Why You Need To Know About Mobile ForensicsNational Police Training
February 15, 2013 — 1,172 views
Mobile forensics can be used to extract important information and leads from cell phones or SIM cards, which could not have been secured otherwise.
Though mobile forensics is a relatively new field, it has already found a myriad of applications. The technique can be used to find incriminating evidence such as stolen data and other communications such as text messages, call lists, videos, emails, and pictures.
In criminal and civil cases, investigators frequently extract data from mobile devices to find out which individuals are in cahoots with each other. The location of a suspect can also be found at a particular time.
When a call is made from a cell phone, the carrier records which phone tower the cell phone contacted or pinged and at what time. This makes it very easy to trace a person's whereabouts at a certain time. Cell phones leave a trail of evidence. When you do it right, mobile forensics can be very effective.
Mobile forensics can be used to recover the data given below
- Billing information
- Text messages
- Entries to the address book
- MMS and videos
The first two types of information can only be retrieved from the carrier, but the information the network needs (to retrieve such data) can be found on the handset only. Data that can be retrieved from a cell phone are:
- Date or the time when the text messages were sent or calls made.
- Calls received, missed, or made.
- Received text messages – deleted and current.
- Sent text messages (depends on model)
- The phone's unique number, also called MSISDN
Even if the user has set a PIN number, you can unlock the phone using a PUK (Personal Unlock Code) provided by the carrier. But before you do so, you would have to retrieve technical data from the SIM card and the phone.
Retrieving data from the SIM card
The data stored on the SIM card can be retrieved in many ways. There are three distinct types.
There is software that will allow the forensic examination of a SIM card. These systems are able to isolate portable data from the SIM card. There is also software that can retrieve data from handsets.
Allow users to back up SIM card data and but have no forensic integrity.
Several cell phone manufacturers have also created software that will allow cell phone users to restore, backup, transfer, or synchronize data from their cell phones and computers. If you have access to such tools, it may be used to gather data but it cannot be taken as a forensic tool.
Now, with mobile forensics, it is also possible to clone a SIM card onto another SIM card (blank), if you want to protect the original media from any kind of alteration.
Cloud Computing and Forensics
Conducting forensic investigations on cloud computing platforms is quite difficult because the physical hardware cannot be accessed (the data may be stored anywhere). Therefore, forensic techniques cannot be implemented easily.
There are also many technical issues such as the difficulties involved in making a cloud provider submit to a court order. Nevertheless, both mobile forensics and cloud can be useful tools for law enforcement agencies.