Mobile forensics is the process of acquiring, analyzing, and producing data from mobile devices. The process starts with gathering information about the type of device. Once the data is collected from the device, the analysis begins. A digital forensic analyst runs search terms, date and time filter, and review data on the device according to the parameters determined by the search authority.
Several type of data can be found and examined on a mobile device. Some common types are communications (text message, chats, email, call records, instant messages), internet browser history, and recovery of deleted data. Other items that are also found during a forensic collection are location data and application data.
Deleted data may also be recovered during a forensic collection. However, it is fairly easy to overwrite deleted data. When an item is deleted from a mobile device, the space that the data was occupying is now available for new data to take that space. For example, if a picture is deleted on a cell phone, the space the picture was taking up now becomes available for a new piece of data to be saved. If a new message, photo, or video is received, then it is possible the new data will be saved over the deleted photo. This means that the original photo has been overwritten. Since it is overwritten, the original data is no longer recoverable. A factory reset on a device will also overwrite any previously existing data.
Before a forensic collection can begin, there are some critically important questions the forensic expert will ask. What is the make and model of the device? Knowing the make and model of the device helps experts understand the support for the device and assists in figuring out what types of data can and cannot be retrieved.
What is the device’s storage capacity? This helps experts determine the potential amount of time the acquisition will take. The larger the storage capacity, the longer the collection will take. What types of data is being looked for? This information is important because it helps experts decipher how long it will take to conduct the analysis. Experts can also advise if the wanted data can even be found on the device.
Mobile devices are consistently getting more and more features as technology develops. As devices advice the methods of collecting and analyzing data also advance. Mobile forensics is becoming more and more important in many legal matters.
For more Tidbits & Thoughts, please click here.