Top Special Offer! Check discount
Get 13% off your first order - useTopStart13discount code now!
The practice of recovering digital data or evidence from mobile devices while adhering to established procedures is what is meant by the term “mobile forensics.” The diversity of manufacturers, providers, formats, and property technologies is what gives rise to the mobile forensic industry. The rapid upgrades and releases of mobile phones have created these difficulties, making it difficult for forensic investigators to evaluate and scrutinize the devices in order to recover data and evidence.
Mobile gadgets are become an integral part of how we conduct our lives as humans. Despite the fact that the devices are used to communicate, they also keep us connected to everything. It is common to find smartphones acting as social tools, mobile office, and an entertainment device one could roil into. Most households have computers in their houses but everyone owns a mobile device. Today’s smartphones are created with a storage capacity equivalent to a laptop. This is what makes them become the biggest targets for forensic investigation. The paper is purposed to help organize in the evolving procedures and policies that when the investigations of mobile phones are done, they professionally prepare forensic knowledge to accomplish the sound examinations that involve the mobile devices.
Mobile forensic is the practice of utilizing the methodologies of sound for the data that is acquainted within the mobile’s internal memory and the associated media that provides the ability to get accurate reports through the findings (Ayers, Brothers, and Jansen 2013, p.67). Contrary to that, the popular belief also includes the arrays of the devices such as the smartphones and cellular phones which include the mp3 players, external USB drives and digital cameras (Martin 2008 p.102).
The majority of these devices have technologies like multiple cameras, GPS (geographic positioning systems), and frequent connection to the internet (Martin 2009, p.22). The devices also have the potential of possessing essential data that is utilized to provide data to the investigators through forensic investigation. The below section will expressly focus on the smartphones and cell phones through description, legal process, technology, legal challenges as well as possible solutions for the mentioned problems (Mylonas et al. 2012, p.251).
A smartphone or cell phone is actually a radio that has an antenna, speaker, microphone battery, and display. They usually function through wireless networks that pass frequencies from retained towers and switching stations (Martin 2009, p.54). Digital forensic, therefore, deals with the challenges of maintaining the information up to date which can later be utilized when they are investigated. In today’s societies, the mobile devices undergo challenges that are embedded by both professionals and personal functions. The problem usually varies in frequency and design when altered and updated as technological gadgets when they are introduced (Ayers, Brothers, and Jansen 2013, p.110).
The Technology of Mobile Phones
In today’s world, there are a few mobile technologies that exist such as the code division multiple access (CDMA), GSM (Global System for Mobile communications), Integrated Digital enhanced network and group of multiple devices (TDMA) (Martin 2009, p.14). Usually, these devices use the Subscriber identity module (commonly known as the SIM card) because it contains vital data such as configuration information as well as an address book. It is, therefore, significant when it comes to investigations because the phone ties with a network that can be switched between the gadgets.
The SIM card also has the IMSI (International Subscriber Identifier) that links the network to the subscriber (Martin 2009, p.25). The GSM on the other hand also has IMEI (International Mobile station equipment identity) that identifies the mobile phone to the cell network. Another mobile equipment identifier called the CDMA replaced the ESN (Electronic serial number) for easier investigations. Therefore, these identifiers may be used to deny the device network via deactivation (Ayers, Brothers, and Jansen 2013, p.174).
Conversely, most mobile phones consist of a rudimentary that has analogs capabilities and features. They have the microprocessor, random access memory, (RAM), read-only memory (ROM), a digital signal process, microphone, speakers as well as assortments of interfaces, hardware keys and LCD (liquid crystal display) (Bennett 2012, p.156).
