Mobile phone forensics is a kind of digital forensics which includes a collection of electronic data for legal evidence purposes. It is useful in gathering criminal information from the digital data from the mobile phone which has been deleted. The goal is to get the deleted data without any loss, damage or manipulation of data.
The process to complete the mobile device forensic activity is as follows:
- Seizure: One of the crucial aspects of mobile phone forensics. The device must be seized to make efficient changes such that any kind of manipulation or overwriting does not lead to loss of data.
- Acquisition: The identification of the mobile device and its manufacturer is important to deduce the authentic evidence in the form of digital data. It can be done manually, physically, logically, file system and brute force acquisition.
- Examination and analysis: High-level investigation can be done because of the smartphone generation and high tech technology.
Tools used in mobile forensics
A wide variety of tools are used in performing an efficient process of mobile forensics such as XRY which is a powerful forensic tool which retrieves all the data from a mobile device, oxygen forensic suite which is also a forensic tool which aids in performing logical and physical analysis of mobile data. Cellebrite UFED also performs data extraction from various mobile devices.
Following details should be examined of a mobile device by a forensic examiner:
- The legal Authority
- The goals of the examination being performed
- To produce, model and identification of the information on the devices
- The storage which us removable and external
Though challenges such as hardware differences, mobile operating systems, lack of resources, the generic state of the device, dynamic nature of the shreds of evidence, accidental reset, device alteration, lack of availability of tools, malicious programs, and legal issues.