KEMBAR78
Computer and Mobile Forensic Analysis | PPT
GR
Uploaded byGol D Roger
PPT, PDF15 views

Computer and Mobile Forensic Analysis

Introduction-to-Mobile-Forensics

Download to read offline
IA 316: Computer and Mobile Forensic Analysis Introduction to Mobile Forensics 05/16/25 04:47 IA316 1
Lecture Outline 05/16/25 04:47 IA316 2  The Lecture covers:  Mobile Forensics: definition and uses  The need for Mobile Forensics  Understanding Mobile Forensics  Challenges in Mobile Forensics
Mobile Forensics 05/16/25 04:47 IA316 3  Mobile Forensics: definition  Subset of Digital Forensics  Deals with recovery of evidence from mobile devices such as Smartphones and Tablets
Mobile Forensics 05/16/25 04:47 IA316 4  Mobile Forensics: uses  Law enforcement: Police, PCCB, DPP, Immigration  Solve a lot of crime: fraud, homicide  Military: espionage, counterterrorism  Businesses: intellectual property theft, authorized and unauthorized use of resources.
The Need for Mobile Forensics 05/16/25 04:47 IA316 5  Growing demand for Mobile Devices  By 2021, it was estimated that there are around 15 Billion Mobile Devices.  Technology and users migrating from Desktop to Mobile Phones  Demand for Smartphones is quite high.
The Need for Mobile Forensics 05/16/25 04:47 IA316 6  Smartphones are becoming compact forms of computers.  High performance, huge storage, and enhanced functionality.
The Need for Mobile Forensics 05/16/25 04:47 IA316 7  Mobile phones are the most personal electronic device that a user accesses.  Perform simple communication tasks, such as calling and texting.  Internet browsing, email, taking photos and videos, creating and storing documents  Identifying locations with GPS services, and managing business tasks.
The Need for Mobile Forensics 05/16/25 04:47 IA316 8  Mobile phones have become portable data carriers, keeping track of all our movements.  Increasing prevalence of mobile phones makes then in invaluable source of evidence.  Evidence acquired from mobile phones is used in both criminal and civil cases.  It is now rare to conduct a digital forensic investigation that does not include a phone.
The Need for Mobile Forensics 05/16/25 04:47 IA316 9  Mobile device call logs and GPS data were used to help solve the attempted bombing in Times Square, New York, in 2010  Read more about the investigation at: https://www.forensicon.com/forensics-blotter/cell-pho ne-email-forensics-investigation-cracks-nyc-times-square -car-bombing-case/
Understanding Mobile Forensics 05/16/25 04:47 IA316 10  Digital forensics is a branch of forensic science focusing on the recovery and investigation of raw data residing in electronic or digital devices.  Intends to extract and recover any information from a digital device without altering the data present on the device.
Understanding Mobile Forensics 05/16/25 04:47 IA316 11  Over the years, digital forensics has grown along with the rapid growth of computers and various other digital devices.  There are various branches of digital forensics based on the type of digital device involved, such as:  Computer forensics  Network forensics  Mobile forensics.
Understanding Mobile Forensics 05/16/25 04:47 IA316 12  Forensically sound  It is a term used in the digital forensics community to qualify and justify the use of a particular forensic technology or methodology.  Core principle for Forensic Sound technology or methodology:  The original evidence must not be altered in any form.  This is extremely difficult with mobile devices.
Understanding Mobile Forensics 05/16/25 04:47 IA316 13  Some forensic tools require a communication vector with the mobile device.  Thus standard write protection will not work during forensic acquisition.
Understanding Mobile Forensics 05/16/25 04:47 IA316 14  Prior to extracting data for forensic examination, some of the forensic acquisition methods may involve:  Detaching a chip  Installing a custom bootloader on the mobile device.  In such cases, the procedure and the changes must be carefully tested and documented for later reference.  This is where examination or data acquisition is not possible without changing the configuration of the device.
