The branch of forensic science that focuses on investigations and recovery of raw data that resides on digital devices is called digital forensics. And mobile forensics is that branch of digital forensics which is involved in the recovery of evidence from mobile devices. Mobile device forensics may be difficult at times as it involves installing a boot loader or removing a chip prior to data extraction for examination.
The process of mobile forensics in divided into three main categories: Seizure, acquisition and analysis. In the process of seizure, a forensic examiner uses a faraday’s bag to store the mobile. A faraday’s bag is designed as such that no network can connect to the phone even if it is switched on.
Forensic examiners face a ton of issues during the seizure of a mobile device like they cannot switch off a phone that is found on because that has several concerns attached to it, if a phone is found password or PIN protected then bypassing the encryption will be required before accessing the device.
Criminals can erase data remotely as mobile phones are devices that run on networks but this will not be possible if the phone is already in Faraday’s bag. Once a mobile is seized the forensic examiners use a lot of different forensic tools carry on with the process of acquisition and analysis.
Once the device is acquired then starts the process of acquisition. Forensic acquisition is performed through a variety of methods. These methods play a significant role in determining the amount of data analysis required. When one method fails forensic examiners immediately start working on the device with another method. A variety of tools are necessary in acquiring the data from the device.
Analyzing evidence from the device is another hectic task altogether as mobile phone being dynamic system present a lot of challenges for the forensic examiner. Phones come in a wide variety of models and specifications with various different operating systems so the examiners need a variety of tools in analyzing the data from phones from different manufacturers. Thus, a good knowledge base and skills are required in analyzing such devices.
Challenges faced
Forensic examiners face a lot of challenges in such tasks but the biggest challenge for them is to access the stored data that is synchronized through various platforms and across multiple devices. Other than this factor there is a host of other factors that makes it difficult for forensic examiners to analyze the devices, such as:
- Hardware differences:There are a huge variety of phones in the market from different manufacturers and a lot of different models and types as well. So a forensic examiners needs to adapt to the ever updating hardware and software changes in the phone market to successfully analyze data.
- Operating systems:In the computer market windows is dominant but in the phone market a lot of different OS such as iOS, android and several others are vastly present. So this adds to the difficulty in data analysis.
- Security features:Modern day phone comes with strong security features that help in protecting user data and privacy, this also adds to the difficulty.
- Accidental reset:If there is an accidental reset then there will be data loss and that can destroy the evidence.
- Pass code recovery:If the device is passcode protected then the examiner will need to gain access without damaging the evidence.
- Malicious programs:Virus or a Trojan might be present and in such cases the malicious programs need to be treated without damaging the evidence.
- Legal issues:A forensic examiner has to be aware of the regional laws as the mobile device used in the crime might be of some other region.
Once the work of seizure, acquisition and analysis is completed then the forensic examiner generates a report which is then submitted in the court to be used in the case.