Analysis and Interpretation of Mobile Devices
Analysis and Interpretation of Mobile Devices
Talha Arshad
M Shakir Manzoor
Rafiullah khan
Hamid Anees
Introduction
In today's digital age, mobile devices are an integral part of our lives. They store
a vast amount of personal and professional information, making them a treasure
trove for forensic investigators. This presentation will delve into the significance
of mobile devices in forensic investigations, exploring the techniques employed
for data extraction and analysis
• We are living in an information age
• Mobile devices are everywhere, used by everyone (suspect, victim,….) for
everything (crimes, daily tasks,…..)
• • Like DNA and fingerprints nowadays everyone has digital prints (mobile
phone, email/social networking sites a
Digital Evidence
4. Analysis
Data Examination:
Use forensic tools to parse and analyze raw data.
Categorize data into relevant sections such as calls, messages, app usage, and
location history.
Timeline Creation:
Reconstruct events chronologically to provide context.
Identifying Key Evidence:
Look for keywords, specific images, or patterns of communication.
5. Reporting
Document Findings:
Generate reports with screenshots, data logs, and expert
interpretations.
Maintain clarity and simplicity to make the evidence
understandable in court.
Ensure Admissibility: Provide chain of custody
documentation to prove data integrity.
Tools and techniques
• Common Forensic Tools:
Cellebrite: Leading mobile forensic tool.
Magnet AXIOM: Comprehensive analysis software.
Oxygen Forensic Suite: Focused on mobile devices.
• Techniques:
Passcode bypass methods.
Data recovery from damaged devices.
Cloud storage analysis.
Legal and Ethical Considerations
• Privacy Issues:
Balancing investigation with personal privacy rights.
• Chain of Custody:
Maintaining data integrity and authenticity.
• Compliance:
Adhering to local laws and regulations (e.g., GDPR,
CFAA).
• Admissibility in Court:
Ensuring evidence is collected lawfully.
Challenges
• Encryption:
Difficulties with accessing locked devices.
• Constant OS Updates:
New security features.
• Diverse Devices:
Wide range of brands and models.
• Anti-forensics Techniques:
Intentional data hiding and destruction by users.
Future of Mobile Forensic
• AI and Automation:
Faster and more accurate analysis.
• Cloud and IoT Devices:
Expanding the scope of investigations.
• Improved Encryption Handling:
Advances in decryption techniques.
• Collaboration:
Partnerships with tech companies for lawful data access.
Mobile Phone Forensics
Analysis of Mobile Phone, SIM Card, Memory Card
- Call Details (incoming, outgoing, missed)
- Contact numbers (mobile phone & SIM)
- Messages (incoming, outgoing, drafts, Multimedia messages)
- Internet chat messages (Whatsapp, viber, skype etc.)
- Photographs, Audios/ Videos
- Calendar, To do List
- SIM Card Data (SMS, Contacts, call logs)
- Memory Card Data
- Deleted Data (Calls, SMS, contacts, images, videos, Memory card data)
- Anything saved in notepad or office files ppt, word, spreadsheet etc.
Call Detail Record (CDR)
• Provided by Mobile Phone Operators (Telenor, Mobilink,
Ufone, Zong, Warid etc.)
• Call Details (incoming, outgoing, missed)
• Contact numbers (only SIM)
• Messages (incoming, outgoing, drafts) but without
content of message.
• Does not provide Images, Videos, Audios, internet chat
files, Office Files, Calendar entries etc.
What potential evidence might be
recoverable from a mobile phone ?
Subscriber Identity Module (SIM)
• A special type of 'smart card' containing:-
Processor
Memory
• Stores:-
- Integrated Circuit Card Identifier (ICCID)
-Subscriber identity (IMSI)
- User data (e.g. SMS, contacts)
• The Handset
IMEI15 or 16 digits made up of:
➤Type Allocation Code (TAC) and Final Assembly Code
(older specs) - details of the manufacturer, make and
model of handset
➤Serial Number(optional)
➤Luhn checksum or Software version
353519/02/642377/4 TAC Serial No Luhn