Why You Need To Know About Mobile Forensics

National Police Training
February 15, 2013 — 1,192 views  
Become a Bronze Member for monthly eNewsletter, articles, and white papers.

Mobile forensics can be used to extract important information and leads from cell phones or SIM cards, which could not have been secured otherwise.

Though mobile forensics is a relatively new field, it has already found a myriad of applications. The technique can be used to find incriminating evidence such as stolen data and other communications such as text messages, call lists, videos, emails, and pictures.

In criminal and civil cases, investigators frequently extract data from mobile devices to find out which individuals are in cahoots with each other. The location of a suspect can also be found at a particular time.

When a call is made from a cell phone, the carrier records which phone tower the cell phone contacted or pinged and at what time. This makes it very easy to trace a person's whereabouts at a certain time. Cell phones leave a trail of evidence. When you do it right, mobile forensics can be very effective.

Mobile forensics can be used to recover the data given below

  • Location
  • Billing information
  • Text messages
  • Entries to the address book
  • Pictures
  • Emails
  • MMS and videos

The first two types of information can only be retrieved from the carrier, but the information the network needs (to retrieve such data) can be found on the handset only. Data that can be retrieved from a cell phone are:

  • Date or the time when the text messages were sent or calls made.
  • Calls received, missed, or made.
  • Received text messages – deleted and current.
  • Sent text messages (depends on model)
  • The phone's unique number, also called MSISDN

Even if the user has set a PIN number, you can unlock the phone using a PUK (Personal Unlock Code) provided by the carrier. But before you do so, you would have to retrieve technical data from the SIM card and the phone.

Retrieving data from the SIM card

The data stored on the SIM card can be retrieved in many ways. There are three distinct types.

Forensic Examination

There is software that will allow the forensic examination of a SIM card. These systems are able to isolate portable data from the SIM card. There is also software that can retrieve data from handsets.

SIM Readers

Allow users to back up SIM card data and but have no forensic integrity.

Manufacturer's Tools

Several cell phone manufacturers have also created software that will allow cell phone users to restore, backup, transfer, or synchronize data from their cell phones and computers. If you have access to such tools, it may be used to gather data but it cannot be taken as a forensic tool.

Now, with mobile forensics, it is also possible to clone a SIM card onto another SIM card (blank), if you want to protect the original media from any kind of alteration.

Cloud Computing and Forensics

Conducting forensic investigations on cloud computing platforms is quite difficult because the physical hardware cannot be accessed (the data may be stored anywhere). Therefore, forensic techniques cannot be implemented easily.

There are also many technical issues such as the difficulties involved in making a cloud provider submit to a court order. Nevertheless, both mobile forensics and cloud can be useful tools for law enforcement agencies.

National Police Training