set of events took place. Thirty years ago, the line between “computer,” “phone” and other forms of evidence gathering was much sharper. In our networked world, it is a much different web that must be navigated.

Today, organizations such as The Scientific Working Group on Digital Evidence create standards that professionals use in the work of smartphone forensics. These standards bring mobile forensics into line with the investigation standards of our modern law enforcement agencies and what is demanded by the legal system.

How Mobile Forensics Help Uncover the Facts in a Court Case

Mobile forensics tools and methods focus on the collection of data from cellphones and tablets. This includes deleted text messages, apps, social media, call logs, internet search history and more.

Mobile forensic professionals can aid a court case by extracting and preserving data available on a mobile device. They conduct forensic imaging, create mobile forensic reports, serve as expert witnesses in legal cases and download and recover mobile and digital data.

What to Look for In a Top Mobile Forensic Firm

Cell phone forensics, or mobile forensics, is an ever-evolving science that requires a constant adaptation to technology, software, security and knowledge of what to look for across different phone makes, models and systems. Whether it's an iPhone, Android, Windows phone or other, a top mobile forensic professional will be trained on how to:

• Get your data back
• View your data on an eDiscovery platform
• Preserve your data for use in an investigation or court case

Furthermore, top mobile forensic firms will know how to not only extract and preserve your data in accordance with the necessary court requirements, but also how to help showcase this information.

Eide Bailly’s Mobile and Digital Forensic Expertise

Eide Bailly has a trained cellphone and mobile forensic team whose sole focus is helping you uncover the information you need, even if it’s deleted. We are leading innovators in the digital, computer and mobile forensic space. We currently support more than 23,000 devices and nearly 5,000 app versions. Our examiners work in Cellebrite, MPE+ and IEF and make data viewable on eDiscovery review platforms.

Our professionals have experience and capabilities in both technology and computer and mobile forensics, so you not only get the data you need, but you also get important and relevant information for litigation.

We can help find the digital fingerprint necessary to prove your case, and we ensure you have data that is admissible in a court of law. Our approach focuses on continual communication and timely response, prioritizing investigation and forensic preservation of the mobile data you need.

But this expertise doesn’t have to come with a hefty price tag. We work with clients to create cost-effective eDiscovery and mobile forensic plans to help meet their needs. Your data will be handled efficiently and cost-effectively, all with investigative expertise.

Mobile Forensic Tools and Techniques

Here are a few important concepts, techniques and mobile device forensics tools that experts use when working:

Call Detail Records

A fundamental mobile forensics tool, CDRs give call start and end times, terminating and originating cell towers, outgoing or incoming call status and caller identity. Telco providers keep this data for around 18 months. Federal and state privacy regulations control access to this data by investigators.

GPS Data

Physical devices often carry GPS data, which means that an investigator can know where a device was at a certain time. This can be critically important, because this tells an investigator where a device was when certain recorded events on the phone take place.

SMS Messages

SMS text messages always have the phone number of the sender and the receiver, and the date and time of each message. This is a fundamental record that mobile forensics experts seek. Contrary to popular belief, SMS messages can be entered as testimony into court proceedings.

Photos and Videos

These are, of course, prime pieces of evidence for investigators and can be entered into court proceedings.

Hex Dump

Also called a phone dump, this is a method of physical extraction. A hex dump creates a copy of the raw image of the data from the mobile device. This is one of the best methods of physical extraction, since an entire image of all the data, apps and unallocated space are copied from the device onto a forensics workstation for analysis. Commercial tools include software such as XACT, Cellebrite UFED physical analyzer and Pandora’s Box.

Chip-Off

This is similar to a hex dump, except a copy of the flash memory on a device is taken. Advanced technical knowledge is needed for this method, and it’s easy for the data to be corrupted if the flash data isn’t extracted correctly. Tools include iSeasamo Phone Opening Tool, Xytronic 988D Solder Rework Station and FEITA Digital inspection station.

What are the challenges of mobile forensics?

What is the first thing a forensic investigator should do in mobile phone investigations?

What are the important part of mobile devices used in digital forensics?

What is one of the most challenging aspect of mobile forensics?