Mobile Devices

Talha Arshad
M Shakir Manzoor
Rafiullah khan
Hamid Anees
Introduction
In today's digital age, mobile devices are an integral part of our lives. They store
a vast amount of personal and professional information, making them a treasure
trove for forensic investigators. This presentation will delve into the significance
of mobile devices in forensic investigations, exploring the techniques employed
for data extraction and analysis
• We are living in an information age
• Mobile devices are everywhere, used by everyone (suspect, victim,….) for
everything (crimes, daily tasks,…..)
• • Like DNA and fingerprints nowadays everyone has digital prints (mobile
phone, email/social networking sites a
Digital Evidence

• Digital evidence is information and data of value to an

investigation that is stored on, received, or transmitted
by an electronic device.
• Digital evidence-Is latent, like fingerprints or DNA
evidence.- Crosses jurisdictional borders quickly and
easily.- Is easily altered, damaged, or destroyed.- Can be
time sensitive.
Mobile Forensic Process
1. Identification
Identifying Relevant Devices:
Determine which devices are relevant to the case (e.g., smartphones,
tablets, SIM cards, memory cards).
Consider connected devices like wearables (smartwatches) and IoT
devices.
Understanding Device Environment:
Is it Android, iOS, or another operating system?
What type of data might it contain?
2. Preservation
Preventing Data Alteration:
Use of Faraday bags to block network signals and prevent remote
wiping or tampering.
Powering off devices safely to preserve volatile data when necessary.
3. Extraction
• Methods of Extraction:
Physical Extraction: Complete memory dump to access all data, including deleted files.
Logical Extraction: Accessing specific files or partitions without touching the entire memory.
Cloud Data Extraction: Gathering information stored on cloud platforms associated with the
device.
Chip-Off and JTAG: Advanced techniques to extract data directly from the device’s hardware.

4. Analysis
Data Examination:
Use forensic tools to parse and analyze raw data.
Categorize data into relevant sections such as calls, messages, app usage, and
location history.
Timeline Creation:
Reconstruct events chronologically to provide context.
Identifying Key Evidence:
Look for keywords, specific images, or patterns of communication.
5. Reporting

Document Findings:
Generate reports with screenshots, data logs, and expert
interpretations.
Maintain clarity and simplicity to make the evidence
understandable in court.
Ensure Admissibility: Provide chain of custody
documentation to prove data integrity.
Tools and techniques
• Common Forensic Tools:
Cellebrite: Leading mobile forensic tool.
Magnet AXIOM: Comprehensive analysis software.
Oxygen Forensic Suite: Focused on mobile devices.
• Techniques:
Passcode bypass methods.
Data recovery from damaged devices.
Cloud storage analysis.
Legal and Ethical Considerations
• Privacy Issues:
Balancing investigation with personal privacy rights.
• Chain of Custody:
Maintaining data integrity and authenticity.
• Compliance:
Adhering to local laws and regulations (e.g., GDPR,
CFAA).
• Admissibility in Court:
Ensuring evidence is collected lawfully.
Challenges
• Encryption:
Difficulties with accessing locked devices.
• Constant OS Updates:
New security features.
• Diverse Devices:
Wide range of brands and models.
• Anti-forensics Techniques:
Intentional data hiding and destruction by users.
Future of Mobile Forensic
• AI and Automation:
Faster and more accurate analysis.
• Cloud and IoT Devices:
Expanding the scope of investigations.
• Improved Encryption Handling:
Advances in decryption techniques.
• Collaboration:
Partnerships with tech companies for lawful data access.
Mobile Phone Forensics
Analysis of Mobile Phone, SIM Card, Memory Card
- Call Details (incoming, outgoing, missed)
- Contact numbers (mobile phone & SIM)
- Messages (incoming, outgoing, drafts, Multimedia messages)
- Internet chat messages (Whatsapp, viber, skype etc.)
- Photographs, Audios/ Videos
- Calendar, To do List
- SIM Card Data (SMS, Contacts, call logs)
- Memory Card Data
- Deleted Data (Calls, SMS, contacts, images, videos, Memory card data)
- Anything saved in notepad or office files ppt, word, spreadsheet etc.
Call Detail Record (CDR)
• Provided by Mobile Phone Operators (Telenor, Mobilink,
Ufone, Zong, Warid etc.)
• Call Details (incoming, outgoing, missed)
• Contact numbers (only SIM)
• Messages (incoming, outgoing, drafts) but without
content of message.
• Does not provide Images, Videos, Audios, internet chat
files, Office Files, Calendar entries etc.
What potential evidence might be
recoverable from a mobile phone ?
Subscriber Identity Module (SIM)
• A special type of 'smart card' containing:-
Processor
Memory
• Stores:-
- Integrated Circuit Card Identifier (ICCID)
-Subscriber identity (IMSI)
- User data (e.g. SMS, contacts)
• The Handset
IMEI15 or 16 digits made up of:
➤Type Allocation Code (TAC) and Final Assembly Code
(older specs) - details of the manufacturer, make and
model of handset
➤Serial Number(optional)
➤Luhn checksum or Software version
353519/02/642377/4 TAC Serial No Luhn

TAC Serial No Luhn

IMEI Display
*#06#(send)
Mobile Examination Process
Faraday Cage
 Thank
You