Understanding Mobile Forensics 05/16/25 04:47 IA316 15  Following proper methodology and guidelines is crucial in examining mobile devices.  Yields the most valuable data.  Not following the proper procedure during the examination can result in loss or damage of evidence or render it inadmissible in court.
Understanding Mobile Forensics 05/16/25 04:47 IA316 16  Main categories of mobile forensic process:  Seizure  Acquisition  Examination/Analysis
Understanding Mobile Forensics 05/16/25 04:47 IA316 17  Challenges when seizing devices-If the mobile device is found switched off,  Place the device in a Faraday bag to prevent changes should the device automatically power on.  Faraday bags are specifically designed to isolate a phone from a network.
Understanding Mobile Forensics 05/16/25 04:47 IA316 18  Challenges when seizing devices-If the mobile device is found switched on,  Switching it off has a lot of concerns attached to it.  If the phone is locked by a PIN or password, or encrypted, you will be required to bypass the lock or determine the PIN to access the device.
Understanding Mobile Forensics 05/16/25 04:47 IA316 19  Challenges when seizing devices-if the mobile device is found switched on  Mobile phones are networked devices and can send and receive data through different sources, such as:  Telecommunication systems.  Wi-Fi access points  Bluetooth.
Understanding Mobile Forensics 05/16/25 04:47 IA316 20  Challenges when seizing devices-if the mobile device is found switched on  So, if the phone is in a running state, a criminal could securely erase the data stored on the phone by executing a remote wipe command.  When a phone is switched on, it should be placed in a Faraday bag.
Understanding Mobile Forensics 05/16/25 04:47 IA316 21  Challenges when seizing devices-if the mobile device is found switched on  If possible, prior to placing a mobile device in a Faraday bag, you should disconnect it from the network to protect the evidence by:  Enabling flight mode/Airplane mode  Disabling all network connections (Wi-Fi, GPS, hotspots, and so on).
Understanding Mobile Forensics 05/16/25 04:47 IA316 22  Challenges when seizing devices-if the mobile device is found switched on  Disconnecting from the network also helps to:  Preserve the battery, which will drain while in a Faraday bag.  Protect against leaks in the Faraday bag.
Understanding Mobile Forensics 05/16/25 04:47 IA316 23  Mobile device forensic acquisition can be performed using multiple methods.  Each of these methods affects the amount of analysis required.  Should one method fail, another must be attempted.  Multiple attempts and tools may be necessary in order to acquire the maximum amount of data from the mobile device.
Understanding Mobile Forensics 05/16/25 04:47 IA316 24  Mobile phones are dynamic systems  Present a lot of challenges in extracting and analyzing digital evidence.  There is a rapid increase in the number of different kinds of mobile phones from different manufacturers.  Makes it difficult to develop a single process or tool to examine all types of devices.
Understanding Mobile Forensics 05/16/25 04:47 IA316 25  Mobile phones are continuously evolving:  Existing technologies progress and new technologies are introduced.  Furthermore, each mobile is designed with a variety of embedded operating systems.  Hence, special knowledge and skills are required from forensic experts to acquire and analyze the devices.
Challenges in Mobile Forensics 05/16/25 04:47 IA316 26  Hardware differences  The market is flooded with different models of mobile phones from different manufacturers.  Forensic examiners may come across different types of mobile models that differ in:  Size  Hardware  Features  Operating system.
Challenges in Mobile Forensics 05/16/25 04:47 IA316 27  Hardware differences  Short product development cycle -new models emerge very frequently.  It is critical for forensic investigators to adapt to all challenges and remain updated on mobile device forensic techniques across various devices.
Challenges in Mobile Forensics 05/16/25 04:47 IA316 28  Mobile operating systems  In Personal computers, MS Windows has dominated the market for years.  With mobile devices, several Operating Systems are used frequently.  Apple's iOS  Google's Android,  RIM's BlackBerry OS  Microsoft's Windows Phone OS,  HP's webOS, ..
