Cell Phone Data Recovery – Realize How CellPhone Undercover Forensics Is Assisting Law Enforcement Officials.

On earth of digital forensics, mobile phone investigations are growing exponentially. The number of cell phones investigated each year has increased nearly tenfold in the last decade. Courtrooms are relying a growing number of around the information in the cell phone as vital evidence in the event of all. Despite that, the technique of cellular phone forensics remains to be in its relative infancy. Many digital investigators are a novice to the sector and so are in search of a “Phone Forensics for Dummies.” Unfortunately, that book isn’t available yet, so investigators ought to look elsewhere for information on how to best tackle cellular phone analysis. This post should by no means work as an academic guide. However, it can be used as a first step to get understanding in the community.

First, it’s essential to recognize how we have got to where we have been today. In 2005, there are two billion cell phones worldwide. Today, you will find over 5 billion which number is expected to cultivate nearly another billion by 2012. This means that virtually every human being on this planet posesses a cell phone. These phones are not only a means to make and receive calls, but rather a resource to save all information in one’s life. Whenever a mobile phone is obtained within a criminal investigation, an investigator has the capacity to tell a tremendous amount about the owner. In several ways, the information found in a phone is much more important compared to a fingerprint in this it provides much more than identification. Using forensic software, digital investigators have the ability to view the call list, sms messages, pictures, videos, and even more all to provide as evidence either convicting or vindicating the suspect.

Lee Reiber, lead instructor and owner of mobile phone forensics tools atlanta., breaks up the investigation into three parts-seizure, isolation, and documentation. The seizure component primarily involves the legal ramifications. “If you do not have a legal ability to examine the device or its contents then you certainly will likely have got all evidence suppressed regardless of how hard you possess worked,” says Reiber. The isolation component is a vital “because the cellular phone’s data might be changed, altered, and deleted across the air (OTA). Not just may be the carrier capable of doing this, but the user can employ applications to remotely ‘wipe’ the data through the device.” The documentation process involves photographing the telephone during seizure. Reiber says the photos should show time settings, state of device, and characteristics.

After the phone is delivered to digital forensics investigator, the unit must be examined with a professional tool. Investigating phones manually is really a final option. Manual investigation should just be used if no tool available on the market will be able to keep the device. Modern mobile phones are similar to miniature computers that require a sophisticated applications for comprehensive analysis.

When examining a cell phone, it is very important protect it from remote access and network signals. As mobile phone jammers are illegal in the United States and a lot of Europe, Reiber recommends “using a metallic mesh to wrap the unit securely and then placing the phone into standby mode or airplane mode for transportation, photographing, and then placing the phone in a state to be examined.”

Steve Bunting, Senior Forensic Consultant at Forward Discovery, lays out your process flow as follows.

Achieve and sustain network isolation (Faraday bag, RF-shielded box, and RF-shielded room).

Thoroughly document the device, noting all information available. Use photography to back up this documentation.

If your SIM card is at place, remove, read, and image the SIM card.

Clone the SIM card.

With all the cloned SIM card installed, perform a logical extraction of the cell device by using a tool. If analyzing a non-SIM device, start here.

Examine the extracted data in the logical examination.

If maintained by both model as well as the tool, execute a physical extraction of the cell device.

View parsed data from physical extraction, that can vary greatly dependant upon the make/style of the cellular phone as well as the tool getting used.

Carve raw image for a number of file types or strings of information.

Report your findings.

The two main things an investigator is capable of doing to get credibility from the courtroom. The first is cross-validation of the tools used. It is actually vastly essential that investigators do not rely on just one single tool when investigating a cellphone. Both Reiber and Bunting adamantly recommend using multiple tools for cross-validation purposes. “By crosschecking data between tools, one could validate one tool utilizing the other,” says Bunting. Doing so adds significant credibility on the evidence.

The next way to add credibility is to ensure the investigator includes a solid knowledge of the evidence and exactly how it was gathered. A lot of the investigations tools are simple to use and require a couple clicks to create a complete report. Reiber warns against being a “point and click” investigator seeing that the instruments are so simple to use. If the investigator takes the stand and struggles to speak intelligently concerning the technology employed to gather the evidence, his credibility will be in question. Steve Bunting puts it similar to this, “The more knowledge one has in the tool’s function as well as the data 68dexmpky and function located in any cell device, the more credibility one will have as being a witness.”

In case you have zero experience and suddenly discover youself to be called upon to handle phone examinations for your personal organization, don’t panic. I consult with individuals on a weekly basis in the similar situation trying to find direction. My advice is obviously the same; sign up for a training course, become certified, seek the counsel of veterans, participate in online digital forensics communities and forums, and speak to representatives of software companies making investigation tools. If you take these steps, it is possible to move from novice to expert in a short length of time.