Roughly 48% of the world population owns a smartphone, with the U.S. ranking third at 79% of the population. Those mobile devices account for roughly 55% of all internet traffic and are used for activities that generate and store massive amounts of personal data.
In fact, over the last five years, as smartphones and mobile devices have evolved into powerful tools with applications that store a wide range of data, mobile devices have also become key sources of evidence in criminal investigations. But because mobile devices and the programs that run on them also include extremely complex forms of encryption, that evidence isn’t easily accessible by investigators. In response to the needs of law enforcement, the information security community has developed several methods that fall under a new category of forensics–Mobile Device Forensics.
What Are Mobile Forensics?
A branch of digital forensics, mobile forensics is focused on recovering forensically sound digital evidence from mobile devices. The challenge in this field is that digital data is so easily manipulated or corrupted, that tools and methods must focus on extracting evidence and securing it in such a way that it remains unmodified from its original state. Infosec describes Mobile Forensics as a 4-step process:
- Mobile forensics investigators identify and preserve the devices in question. Using documentation to track and maintain chain of custody, devices are secured so that they cannot be used in any way, to maintain the existing data state.
- Next, a copy of the data is extracted in a forensically sound state from the device using imaging software so that the copy is what investigators are manipulating rather than the original data. Certain methods are used to ensure the copied data matches the original.
- During the Examination phase, the full image of data captured from the device, including deleted data, is examined by experts to extract all relevant evidence.
- The reporting phase breaks down the methods used, what was recovered, and includes the chain of custody documentation to prove the integrity of the findings.
What Are The Tools We Use for Mobile Forensics?
Members of the Barefoot PI team were recently certified in Mobile Device Forensics under the Cellebrite Certified Mobile Examiner (CCME) certification process and the ParaBen Certified Smartphone Examiner (PCSE) certification process. This gives our team access to two extremely powerful mobile forensic tool suites
The Cellebrite Touch device is one of the most well-respected tools in the industry, capable of extracting a complete and forensically sound copy from target mobile devices.
Paraben Digital Tool Set
Once the data has been extracted from the device, the Paraben software suite allows our teams to fully manipulate and acquire forensic evidence from the extracted files.
The Types of Evidence We Can Extract from Mobile Devices
In addition to call history, specific data about each call, and text messages on the device, the tools we have at our disposal also allow us to pull certain application data stored on the device. We can pull:
- GPS location history
- Deleted data
- Notes and Contacts
- Calendar Events
- Browser history
- Images and Videos
Charlotte’s Premier Provider of Mobile and Digital Forensics Services
Let us answer all of your questions about mobile forensics in person at our Charlotte offices, over the phone, or by email. Want us to contact you? Leave your information below and we’ll reach out for a discreet, confidential consultation.