Topics In Demand
Notification
New

No notification found.

MOBILE FORENSICS TOOLS AND TECHNIQUES
MOBILE FORENSICS TOOLS AND TECHNIQUES

1971

1

Data acquisition is that the method of gathering information from mobile devices and their associated media. This method reduces the possibilities of information loss thanks to injury or battery depletion throughout storage and transportation. Mobile device identification is necessary at the start of the forensic examination. The identification method includes understanding of the type of mobile phone, its operating system, and alternative essential characteristics to create a legal copy of the mobile device’s content.

There are several tools and techniques available in mobile forensics. However, the selection of tools and techniques throughout an investigation depends on the type of mobile device and its associated media.

How do you gather data from mobile devices?

The data can be gathered from mobile devices in two ways that, namely, physical acquisition and logical acquisition.

Physical Acquisition, also called aa a physical memory dump, it is a technique for capturing all the information from the memory chips on the mobile device. It permits the forensic tool to gather remnants of deleted data. Initially, the received information is in raw format and can't be read. Later on, some strategies are applied to convert that information into a human readable form.

Logical Acquisition, or logical extraction, could be a technique for extracting the files and folders without any of the deleted data from a mobile device. However, some vendors describe logical extraction narrowly because the ability to assemble a specific data type, like picture, call history, text messages, calendar, videos, and ringtones. A software application is used to create a copy of the files. For instance, iTunes backup is used to make a logical image of AN iPhone or iPad.

What data types are you able to collect from a mobile device?

Students should understand data types before the collection of information from a mobile device. The common data types include contacts list, call log, SMS, images, audio, video, GPS data, and apps data. Also, both current and deleted data types can be extracted from a mobile device.

Call Detail Records (CDRs): Service providers oft use CDRs to boost network performance. However, they can provide useful information to investigators, as well. CDRs can show:

  • Call started and all ended date/time
  • The terminating and originating towers
  • Whether the call was outgoing or incoming
  • Call time period
  • Who was called and who made the call?

Almost all service providers retain these important records for an exact time. The forensic professionals will collect these records if he needs. However, the gathering of this information depends on the policies of the concerned state. Each state has totally different laws during this regard.

Global Positioning System (GPS): GPS data is an excellent source of empirical proof. If the suspect has an active mobile device at the crime scene, GPS will pinpoint his location as well as his criminal acts. GPS additionally locates the movements of the suspect from crime scene to the hiding place. Furthermore, it helps in finding call logs, images, and SMS. Presently, a GPS system includes approx. 27 satellites operative.

App Data: Several apps store and access data the user isn't aware of it. In fact, several apps seek permission throughout the installation method to access these data. For instance, photo or video editing apps request permission to access media files, camera, and GPS for navigation. This data can be a primary source of evidence to the court.

SMS: Text messaging is a widely used way of communication. Text messages leave electronic records of dialogue that can be presented within the court as proof. They include the relevant information such as:

  • Date/time of every message
  • Phone number of sender and receiver

Photos and Videos as Evidence: They can be a tremendous source of proof, however their relevance to crime and authentication is crucial.

What tools & techniques are commonly used in mobile forensics?

Forensic software application is regularly developing new techniques for the extraction of information from several cellular devices. The two most common techniques are physical and logical extraction. Physical extraction is completed through JTAG or cable connection, whereas logical extraction happens via Bluetooth, infrared, or cable connection.

There are various types of tools available for mobile forensic purposes. They can be categorized as open source, commercial, and non-forensic tools. Each non-forensic and forensic tools frequently use the equivalent techniques and protocols to interact with a mobile device.

Tools Classification System: Forensic analysts must understand the many types of forensic tools. The tools classification offers a framework for forensic analysts to check the acquisition techniques used by totally different forensic tools to capture data.

Manual Extraction

The manual extraction technique permits investigators to extract and view data through the device’s touchscreen or input device. At a later stage, this data is documented photographically. Furthermore, manual extraction is long and involves an excellent chance of human error. For instance, the data may be accidentally deleted or modified throughout the examination. Popular tools for manual extractions include:

  • Project-A-Phone
  • Fernico ZRT
  • EDEC Eclipse

Logical Extraction

In this technique, the investigators connect the cellular device to a digital forensic workstation or hardware via Bluetooth, Infrared, RJ-45 cable, or USB cable. The computer—using a logical extraction tool—sends a series of commands to the mobile device. As a result, the specified knowledge is collected from the phone’s memory and sent back to the digital forensic workstation for analysis purposes. The tools used for logical extraction include:

  • XRY Logical
  • Oxygen rhetorical Suite
  • Lantern

Hex Dump

A hex dump, also known as physical extraction, extracts the raw image in binary format from the mobile device. The forensic professionals connect the device to a digital forensic workstation and pushes the boot-loader into the device, that instructs the device to dump its memory to the computer. This method is cost-efficient and provides more information to the investigators, including the recovery of phone’s deleted files and unallocated space. The common tools used for hex dump include:

  • XACT
  • Cellebrite UFED Physical analyser
  • Pandora’s Box

Chip-Off

The chip-off technique permits the examiners to extract information directly from the memory of the cellular device. They remove the phone’s memory chip and create its binary image. This method is costly and needs an ample data of hardware. Improper handling may cause physical damage to the chip and renders the data impossible to retrieve. The popular tools and equipment’s used for chip-off include:

  • iSeasamo Phone Opening Tool
  • Xytronic 988D Solder Rework Station
  • FEITA Digital inspection station
  • Chip Epoxy Glue Remover
  • Circuit Board Holder

That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.


images
Harshita C. Jadhav
Founder and CEO

© Copyright nasscom. All Rights Reserved.