Abstract
In this digital era, the usage of mobile phones in daily life has become inextricable due to the facilities and the level of sophistication it offers. Proportionately, the crimes and offenses involving the mobile devices are growing in rapid speed. Whenever a crime occurs in a spot, the forensic team will arrive there to identify and locate the evidence of the criminals. If the crime involves digital equipment like computers and laptop, then digital forensic team will investigate and analyze the devices for digital evidence collection. These days, mobile phones have the capability to offer any kind of information and services digitally on top of the palm of the user. Anything is available on the hands with a single touch on the screen of the mobile devices. It also offers to the adversaries many digital services which are harmful to the societies. The fast-paced advancement in the digital front paves the way for many digital crimes. Hence, a new field, mobile forensics, emerges out to trace the evidence, but it faces many challenges due to the dynamic nature of the digital technologies.
TopSources Of Evidence For Mobile Forensics
The mobile devices are flooded with information due to the availability of enhanced memory devices with huge storage capacity. The valuable evidence can be found in the form of the following data: Contacts list, Documents, Messages (SMS, MMS, and Email), History (Browsing and Call), Locations Details (GPS and Maps), Apps Usage (Social Media Apps, personal Apps, etc.), Reminders (Calendar and sticky notes), Data collection (Photos, Videos, and Music files), Audio files (Voice mail and other recordings), Deleted Text messages, etc.
Among these data, the browsing history, last dialed call history, and location details are of the most important and commonly acquired data. Some of the data will be stored in ROM, and some of them are stored in the SIM module. The data stored in the SIM module are very useful and sensitive in the inspection point of view. The prime notion of an investigator is to retrieve these data without any modification, which is very tedious. Because it involves many difficult factors such as accidental reset of the device, secure wiping, accidental loss of data during the transit, obfuscation of data, falsified data dynamic nature of data, data hiding, data overwriting, etc. Some data may be erased due to the volatile nature of the memory. These kinds of data need to be recovered with utmost care before the device restarts.
The UICC (Universal Integrated Circuit Card) component must be carefully removed from the device to recover the deleted text messages. Then the device can be connected with a PC or Laptop through a card reader for the recovery of deleted messages. However, the removal of the UICC component may result in the loss of data stored in the volatile memory. HexDump method can be used for the recovery of deleted text messages. However, it involves a lengthy procedure to establish the connection interface between the mobile device and the forensic workstation.
Figure 1. Sources of Evidential data
Key Terms in this Chapter
Faraday Bag: A Faraday Bag or Faraday Shield is a closed container which is used to avoid the signals to go out or come inside. A Faraday shield is made up of conducting materials and it is named after its inventor Michael Faraday. Generally this bag is used for preventing from data theft and data leakage by blocking the signals from WiFi, Bluetooth and other radio signals.
HexDump: A HexDump is one of the Forensic methods used for the extraction of raw information stored in the flash memory of the device.