Common Mobile Forensics Tools

Broadly defined, forensics is a scientific basis for detecting or uncovering evidence of criminal activity. Mobile forensics, then, is the umbrella term for investigative techniques used to extract evidence from mobile phones, tablets, PDAs, and other mobile devices. When businesses in the Charlotte area require mobile forensics, they often turn to Barefoot Professional Investigations for the advanced tools and techniques we offer.

Cell Phone Forensics: the Tools of the Trade

Barefoot PI uses a wide variety of mobile forensics tools in our research and investigations. Rather than explaining each in depth, here’s a layman’s explanation of the three most common categories of data acquisition.

  • Physical acquisition entails exactly copying the original device’s data structure — files, system data, and even evidence that may have been hidden or deleted. While this is the most time-consuming approach, it’s generally favored because it’s also the most thorough.
  • Logical acquisition uses the same systems and processes that would normally be used to back up and synchronize a mobile device. It’s simpler and quicker, but isn’t quite as comprehensive — some data will not be uncovered by this process.
  • File system acquisition is similar to using the search or browse function on a desktop computer, and will show files that would be visible to an everyday user (including applications, photos, and the like). However, as with logical acquisition, this method can miss data that’s been deleted or partitioned.

Not all investigations require every last piece of data to be recovered; sometimes vital information is, in effect, hidden in plain sight. However, we prefer to be as thorough as possible, since it’s best to draw conclusions from the fullest possible constellation of information possible.

What Mobile Forensics Tools Can Uncover

User activity leaves many kinds of traces on mobile devices. Depending on the nature of the investigation, Barefoot Professional Investigations will generally be looking at some combination of the following.

Call Metadata

CDRs, or Call Detail Records, are a vital tool for mobile service providers to diagnose and troubleshoot network and device performance. Because of the data collected — call times and durations, the towers pinged during a call, and data about the sender and receiver of the call — CDRs can also provide a wealth of information for investigative and law enforcement purposes.


SMS, or Short Message Service, is the protocol for text messages up to 160 characters. Longer messages, and those containing photos, files, and other media, are sent using a related protocol called MMS, or Multimedia Messaging Service. In addition to time and date stamps, each message contains the sender and receiver’s contact information. Taken together, these messages can be a goldmine of information.

GPS Data

GPS, or Global Positioning System, is an important part of many apps we use on a daily basis. It’s the underpinning of navigation apps, but it also sees use in other contexts as well, including advertising, review sites, and a number of other places. Because of its precision, it can be used to place a person of interest in a certain place at a particular time, and can add more context to the other information we gather.

Application Data

Let’s just admit that nobody reads the terms and conditions when they download most apps. As a result, every app collects a staggering amount of data; indeed, some applications’ primary purpose is that data collection, and not necessarily the purpose for which a user ostensibly downloaded and installed it. That broad access — to contact data, photos, videos, GPS, and many other parts of your phone — has value to investigators.

Locally Stored Files

Photos, videos, and files that a mobile user has uploaded or downloaded, may be completely innocuous. Conversely, they can also provide crucial insights to behavior, motivation, and activity.

The Importance of a Charlotte Professional Investigator

The “why” of this is no less important than the “how” and the “what.” Mobile devices are used in a wide range of unethical or criminal behavior, and extracting data from them is extremely complex. A further layer of complexity is added when the forensic evidence uncovered needs to stand up in court, since the standards for evidence gathering and chain of custody can make or break your case. With so little room for error, it’s best not to take your chances. If you need mobile forensics in the Charlotte area, reach out to Barefoot Professional Investigations today.