Challenges in Mobile Forensics 05/16/25 04:47 IA316 29  Mobile operating systems  Even within these operating systems, there are several versions, which makes your task even more difficult.
Challenges in Mobile Forensics 05/16/25 04:47 IA316 30  Mobile platform security features:  Modern mobile platforms contain built-in security features to protect user data and privacy.  The features act as a hurdle during forensic acquisition and examination.  E.g. encryption mechanisms from the hardware layer to the software layer.
Challenges in Mobile Forensics 05/16/25 04:47 IA316 31  Mobile platform security features:  Need to break through these encryption mechanisms to extract data from the devices.  Refer: FBI versus Apple encryption dispute.
Challenges in Mobile Forensics 05/16/25 04:47 IA316 32  Preventing data modification  Fundamental rule in forensics is to make sure that data on the device is not modified.  Any attempt to extract data from the device should not alter the data present on that device.  This is not practically possible with mobiles.  Just switching on a device can change the data on that device.
Challenges in Mobile Forensics 05/16/25 04:47 IA316 33  Preventing data modification  Even if a device appears to be in an off state, background processes may still run.  E.g, in most mobiles, the alarm clock still works even when the phone is switched off.  A sudden transition from one state to another may result in the loss or modification of data.
Challenges in Mobile Forensics 05/16/25 04:47 IA316 34  Anti-forensic techniques makes investigations on digital media more difficult. Techniques used include:  Data hiding  Data obfuscation  Data forgery  Secure wiping
Challenges in Mobile Forensics 05/16/25 04:47 IA316 35  Passcode recovery:  A forensic examiner needs to gain access to passcode protected device.  Has to be done without damaging data on the device.  While there are techniques to bypass the screen lock, they may not always work on all versions of the OS.
Challenges in Mobile Forensics 05/16/25 04:47 IA316 36  Lack of resources  The growing number of mobile phones means the amount of tools required by a forensic examiner also increases.  Forensic acquisition accessories, such as USB cables, batteries, and chargers for different mobile phones, have to be maintained.
Challenges in Mobile Forensics 05/16/25 04:47 IA316 37  Dynamic nature of evidence  Digital evidence may be easily altered either intentionally or unintentionally.  E.g: browsing an application on a phone might alter the data stored by that application on the device.
Challenges in Mobile Forensics 05/16/25 04:47 IA316 38  Accidental reset  Mobile phones provide features to reset everything.  Resetting a device accidentally while examining it may result in the loss of data.
Challenges in Mobile Forensics 05/16/25 04:47 IA316 39  Device alteration  The possible ways to alter devices include:  Moving application data  Renaming files  Modifying the manufacturer's operating system.  The expertise of the suspect should be taken into account.
Challenges in Mobile Forensics 05/16/25 04:47 IA316 40  Communication shielding  Mobile devices communicate over:  Cellular networks  Wi-Fi networks  Bluetooth  Infrared.  Since communication might alter the device data, the possibility of further communication should be eliminated after seizing the device.
Challenges in Mobile Forensics 05/16/25 04:47 IA316 41  Lack of availability of tools  There is a wide range of mobile devices.  A combination of tools needs to be used.  A single tool may not support all the devices or perform all the necessary functions.  So, choosing the right tool for a particular phone might be difficult.
Challenges in Mobile Forensics 05/16/25 04:47 IA316 42  Malicious programs  The device might contain malware or malicious software, such as a virus or a Trojan.  These programs may try to spread over other devices over either a wired interface or a wireless one.
Challenges in Mobile Forensics 05/16/25 04:47 IA316 43  Legal issues  Mobile devices might be involved in crimes that cross geographical boundaries.  The forensic examiner should be familiar with the nature of the crime and the regional laws.
IA 316: Computer and Mobile Forensic Analysis 05/16/25 04:47 IA316 44

