BY SIFS India | July 21, 2024
Mobile Device Forensics is a subfield of digital forensics that deals with recovering digital evidence or data from mobile devices in a forensically valid condition.
The term “mobile device” commonly refers to cell phones, but it may also apply to any handheld device with internal memory and connectivity capability, such as PDAs, GPS systems, and tablet computers.
Mobile Device forensics is becoming increasingly relevant as the use of mobile devices becomes more common and so often found in crime scenes.
Forensic science is employed in a variety of contexts, ranging from internal to external. From a corporate audit through a criminal investigation in the field of law enforcement, this is a normal occurrence.
As part of digital forensics, investigators use mobile device forensics software to retrieve or collect data and evidence from mobile devices, phones, and other similar devices that are used in everyday life.
Cell phone forensics includes the examination of both the SIM card and the phone memory, which each necessitates a separate procedure. It differs from computer forensics in that a mobile device will have an inbuilt communication system (e.g., GSM) and, in most cases, proprietary storage mechanisms.
Every digital forensic method has different stages in each handling of the digital evidence found, so different digital forensic models are required in the handling of various evidence.
Phone forensics is the method of analyzing a handset in order to find and gather information linked to a crime.
A technique is used for analyzing a cell phone to identify fraud. The method's primary focus is on analyzing the mobile phone's internal and external memory, as well as the SIM card.
Mobile forensics is concerned with extracting data from Android-based devices under sound forensic conditions and using legally approved methods.
In case of Android forensics, Andriller is the most commonly used tool because of its extensive functionality and low cost.
It's a software utility for modern smartphones that includes a slew of forensic tools. It uses a read-only, non-destructive, and forensically sound data acquisition process.
It has a graphical user interface and a simple touch screen. It allows the extraction of the physical, file systems, other data, and passwords from the phone device. It can also recover deleted data from a wide range of mobile devices. It can be run from a Windows phone running Windows 8 or 8.1 to perform physical extraction.
It can be used to view extraction reports on the screen. With the HTML report viewer, extraction reports can be displayed on the screen. There is no need for a PC to retrieve results, and reports can be accessed directly in the kit. Its most recent update version is 4.4 for physical extraction when bypassing lock from 3,183 phones.
It supports data extraction and viewing from a variety of sources, including contacts, call details, text and multimedia messages, files, notes, calendars, reminders, SIM details (IMSI), ICCID, raw application data, IMEI, operating systems, firmware, and location area information.
MOBILedit-based forensics can also recover data deleted from phone memory and circumvent passcode, PIN, and phone backup encryption techniques where possible.
The new edition supports 3360 UNIQUE cell phones. The most recent update is 8.1. It also supports the physical purchase of Android phones and memory cards.
MOBILedit Forensic has the highest index number of 76.19 percent, while Oxygen Forensic has the lowest index number of 61.90 percent.
In this case, an examination of the LINE messenger, Oxygen Forensics can perform better in data reporting than MOBILedit forensic is a forensic editing program.
MOBILedit has a limitation when it comes to extracting video from LINE messenger.
However, unlike Oxygen Forensic, MOBILedit Forensic lacks a case management feature (Riadi, 2018). The deleted data recovery feature was discovered in the MOBILedit forensic express.
The researcher did not find this feature while on Oxygen. This role is useful in criminal cases where the suspect deletes evidence from digital devices.
In addition to the programs listed above, there is a plethora of software developed by mobile phone manufacturers to backup, restore, synchronize, or transfer data to and from their phones and personal computers.
Although having access to these programs can be useful on occasion, it is critical to remember that they are not forensic tools, but rather are designed to allow free modification of stored and dynamic data and as such must be used with extreme caution.
The same caution should be used when using some of the consumer SIM reading devices that are now widely available and sold as a way of backing up or copying data from SIM cards.
Older handset models, on the other hand, often lack electronic connections and must rely on the time-consuming and costly manual extraction technique involving two analysts.
The text of appeal court judgments has started to reflect the increased penetration of cell phones into society.
According to preliminary empirical research, filtration into court proceedings is a multifaceted topic in an increasingly complex setting.
Future studies should look at the legal profession's awareness and knowledge of cell phone forensics terminology, methods, and procedures.
This could be accomplished by the use of Web surveys and semi-structured interviews in a quantitative and qualitative inquiry.
Further in-depth research into the forensic reports produced for individual cases will be conducted in the future to gain a more thorough understanding of technical problems in cell phone forensics.
Contact by WhatsApp
Hello SIFS INDIA