The operating system of these devices is usually stored in the NOR or NAND memory through a code implementation that occurs in the RAM. This makes the smartphones to be one of the few gadgets that can multitask and multi-featured. Such devices include the Blackberry, Android, iOS, OS, WebOS, Symbian or Windows (Ayers, Brothers, and Jansen 2013, p.198). The memory considerations of these devices have both volatile and non-volatile memories. The role of the Volatile memory is to store lost information when the device is switched off. The non-volatile memory rather does not play that role, but because of its flash memory that can be found in both the NOR and NAND, it can corrupt and block memories that have slower write/read (Simao 2011, p.118). It does this by allowing access to memory location particularly when the NAND flash allows successive access with higher memory and less stability through the storage aptitudes
The Mobile Forensic Techniques and Tools
The existence miserable exists tool tends to appear as a, she has the standard feature. The variation is that cell phones are created by different manufacturers sometimes to create the various functions that are in existence. It also has different manufactures because it can be utilized through, mobile forensics. For instance, the Katana Lantern specializes in Android and iOS services. The device is also connected to the computer learning theory because the acquisition is usually gained. The information derived is often organized into areas of subject ready for the perusal to examine.
Forensic Challenges
As mentioned earlier, the mobile forensic passes through a few challenges. For instance, the variation of operating systems, generations, manufactures, generations and different features make it hard in utilizing similar tools across the board of devices. Moreover, the quick revolution of mobile devices such as the improved technology usually changes the ways of the investigation at a very high rate (Bennett 2012, p.162).
Mobile forensic also undergoes through unique problems in various stages that can seize the device. In this case, there are five steps that when taken, it can affect the way to the forensic investigation:
Off – This means the power is off while the battery is removed.
Nascent state – this is when the mobile is factory set without using data.
Quiescent state – the device appears to function but yet it’s running under function.
Semi-active – this means that the device is scheduled to operate at the particular time.
Active state – the apparatus, in this case, is powered and is on powered activities (Martin 2009, p.38).
A Smartphone Is Never Just a Smartphone
When it comes to Android, vendors and operating systems, vary widely, but even within Blackberry and iOSgroups, most of them have commercialized versions that are spread among the six: iPhone, five iPad touch, and five iPad devices. Unlike iPhone users, it is very unusual for the Android users to upgrade their system of operation. This makes it hard to investigate the android phones because once the old version is gone, it can never be recovered (Breeuwsma 2006, p.33)
Data Protection through Passwords and Encryption
It is undeniable that no one can extract any information from a smartphone without a password. The passcode embraced in iPhones fall into two categories: complex and straightforward. When the mobile data is retrieved, it should automatically reveal the password to all devices. However, the iPhones do not have passcodes that protect them because one can by-pass quickly (Klaver 2010, p.148). When investigation wants to be done, it will be discovered that evidence has already been extracted and all data including protected files would have been removed.
A complex password, on the other hand, takes even more effort. For instance, the investigator needs to understand and manually insert the passcode in order to decrypt and extract data. If the investigator cannot get the right passcode, then it would be impossible to remove the protected files (“The demand for mobile forensics continues to grow” 2012).
The Prepaid Burner Phones
Specifically, these are phones that have always have problems for some time. The data of the device has already been disabled and cannot be enabled. The worst part is that the vendors have even bypassed making the API’s of those phones because of the logical mode and file system. Most likely, due to the condition of the phone, there is a possibility that some data would have been deleted. It, therefore, requires a highly skilled expertise to decode the cell phone in order to extract data. The investigator, in this case, is unable to do this work due to lack of knowledge (Breeuwsma et al. 2007, p.12).
As seen above the investigators need training and awareness of the diverse features, operating systems as well as suitable tools for investigation each device. Physical and logical forensic also creates other challenges. For instance, the logical acquisition usually exacts information form the mobile phone. However, they have lesser capabilities of trying to recover deleted information and other artifacts as when compared to the physical acquisition. However then, the way the physical forensic supports the add-ons to the tools of mobile forensic since its expensive. The unnecessary expense, particularly in these devices, are backed up in a logical matter.
Training and Expense
It is crucial that both the law enforcers and investigators correctly go through the mobile forensic training to ensure there is the integrity of the investigation. The lawmakers should be aware of how a mobile is handled when it comes to research to prevent damaging tampering evidence. They should then use the faraday bags to maintain the integrity of proof. Law enforcers should also make sure that the cell-signal is not active on the device by wiping of the existing evidence. When an investigation is being conducted, the first important step is to find out whether there were traces of evidence.