More Related Content

PPTX
Mobile_Forensics- General Introduction & Software.pptx
bygouriuplenchwar63
 
PDF
Conceptual Study of Mobile Forensics
byijtsrd
 
PPT
Digital forensics Computer and mobile forensic
bySyedaHira10
 
PPTX
Network Forensics- Social Media Forensics
byDon Caeiro
 
PPTX
Mobile Forensics
byabdullah roomi
 
PPTX
Mobile Phone Forensics.pptx with infrastructure security topics and review
byanshumanpandey841
 
PPTX
Mobile Forensics-Unlocking Digital Evidence.pptx
byNaeemAijazYousfani
 
PPT
Mobile forensics
bynoorashams
 
Mobile_Forensics- General Introduction & Software.pptx
bygouriuplenchwar63
 
Conceptual Study of Mobile Forensics
byijtsrd
 
Digital forensics Computer and mobile forensic
bySyedaHira10
 
Network Forensics- Social Media Forensics
byDon Caeiro
 
Mobile Forensics
byabdullah roomi
 
Mobile Phone Forensics.pptx with infrastructure security topics and review
byanshumanpandey841
 
Mobile Forensics-Unlocking Digital Evidence.pptx
byNaeemAijazYousfani
 
Mobile forensics
bynoorashams
 

Similar to Computer and Mobile Forensic Analysis

PPTX
Mobile forensic
byDINESH KAMBLE
 
PPT
Cell Phone and Mobile Devices Forensics.ppt
byChSamson2
 
PPT
Cell Phone and Mobile Devices Forensics.ppt
bymcjaya2024
 
PPTX
Mobile Forensics and Investigation Android Forensics
byDon Caeiro
 
PPTX
Mobile Forensics challenges and Extraction process
bySwapnil Gharat
 
PPTX
811719104102_Tamilmannavan S.pptx
byDEVIKAS92
 
PPTX
Mobile Phone Seizure Guide by Raghu Khimani
byDr Raghu Khimani
 
DOCX
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
byDamir Delija
 
DOCX
Seminar Report on Mobile Forensic By Chirag
byChirag Dhankhar
 
DOCX
ContentsMobile Forensic3Introduction3What It Is3How I.docx
byrichardnorman90310
 
PDF
Mobile Forensic Webinar by Forensic Academy
byForensic Academy
 
PDF
IRJET - Android based Mobile Forensic and Comparison using Various Tools
byIRJET Journal
 
PPTX
Mobile device forensics
bySuresh Kumar
 
PPTX
Mobile Forensics
byprimeteacher32
 
PDF
MobileForensicsbyFayMahdi
byFay M.
 
PPTX
unit_4_network_cloud_forlensics_3_4.pptx
byzmulani8
 
PDF
digital forensic examination of mobile phone data
byINFOGAIN PUBLICATION
 
PDF
Cell Phone and Mobile Devices Forensics
byArthyR3
 
PPTX
Module 1- MOBILE DEVICE DATA ACQUISITION.pptx
byAnandkumar105685
 
PDF
776 s0005
byoscarh1986
 
Mobile forensic
byDINESH KAMBLE
 
Cell Phone and Mobile Devices Forensics.ppt
byChSamson2
 
Cell Phone and Mobile Devices Forensics.ppt
bymcjaya2024
 
Mobile Forensics and Investigation Android Forensics
byDon Caeiro
 
Mobile Forensics challenges and Extraction process
bySwapnil Gharat
 
811719104102_Tamilmannavan S.pptx
byDEVIKAS92
 
Mobile Phone Seizure Guide by Raghu Khimani
byDr Raghu Khimani
 
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
byDamir Delija
 
Seminar Report on Mobile Forensic By Chirag
byChirag Dhankhar
 
ContentsMobile Forensic3Introduction3What It Is3How I.docx
byrichardnorman90310
 
Mobile Forensic Webinar by Forensic Academy
byForensic Academy
 
IRJET - Android based Mobile Forensic and Comparison using Various Tools
byIRJET Journal
 
Mobile device forensics
bySuresh Kumar
 
Mobile Forensics
byprimeteacher32
 
MobileForensicsbyFayMahdi
byFay M.
 
unit_4_network_cloud_forlensics_3_4.pptx
byzmulani8
 
digital forensic examination of mobile phone data
byINFOGAIN PUBLICATION
 
Cell Phone and Mobile Devices Forensics
byArthyR3
 
Module 1- MOBILE DEVICE DATA ACQUISITION.pptx
byAnandkumar105685
 
776 s0005
byoscarh1986
 

More from Gol D Roger

PPTX
Malware Analysis Techniques &Incident Response.pptx
byGol D Roger
 
PPT
Seizing Electronic Evidence & Best Practices – Secret Service
byGol D Roger
 
PDF
Forensic artifacts in modern linux systems
byGol D Roger
 
PDF
Cybercrimeandforensic 120828021931-phpapp02
byGol D Roger
 
PPT
8 0-os file-system management
byGol D Roger
 
PPT
8 1-os file system implementation
byGol D Roger
 
PDF
Deep Web
byGol D Roger
 
PDF
Desktop Forensics: Windows
byGol D Roger
 
PDF
Email Forensics
byGol D Roger
 
PDF
Windows logon password – get windows logon password using wdigest in memory d...
byGol D Roger
 
