Mobile and Cellular Device Forensics Tools
As mobile devices rise in popularity and sophistication, so does their use among people conducting illegal activities. For
that reason, evidence from mobile devices is becoming increasingly important to law enforcement in fighting crime. In fact,
digital evidence from a mobile phone led international police to the terrorists responsible for the Madrid train bombings
that killed at least 190 people in 2004.
On this page, find:
To successfully collect and analyze evidence from mobile devices, law enforcement needs tools that can recover system files,
operating system information, applications, deleted files and unallocated space. Some available tools capture the logical image (what users can see without using special tools), which is only a portion
of the phone's data storage capacity. However, law enforcement needs more tools that capture the entire physical image including
deleted files, messages, photos and call logs. Often, the deleted data is extremely valuable to the investigation and provides
more comprehensive evidence for prosecution.
Mobile Devices and Data Mining
Evidence from cellular devices plays a key role in data mining, an often overlooked use of digital evidence. By exporting
information from multiple digital devices (such as call logs from multiple cellular phones or e-mails from computers) and
importing that data into an analytical software package, investigators using data-mining techniques can diagram and visualize
a criminal enterprise or a timeline of events. This graphical representation can make it easier for investigators to understand
the complex relationships in a criminal enterprise or for a jury to understand criminal activity and the possible connections
among offenders in a courtroom presentation.
Understanding the Fundamentals of Mobile Device Analysis
A greater understanding of the fundamentals of mobile cellular device analysis is needed. Law enforcement needs a baseline
knowledge of tools for collecting and analyzing digital evidence from mobile phones. Issues of importance include:
- An assessment of the current knowledge level in the field.
- Identification of tools available to collect digital evidence from mobile devices.
- Identification of all the cell phones in use that may become evidence in an investigation and a determination of how many
can be forensically acquired and analyzed with the existing cell phone forensic solutions.
- Identification of the gaps in the number of cell phones in use and the existing cell phone forensic solutions for future technology
Next Section: Mobile Device Forensics Training.
Date Created: November 5, 2010