Tag Archives: Computer and Cell Phone Forensics

CELL PHONE FORENSICS INVESTIGATOR LEAVE NO STONE UNTURNED

Technology paved the way for development and also opened the door for criminals to commit crimes without being caught for years. Presently the mobile phones are a double-edged sword; it creates innovative security risks whilst offering valuable sources of verification for cell phone forensics investigator. Their competent capabilities make mobile devices more like computers that serve us to navigate the world. It uses information hoard on and generated by mobile devices to restructure our communications, movements and other personal details.
Cell phone forensics, being an integral part of digital forensics is vital to accurate investigations associated with criminal and civil litigation’s. It comprises of SMS recovery, locations tracking and recovery of multimedia files, contact records of a cell phone, date and time of incoming and outgoing call records. If anybody is intentionally engaged in illegal activities, he will take predictable precautions to hide their tracks. Some of the protective measures adopted by criminals to avoid being caught are listed below:

Encrypting data
Wiping tools
Secure deletion tools
Stenography
Remote data storage devices
Digital data compression

The cell phone forensics requires a lot to extract information from smartphones, cell phones and other devices. We, as forensic investigators of cell phones generally adopt 7 ways to extract and determine cell phone activity as listed below:

Bypassing Security Codes
With the help of specialized tools, digital forensic investigators can haul out the security code from some locked mobile devices. This bypass security code facilitates in acquiring data with forensic software from the device.

Safe SIM Card
The confidential data in memory is destroyed if the wrong SIM card is inserted in a cell phone. Keeping in mind this issue, investigators create “safe” SIM cards for inspection purposes.

Live acquisition
The valuable and confidential proofs might be destroyed if the battery is removed from the mobile phones before the performance of forensic acquisition. In few cases, to make sure that all evidence and useful information is conserved, investigators can leave the mobile device powered on until the forensic operation can be performed, in order to avoid external influences, it’s mandatory to take some precautions beforehand.

Trusted Time Source
Though the clock on the device shows incorrect time, still the network generated system functions properly and offer the accurate data. As an example, the time shown in SMS is generated by SMS service center, not by the phone.

Tracking movements
Several mobile devices store site-based data related to actions and bound media on the device. The investigators will recover this data to perceive this information to conclude the geographic location at a particular time on a mobile device.

Recovering Deleted Data
Accidentally or intentionally deleted information related to call logs may be easily recoverable by the investigators with the help of certain ready to use forensic tools. Such tools offer detailed information of missed, dialed and received calls.

Getting Physical
It is easier for the investigators to recover the extensive amount of deleted data from rising number of mobile devices by analyzing and acquiring the complete memory contents.