PDF
HTTPs Strict Transport Security
byGol D Roger
 
PDF
IT Passport Examination.
byGol D Roger
 
PPT
Basic configuration fortigate v4.0 mr2
byGol D Roger
 
PPTX
windows server 2012 R2
byGol D Roger
 
PDF
Users guide-to-winfe
byGol D Roger
 
PDF
10 things group policy preferences does better
byGol D Roger
 
Malware Analysis Techniques &Incident Response.pptx
byGol D Roger
 
Seizing Electronic Evidence & Best Practices – Secret Service
byGol D Roger
 
Forensic artifacts in modern linux systems
byGol D Roger
 
Cybercrimeandforensic 120828021931-phpapp02
byGol D Roger
 
8 0-os file-system management
byGol D Roger
 
8 1-os file system implementation
byGol D Roger
 
Deep Web
byGol D Roger
 
Desktop Forensics: Windows
byGol D Roger
 
Email Forensics
byGol D Roger
 
Windows logon password – get windows logon password using wdigest in memory d...
byGol D Roger
 
HTTPs Strict Transport Security
byGol D Roger
 
IT Passport Examination.
byGol D Roger
 
Basic configuration fortigate v4.0 mr2
byGol D Roger
 
windows server 2012 R2
byGol D Roger
 
Users guide-to-winfe
byGol D Roger
 
10 things group policy preferences does better
byGol D Roger
 

Recently uploaded

PDF
How to Measure Microsoft 365 Copilot Success and Manage AI Risk: Advanced Str...
byNikki Chapple
 
PDF
UnityNet Digital Sovereignty Checklist 2025-10-13
byLHelferty
 
PPTX
BioVault.net ADW 2025 CODATA: SyftBox: a General Purpose Solution for Data Vi...
byMadhava Jay
 
PPTX
UiPath Automation Suite Installation (Hands-On) [2/3]
bysuhanisingh58689
 
PDF
Session 2 - Agentic Orchestration with UiPath Maestro
byDianaGray10
 
PDF
AGV PROTOCOL BRAND KIT COMPLETE VIEW.pdf
byfagbolade
 
PDF
Application Monitoring and Observability: Elastic Stack Solution for Producti...
byPattabhi Amperayani
 
PDF
Planetek Italia Corporate Profile brochure
byPlanetek Italia Srl
 
PDF
Fairness and Bias in AI Ethics and Explainability
byShiwani Gupta
 
PDF
Atlantix is an AI-first venture studio, building companies with AI at the core
byadmin625551
 
PDF
The Journey Is The Reward - Apple Maps Travel Companion
byJohn Andrews
 
PDF
NSSHOEU-J 4x35mm² Cable Specification.pdf
byAnhui Feichun Special Cable Co., Ltd.
 
PDF
NDP Act GAID Simplified: From Confusion to Compliance
byMuiz Adeleke
 
PPTX
Agentic AI Solutions and Services | Aeologic
byankitaeologic
 
PPTX
"Towards React Server Components in Clojure", Roman Liutikov
byFwdays
 
PDF
From Bots to Brains: Getting Started with Agentic Automation in UiPath
byUiPathCommunity
 
PDF
Agentic AI Guide for Enterprise Use-cases
byDebmalya Biswas
 
PPTX
Hybrid Active Directory Cyber Resiliency
byFrancesco Faenzi
 
PDF
Cassandra vs. ScyllaDB: Evolutionary Differences
byScyllaDB
 
PDF
What is Google Cloud Platform (GCP)? A 5-Minute Guide for Beginners (2025)
byTeleglobal International
 
How to Measure Microsoft 365 Copilot Success and Manage AI Risk: Advanced Str...
byNikki Chapple
 
UnityNet Digital Sovereignty Checklist 2025-10-13
byLHelferty
 
BioVault.net ADW 2025 CODATA: SyftBox: a General Purpose Solution for Data Vi...
byMadhava Jay
 
UiPath Automation Suite Installation (Hands-On) [2/3]
bysuhanisingh58689
 
Session 2 - Agentic Orchestration with UiPath Maestro
byDianaGray10
 
AGV PROTOCOL BRAND KIT COMPLETE VIEW.pdf
byfagbolade
 
Application Monitoring and Observability: Elastic Stack Solution for Producti...
byPattabhi Amperayani
 
Planetek Italia Corporate Profile brochure
byPlanetek Italia Srl
 
Fairness and Bias in AI Ethics and Explainability
byShiwani Gupta
 
Atlantix is an AI-first venture studio, building companies with AI at the core
byadmin625551
 
The Journey Is The Reward - Apple Maps Travel Companion
byJohn Andrews
 
NSSHOEU-J 4x35mm² Cable Specification.pdf
byAnhui Feichun Special Cable Co., Ltd.
 
