Mobile Phone Data Recovery Atlanta – Find Out Cellular Phone Investigative Forensics is Aiding Law Enforcement Agency Officers.

In the world of digital forensics, mobile phone investigations are growing exponentially. The number of cellular phones investigated every year has increased nearly tenfold during the last decade. Courtrooms are relying a lot more around the information in a cellular phone as vital evidence in cases of all. Despite that, the technique of mobile phone forensics is still in its relative infancy. Many digital investigators are a novice to the area and therefore are looking for a “Phone Forensics for Dummies.” Unfortunately, that book isn’t available yet, so investigators need to look elsewhere for information about how to best tackle cell phone analysis. This article should in no way function as an academic guide. However, it can be used as a starting point to acquire understanding in the region.

First, it’s vital that you recognize how we have got to where we are today. In 2005, there are two billion mobile devices worldwide. Today, you can find over 5 billion which number is expected to grow nearly another billion by 2012. Which means that virtually every people in the world posesses a cellphone. These phones are not only a method to make and receive calls, but rather a resource to store information in one’s life. Every time a cell phone is obtained within a criminal investigation, an investigator can tell a substantial amount in regards to the owner. Often, the information found in a phone is more important compared to a fingerprint because it provides considerably more than identification. Using forensic software, digital investigators have the ability to start to see the call list, sms messages, pictures, videos, and even more all to serve as evidence either convicting or vindicating the suspect.

Lee Reiber, lead instructor and owner of cell phone forensic tools., breaks the investigation into three parts-seizure, isolation, and documentation. The seizure component primarily involves the legal ramifications. “If you do not have a legal ability to examine these devices or its contents then you definitely will probably have the evidence suppressed regardless of how hard you possess worked,” says Reiber. The isolation component is the most essential “because the cellular phone’s data may be changed, altered, and deleted within the air (OTA). Not only is the carrier able to do this, but the user can employ applications to remotely ‘wipe’ the data from your device.” The documentation process involves photographing the phone in the course of seizure. Reiber says the photos should show time settings, state of device, and characteristics.

Once the phone is come to digital forensics investigator, the unit should be examined with a professional tool. Investigating phones manually is a final option. Manual investigation should basically be used if no tool available on the market will be able to secure the device. Modern cell phones are just like miniature computers which require a sophisticated software applications for comprehensive analysis.

When examining a cellphone, it is important to protect it from remote access and network signals. As cell phone jammers are illegal in the usa and many of Europe, Reiber recommends “using a metallic mesh to wrap the product securely and after that placing the cell phone into standby mode or airplane mode for transportation, photographing, after which placing the phone in a condition being examined.”

Steve Bunting, Senior Forensic Consultant at Forward Discovery, lays the process flow the following.

Achieve and look after network isolation (Faraday bag, RF-shielded box, and/or RF-shielded room).

Thoroughly document the device, noting information available. Use photography to back up this documentation.

In case a SIM card is at place, remove, read, and image the SIM card.

Clone the SIM card.

Using the cloned SIM card installed, execute a logical extraction from the cell device using a tool. If analyzing a non-SIM device, start here.

Examine the extracted data from your logical examination.

If maintained by the two model along with the tool, perform a physical extraction from the cell device.

View parsed data from physical extraction, that can vary greatly based on the make/type of the mobile phone along with the tool being used.

Carve raw image for a variety of file types or strings of information.

Report your findings.

The two main things an investigator is capable of doing to gain credibility from the courtroom. One is cross-validation of your tools used. It is actually vastly essential that investigators do not rely on merely one tool when investigating a mobile phone. Both Reiber and Bunting adamantly recommend using multiple tools for cross-validation purposes. “By crosschecking data between tools, one could validate one tool utilizing the other,” says Bunting. Doing this adds significant credibility towards the evidence.

The second approach to add credibility is to make sure the investigator carries a solid comprehension of the evidence and just how it was gathered. A lot of the investigations tools are simple to operate and require a couple clicks to produce a comprehensive report. Reiber warns against being a “point and click” investigator now that the equipment are so simple to use. If an investigator takes the stand and is not able to speak intelligently about the technology used to gather evidence, his credibility will be in question. Steve Bunting puts it like this, “The more knowledge one has in the tool’s function along with the data 68dexmpky and performance located in any given cell device, the greater credibility you might have like a witness.”

For those who have zero experience and suddenly realise you are called upon to deal with phone examinations to your organization, don’t panic. I speak with individuals over a weekly basis inside a similar situation trying to find direction. My advice is definitely the same; sign up for a training course, become certified, seek the counsel of veterans, take part in online digital forensics communities and forums, and consult with representatives of software companies making investigation tools. By using these steps, it is possible to change from novice to expert in a short amount of time.

Leave a Reply

Your email address will not be published. Required fields are marked *