0% found this document useful (0 votes)
31 views19 pages

Analysis and Interpretation of Mobile Devices

The document discusses the importance of mobile devices in forensic investigations, outlining the mobile forensic process which includes identification, preservation, extraction, analysis, and reporting of data. It highlights the challenges faced, such as encryption and diverse devices, and emphasizes the need for legal and ethical considerations in handling digital evidence. The future of mobile forensics is expected to involve advancements in AI, cloud technology, and collaboration with tech companies.

Uploaded by

Hamid Anees
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
31 views19 pages

Analysis and Interpretation of Mobile Devices

The document discusses the importance of mobile devices in forensic investigations, outlining the mobile forensic process which includes identification, preservation, extraction, analysis, and reporting of data. It highlights the challenges faced, such as encryption and diverse devices, and emphasizes the need for legal and ethical considerations in handling digital evidence. The future of mobile forensics is expected to involve advancements in AI, cloud technology, and collaboration with tech companies.

Uploaded by

Hamid Anees
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 19

Mobile Devices

Talha Arshad
M Shakir Manzoor
Rafiullah khan
Hamid Anees
Introduction
In today's digital age, mobile devices are an integral part of our lives. They store
a vast amount of personal and professional information, making them a treasure
trove for forensic investigators. This presentation will delve into the significance
of mobile devices in forensic investigations, exploring the techniques employed
for data extraction and analysis
• We are living in an information age
• Mobile devices are everywhere, used by everyone (suspect, victim,….) for
everything (crimes, daily tasks,…..)
• • Like DNA and fingerprints nowadays everyone has digital prints (mobile
phone, email/social networking sites a
Digital Evidence

• Digital evidence is information and data of value to an


investigation that is stored on, received, or transmitted
by an electronic device.
• Digital evidence-Is latent, like fingerprints or DNA
evidence.- Crosses jurisdictional borders quickly and
easily.- Is easily altered, damaged, or destroyed.- Can be
time sensitive.
Mobile Forensic Process
1. Identification
Identifying Relevant Devices:
Determine which devices are relevant to the case (e.g., smartphones,
tablets, SIM cards, memory cards).
Consider connected devices like wearables (smartwatches) and IoT
devices.
Understanding Device Environment:
Is it Android, iOS, or another operating system?
What type of data might it contain?
2. Preservation
Preventing Data Alteration:
Use of Faraday bags to block network signals and prevent remote
wiping or tampering.
Powering off devices safely to preserve volatile data when necessary.
3. Extraction
• Methods of Extraction:
Physical Extraction: Complete memory dump to access all data, including deleted files.
Logical Extraction: Accessing specific files or partitions without touching the entire memory.
Cloud Data Extraction: Gathering information stored on cloud platforms associated with the
device.
Chip-Off and JTAG: Advanced techniques to extract data directly from the device’s hardware.

4. Analysis
Data Examination:
Use forensic tools to parse and analyze raw data.
Categorize data into relevant sections such as calls, messages, app usage, and
location history.
Timeline Creation:
Reconstruct events chronologically to provide context.
Identifying Key Evidence:
Look for keywords, specific images, or patterns of communication.
5. Reporting

Document Findings:
Generate reports with screenshots, data logs, and expert
interpretations.
Maintain clarity and simplicity to make the evidence
understandable in court.
Ensure Admissibility: Provide chain of custody
documentation to prove data integrity.
Tools and techniques
• Common Forensic Tools:
Cellebrite: Leading mobile forensic tool.
Magnet AXIOM: Comprehensive analysis software.
Oxygen Forensic Suite: Focused on mobile devices.
• Techniques:
Passcode bypass methods.
Data recovery from damaged devices.
Cloud storage analysis.
Legal and Ethical Considerations
• Privacy Issues:
Balancing investigation with personal privacy rights.
• Chain of Custody:
Maintaining data integrity and authenticity.
• Compliance:
Adhering to local laws and regulations (e.g., GDPR,
CFAA).
• Admissibility in Court:
Ensuring evidence is collected lawfully.
Challenges
• Encryption:
Difficulties with accessing locked devices.
• Constant OS Updates:
New security features.
• Diverse Devices:
Wide range of brands and models.
• Anti-forensics Techniques:
Intentional data hiding and destruction by users.
Future of Mobile Forensic
• AI and Automation:
Faster and more accurate analysis.
• Cloud and IoT Devices:
Expanding the scope of investigations.
• Improved Encryption Handling:
Advances in decryption techniques.
• Collaboration:
Partnerships with tech companies for lawful data access.
Mobile Phone Forensics
Analysis of Mobile Phone, SIM Card, Memory Card
- Call Details (incoming, outgoing, missed)
- Contact numbers (mobile phone & SIM)
- Messages (incoming, outgoing, drafts, Multimedia messages)
- Internet chat messages (Whatsapp, viber, skype etc.)
- Photographs, Audios/ Videos
- Calendar, To do List
- SIM Card Data (SMS, Contacts, call logs)
- Memory Card Data
- Deleted Data (Calls, SMS, contacts, images, videos, Memory card data)
- Anything saved in notepad or office files ppt, word, spreadsheet etc.
Call Detail Record (CDR)
• Provided by Mobile Phone Operators (Telenor, Mobilink,
Ufone, Zong, Warid etc.)
• Call Details (incoming, outgoing, missed)
• Contact numbers (only SIM)
• Messages (incoming, outgoing, drafts) but without
content of message.
• Does not provide Images, Videos, Audios, internet chat
files, Office Files, Calendar entries etc.
What potential evidence might be
recoverable from a mobile phone ?
Subscriber Identity Module (SIM)
• A special type of 'smart card' containing:-
Processor
Memory
• Stores:-
- Integrated Circuit Card Identifier (ICCID)
-Subscriber identity (IMSI)
- User data (e.g. SMS, contacts)
• The Handset
IMEI15 or 16 digits made up of:
➤Type Allocation Code (TAC) and Final Assembly Code
(older specs) - details of the manufacturer, make and
model of handset
➤Serial Number(optional)
➤Luhn checksum or Software version
353519/02/642377/4 TAC Serial No Luhn

TAC Serial No Luhn


IMEI Display
*#06#(send)
Mobile Examination Process
Faraday Cage
Thank
You

You might also like