NDP Act GAID Simplified: From Confusion to Compliance
byMuiz Adeleke
 
Agentic AI Solutions and Services | Aeologic
byankitaeologic
 
"Towards React Server Components in Clojure", Roman Liutikov
byFwdays
 
From Bots to Brains: Getting Started with Agentic Automation in UiPath
byUiPathCommunity
 
Agentic AI Guide for Enterprise Use-cases
byDebmalya Biswas
 
Hybrid Active Directory Cyber Resiliency
byFrancesco Faenzi
 
Cassandra vs. ScyllaDB: Evolutionary Differences
byScyllaDB
 
What is Google Cloud Platform (GCP)? A 5-Minute Guide for Beginners (2025)
byTeleglobal International
 

Computer and Mobile Forensic Analysis

  • 1.
    IA 316: Computerand Mobile Forensic Analysis Introduction to Mobile Forensics 05/16/25 04:47 IA316 1
  • 2.
    Lecture Outline 05/16/25 04:47IA316 2  The Lecture covers:  Mobile Forensics: definition and uses  The need for Mobile Forensics  Understanding Mobile Forensics  Challenges in Mobile Forensics
  • 3.
    Mobile Forensics 05/16/25 04:47IA316 3  Mobile Forensics: definition  Subset of Digital Forensics  Deals with recovery of evidence from mobile devices such as Smartphones and Tablets
  • 4.
    Mobile Forensics 05/16/25 04:47IA316 4  Mobile Forensics: uses  Law enforcement: Police, PCCB, DPP, Immigration  Solve a lot of crime: fraud, homicide  Military: espionage, counterterrorism  Businesses: intellectual property theft, authorized and unauthorized use of resources.
  • 5.
    The Need forMobile Forensics 05/16/25 04:47 IA316 5  Growing demand for Mobile Devices  By 2021, it was estimated that there are around 15 Billion Mobile Devices.  Technology and users migrating from Desktop to Mobile Phones  Demand for Smartphones is quite high.
  • 6.
    The Need forMobile Forensics 05/16/25 04:47 IA316 6  Smartphones are becoming compact forms of computers.  High performance, huge storage, and enhanced functionality.
  • 7.
    The Need forMobile Forensics 05/16/25 04:47 IA316 7  Mobile phones are the most personal electronic device that a user accesses.  Perform simple communication tasks, such as calling and texting.  Internet browsing, email, taking photos and videos, creating and storing documents  Identifying locations with GPS services, and managing business tasks.
  • 8.
    The Need forMobile Forensics 05/16/25 04:47 IA316 8  Mobile phones have become portable data carriers, keeping track of all our movements.  Increasing prevalence of mobile phones makes then in invaluable source of evidence.  Evidence acquired from mobile phones is used in both criminal and civil cases.  It is now rare to conduct a digital forensic investigation that does not include a phone.
  • 9.
    The Need forMobile Forensics 05/16/25 04:47 IA316 9  Mobile device call logs and GPS data were used to help solve the attempted bombing in Times Square, New York, in 2010  Read more about the investigation at: https://www.forensicon.com/forensics-blotter/cell-pho ne-email-forensics-investigation-cracks-nyc-times-square -car-bombing-case/
  • 10.
    Understanding Mobile Forensics 05/16/2504:47 IA316 10  Digital forensics is a branch of forensic science focusing on the recovery and investigation of raw data residing in electronic or digital devices.  Intends to extract and recover any information from a digital device without altering the data present on the device.
  • 11.
    Understanding Mobile Forensics 05/16/2504:47 IA316 11  Over the years, digital forensics has grown along with the rapid growth of computers and various other digital devices.  There are various branches of digital forensics based on the type of digital device involved, such as:  Computer forensics  Network forensics  Mobile forensics.
  • 12.
    Understanding Mobile Forensics 05/16/2504:47 IA316 12  Forensically sound  It is a term used in the digital forensics community to qualify and justify the use of a particular forensic technology or methodology.  Core principle for Forensic Sound technology or methodology:  The original evidence must not be altered in any form.  This is extremely difficult with mobile devices.
  • 13.
    Understanding Mobile Forensics 05/16/2504:47 IA316 13  Some forensic tools require a communication vector with the mobile device.  Thus standard write protection will not work during forensic acquisition.
  • 14.
    Understanding Mobile Forensics 05/16/2504:47 IA316 14  Prior to extracting data for forensic examination, some of the forensic acquisition methods may involve:  Detaching a chip  Installing a custom bootloader on the mobile device.  In such cases, the procedure and the changes must be carefully tested and documented for later reference.  This is where examination or data acquisition is not possible without changing the configuration of the device.