By securing and evaluating the scene is the first step taken to ensure that no damage occurs when investigating. Then, proper authorizations such as consent or warrants, especially from the owner and traditional methods, lay DNA and fingerprinting testing linked to the owner of the device (Ayers, Brothers, and Jansen 2013, p.28). The investigators should also be trained on generalized mobile device and vendor specific for mobile forensic tools and functions in obtaining forensic investigative results as well as having proper explanations during the court proceedings. The training could also incur lofty expenses because the training is extensive in nature.
Discussion
Being up to date with new technology is the most suitable way of dealing with the forensic problems that are experienced in mobile forensics. Proper training is considered to be crucial in facing the main issue which is common with improved mobile technology. To have a successful investigation, it is vital to ensure that law enforcers and investigators get the proper training in regards to securing a scene, acquiring evidence, and extracting and analyzing evidence. It is also imperative that researchers know how to properly handle the forensic tools as well as have in-depth knowledge of the technologies of particular forensic tools. To maintain and recover evidence it is vital to have the knowledge of the devices memory capabilities, data deletion capabilities, and the prevention of such acts. But most importantly extensive knowledge of the diverse sources of information and understanding of how they fit together is a vital asset for the investigators (Martin 2009, p.33)
Conclusion
In today’s society mobile forensic has become a crucial need because the use of mobile devices as the most suitable platforms for different applications can give access to significant evidence in forensic investigations. A digital forensic investigator who is well trained and highly skilled plays a crucial role in the process of a criminal investigation when analyzing forensics of mobile devices that belong to the victims, witnesses, victims, and through the evaluation of network traffic in regards to incidents concerning computer security. Even though there are forensic toolkits that are extensive, most of the tools are not developed fully and are a source of full functionality for multiple devices. Expenses are usually barriers to acquiring quality software packages that are important for every manufacturer of mobile devices. Because of this reason, it is crucial that investigators utilize the appropriate toolset for performing forensic analysis for a particular purpose in a manner that is efficient and that will also support the respective case.
References
n.a. 2012. The demand for mobile forensics continues to grow. [Online] Available at: http://www.bluesheepdog.com/mobile-forensics/ [Accessed September 25, 2017]
Ayers, R., Brothers, S., and Jansen, W. 2013. Guidelines on mobile device forensics. Guidelines on mobile device forensics (Draft). NIST Special Publication, 800.
Bennett, D. 2012. The challenges facing computer forensics investigators in obtaining information from mobile devices for use in criminal investigations. Information Security Journal: A Global Perspective, 21(3), pp.159-168.
Breeuwsma, M.F. 2006. Forensic imaging of embedded systems using JTAG (boundary-scan). Digital Investigation, 3(1), pp. 32-42.
Breeuwsma, M.F, De Jongh, M., Klaver, C., Van Der Knijff, R., and Roeloffs, M. 2007. Forensic data recovery from flash memory. Small Scale Digital Device Forensics Journal, 1(1), pp. 1-17.
Grispos, G., Glisson, W. B., and Storer, T. 2013. Using smartphones as a proxy for forensic evidence contained in cloud storage services. In System Sciences (HICSS), 2013 46th Hawaii International Conference on (pp. 4910-4919). Piscataway, NJ: IEEE.
Klaver, C. 2010. Windows Mobile advanced forensics. Digital Investigation, 6(3), pp.147-167.
Martin, A., 2009. Mobile device forensics. [Online] Available at: https://www.sans.org/reading-room/whitepapers/forensics/mobile-device-forensics-32888 [Accessed September 25, 2017]
Mylonas, A., Meletiadis, V., Tsoumas, B., Mitrou, L., and Gritzalis, D. 2012. Smartphone forensics: a proactive investigation scheme for evidence acquisition. Information Security and Privacy Research, pp. 249-260.
Simao, A.M.D.L., Sicoli, F.C., de Melo, L.P., de Deus, F.E., and de Sousa Junior, R.T. 2011. Acquisition of digital evidence in android smartphones. In 9th Australian Digital Forensics Conference (p. 116).
Hire one of our experts to create a completely original paper even in 3 hours!