Mobile Forensics is a branch of Digital Forensics and it is about the acquisition and the analysis of mobile devices to recover digital evidences of investigative interest.
When we talk about Mobile Forensics generally, we use the term “Forensically Sound”, commonly used in the forensic community to define the application of methods and techniques, which respect the international guidelines for acquisition, and examination of mobile devices. The principles for the correct application of Forensically Sound techniques assume the primary purpose, which is the preservation and the possibility of non-contamination of the state of things.All the phases, from the acquisition to forensics analysis of the mobile device, have to totally avoid non-alteration of the examined device. This process is not easy at all, particularly in mobile devices.The continuous evolution of mobile devices technology, allows the commercialization of new mobile phones, which creates new digital investigations problems.Hardware and software for these type of mobile device analysis are numerous, but none is able to give an integrated solution for the acquisition and the forensic analysis of all smartphones.
Furthermore, mobile devices are able to contain plenty of digital information, almost like a computer, so not only a call log or SMS messages as old mobile phones. Many of the digital information in a smartphone is reliant on applications installed on it, which evolve in such a variety that analysis software are not able to support them completely.Often the data acquisition from a mobile device is not compatible with some parameters, which define a Forensically Sound method.In other words to have access to the mobile device it is necessary to use communication vectors, bootloader and other agents which are installed in the memory to enable the communication between the mobile phone and the instrument that we use for the acquisition and so it is not possible to use a write blocking option.Often we resort on modify the device configuration for acquisition, but this operation risks to invalidate the evidence in the Court, even though all the techniques are always well-documented. As much as possible it is always fundamental to respect the international guidelines on mobile forensic to ensure the evidence integrity and the repeatability of the forensic process.
Data that you can expect to recover from a mobile phone, tablets, SIM cards and other mobile devices:-
- Call history
- Contact list
- SIM card data
- Memory card data
- Data on phone memory
- Web history
- Locations (Wi Fi, Mobile tower location, GPS Co-ordinates)
- SMS & MMS (Audio & Video)
- Whatsapp messages