  • 15.
    Understanding Mobile Forensics 05/16/2504:47 IA316 15  Following proper methodology and guidelines is crucial in examining mobile devices.  Yields the most valuable data.  Not following the proper procedure during the examination can result in loss or damage of evidence or render it inadmissible in court.
  • 16.
    Understanding Mobile Forensics 05/16/2504:47 IA316 16  Main categories of mobile forensic process:  Seizure  Acquisition  Examination/Analysis
  • 17.
    Understanding Mobile Forensics 05/16/2504:47 IA316 17  Challenges when seizing devices-If the mobile device is found switched off,  Place the device in a Faraday bag to prevent changes should the device automatically power on.  Faraday bags are specifically designed to isolate a phone from a network.
  • 18.
    Understanding Mobile Forensics 05/16/2504:47 IA316 18  Challenges when seizing devices-If the mobile device is found switched on,  Switching it off has a lot of concerns attached to it.  If the phone is locked by a PIN or password, or encrypted, you will be required to bypass the lock or determine the PIN to access the device.
  • 19.
    Understanding Mobile Forensics 05/16/2504:47 IA316 19  Challenges when seizing devices-if the mobile device is found switched on  Mobile phones are networked devices and can send and receive data through different sources, such as:  Telecommunication systems.  Wi-Fi access points  Bluetooth.
  • 20.
    Understanding Mobile Forensics 05/16/2504:47 IA316 20  Challenges when seizing devices-if the mobile device is found switched on  So, if the phone is in a running state, a criminal could securely erase the data stored on the phone by executing a remote wipe command.  When a phone is switched on, it should be placed in a Faraday bag.
  • 21.
    Understanding Mobile Forensics 05/16/2504:47 IA316 21  Challenges when seizing devices-if the mobile device is found switched on  If possible, prior to placing a mobile device in a Faraday bag, you should disconnect it from the network to protect the evidence by:  Enabling flight mode/Airplane mode  Disabling all network connections (Wi-Fi, GPS, hotspots, and so on).
  • 22.
    Understanding Mobile Forensics 05/16/2504:47 IA316 22  Challenges when seizing devices-if the mobile device is found switched on  Disconnecting from the network also helps to:  Preserve the battery, which will drain while in a Faraday bag.  Protect against leaks in the Faraday bag.
  • 23.
    Understanding Mobile Forensics 05/16/2504:47 IA316 23  Mobile device forensic acquisition can be performed using multiple methods.  Each of these methods affects the amount of analysis required.  Should one method fail, another must be attempted.  Multiple attempts and tools may be necessary in order to acquire the maximum amount of data from the mobile device.
  • 24.
    Understanding Mobile Forensics 05/16/2504:47 IA316 24  Mobile phones are dynamic systems  Present a lot of challenges in extracting and analyzing digital evidence.  There is a rapid increase in the number of different kinds of mobile phones from different manufacturers.  Makes it difficult to develop a single process or tool to examine all types of devices.
  • 25.
    Understanding Mobile Forensics 05/16/2504:47 IA316 25  Mobile phones are continuously evolving:  Existing technologies progress and new technologies are introduced.  Furthermore, each mobile is designed with a variety of embedded operating systems.  Hence, special knowledge and skills are required from forensic experts to acquire and analyze the devices.
  • 26.
    Challenges in MobileForensics 05/16/25 04:47 IA316 26  Hardware differences  The market is flooded with different models of mobile phones from different manufacturers.  Forensic examiners may come across different types of mobile models that differ in:  Size  Hardware  Features  Operating system.
  • 27.
    Challenges in MobileForensics 05/16/25 04:47 IA316 27  Hardware differences  Short product development cycle -new models emerge very frequently.  It is critical for forensic investigators to adapt to all challenges and remain updated on mobile device forensic techniques across various devices.
  • 28.
    Challenges in MobileForensics 05/16/25 04:47 IA316 28  Mobile operating systems  In Personal computers, MS Windows has dominated the market for years.  With mobile devices, several Operating Systems are used frequently.  Apple's iOS  Google's Android,  RIM's BlackBerry OS  Microsoft's Windows Phone OS,  HP's webOS, ..
