T

Mobile Forensics

Overview of Mobile Forensics

  • Focus on the forensic analysis of mobile devices which includes extracting and analyzing data.
  • Key areas include:
    • Types of mobile devices
    • Mobile operating systems
    • Variability in mobile devices
    • Methods for extracting data
    • Mobile phone architecture
    • Role of digital information in investigations

Mobile Forensics

  • Mobile devices function similarly to computers, offering numerous applications and services.
  • They provide extensive evidentiary data during investigations.
  • Best practice for preserving data:
    • Keep the mobile device running while blocking communication signals (e.g., using a Faraday bag).
  • Challenges in mobile forensics stem from:
    • Diverse data storage and management methods across different devices.

Types of Mobile Devices

  • Cellular Network Basics:
    • Cellular systems consist of short-distance transceivers enabling communication between phones and network.
  • Mobile Network Generations:
    • 2G: Digital cellular networks transition to handheld devices enabling basic data communication.
    • 3G: Transition from circuit-switched to packet-switched networks, allowing broader data access.
    • 4G and 5G: Native IP networks with direct Internet access enhancing speed; 5G offers advanced processing and supports various devices beyond smartphones, including automation tools.

Mobile Phone Operating Systems

  • Prominent OS include:
    • iOS (Apple)
    • Android (Google)
    • Windows Phone OS (Microsoft, less common)
  • 3G, 4G, and 5G phones mirror PC architecture, enabling app installations akin to laptops/desktops.

Variability of Mobile Devices

  • Geolocation capabilities through GPS track user activities, aiding in locating suspects relative to crime scenes.
  • Each device’s unique features necessitate special connectors and drivers for forensic analysis.
  • Device storage forms:
    • Onboard nonvolatile memory (internal)
    • External storage (mini-SD cards) for additional capacity.

Extracting Data from Mobile Devices

  • Forensic analysis enhances understanding of timelines related to criminal activities.
  • Storage Practices:
    • Always store devices in a Faraday bag to avoid remote alterations.
  • Types of Data Extraction:
    • Physical forensic images: Complete, bit-by-bit duplicates of file systems, including deleted data.
    • Logical data extraction: Snapshots representing visible data to standard users.
  • Recommended practice:
    • Run the forensic image operation twice— retain one as evidence, determining extraction types based on the device.

Mobile Phone Architecture

  • Storage Options:
    • SD Cards: Nonvolatile, expandable storage for photos, music, etc.
    • SIM Cards: Contain international mobile subscriber identity (IMSI), and integrated circuit card identifier (ICCID) essential for network identification.
  • Components of a mobile device:
    • Digital signal processor
    • Microprocessor
    • RF transmitter/receiver
    • Audio components
    • Power supply and battery system.

Assessing the Impact of Digital Evidence on an Investigation

  • Causal Chains of Evidence:
    • Cause and effect relationships in crime analysis, detailing how evidence links contribute to overall understanding.
  • Hybrid Crime Assessment Technique:
    • Methodology for dealing with crimes encompassing physical and digital elements (e.g., crimes involving mobile devices).
  • Objective: Integrate information from mobile devices into larger investigations to enhance evidence comprehension.