  • 29.
    Challenges in MobileForensics 05/16/25 04:47 IA316 29  Mobile operating systems  Even within these operating systems, there are several versions, which makes your task even more difficult.
  • 30.
    Challenges in MobileForensics 05/16/25 04:47 IA316 30  Mobile platform security features:  Modern mobile platforms contain built-in security features to protect user data and privacy.  The features act as a hurdle during forensic acquisition and examination.  E.g. encryption mechanisms from the hardware layer to the software layer.
  • 31.
    Challenges in MobileForensics 05/16/25 04:47 IA316 31  Mobile platform security features:  Need to break through these encryption mechanisms to extract data from the devices.  Refer: FBI versus Apple encryption dispute.
  • 32.
    Challenges in MobileForensics 05/16/25 04:47 IA316 32  Preventing data modification  Fundamental rule in forensics is to make sure that data on the device is not modified.  Any attempt to extract data from the device should not alter the data present on that device.  This is not practically possible with mobiles.  Just switching on a device can change the data on that device.
  • 33.
    Challenges in MobileForensics 05/16/25 04:47 IA316 33  Preventing data modification  Even if a device appears to be in an off state, background processes may still run.  E.g, in most mobiles, the alarm clock still works even when the phone is switched off.  A sudden transition from one state to another may result in the loss or modification of data.
  • 34.
    Challenges in MobileForensics 05/16/25 04:47 IA316 34  Anti-forensic techniques makes investigations on digital media more difficult. Techniques used include:  Data hiding  Data obfuscation  Data forgery  Secure wiping
  • 35.
    Challenges in MobileForensics 05/16/25 04:47 IA316 35  Passcode recovery:  A forensic examiner needs to gain access to passcode protected device.  Has to be done without damaging data on the device.  While there are techniques to bypass the screen lock, they may not always work on all versions of the OS.
  • 36.
    Challenges in MobileForensics 05/16/25 04:47 IA316 36  Lack of resources  The growing number of mobile phones means the amount of tools required by a forensic examiner also increases.  Forensic acquisition accessories, such as USB cables, batteries, and chargers for different mobile phones, have to be maintained.
  • 37.
    Challenges in MobileForensics 05/16/25 04:47 IA316 37  Dynamic nature of evidence  Digital evidence may be easily altered either intentionally or unintentionally.  E.g: browsing an application on a phone might alter the data stored by that application on the device.
  • 38.
    Challenges in MobileForensics 05/16/25 04:47 IA316 38  Accidental reset  Mobile phones provide features to reset everything.  Resetting a device accidentally while examining it may result in the loss of data.
  • 39.
    Challenges in MobileForensics 05/16/25 04:47 IA316 39  Device alteration  The possible ways to alter devices include:  Moving application data  Renaming files  Modifying the manufacturer's operating system.  The expertise of the suspect should be taken into account.
  • 40.
    Challenges in MobileForensics 05/16/25 04:47 IA316 40  Communication shielding  Mobile devices communicate over:  Cellular networks  Wi-Fi networks  Bluetooth  Infrared.  Since communication might alter the device data, the possibility of further communication should be eliminated after seizing the device.
  • 41.
    Challenges in MobileForensics 05/16/25 04:47 IA316 41  Lack of availability of tools  There is a wide range of mobile devices.  A combination of tools needs to be used.  A single tool may not support all the devices or perform all the necessary functions.  So, choosing the right tool for a particular phone might be difficult.
  • 42.
    Challenges in MobileForensics 05/16/25 04:47 IA316 42  Malicious programs  The device might contain malware or malicious software, such as a virus or a Trojan.  These programs may try to spread over other devices over either a wired interface or a wireless one.
  • 43.
    Challenges in MobileForensics 05/16/25 04:47 IA316 43  Legal issues  Mobile devices might be involved in crimes that cross geographical boundaries.  The forensic examiner should be familiar with the nature of the crime and the regional laws.
  • 44.
    IA 316: Computerand Mobile Forensic Analysis 05/16/25 04:47 IA316 44