Mobile Forensics
The development of mobile phone applications is rapidly increasing with processors and other data-based applications that were previously in computer being ported to mobile devices. Mobile phones have diverse capability, such as sending short messages and storing electronic documents that have made these devices act as mini-offices. Mobile phones are further used to perform online transactions, thus improving the convenience of these services.
However, mobile technologies have posed challenges when it comes to law enforcement regarding their use. Mobile phone devices have been used to organize crime for over three decades; however, this knowledge is not widely available as many people believe their high adoption in the recent years is the source of crime. Digital forensics still lacks the capability to acquire criminal evidence from mobile devices, making most crimes to go unsolved.
Mobile phone forensics have portrayed significant differences from computer forensics. One of the differences is that mobile phones use file systems while computers use operating systems. Most forensic investigators are familiar with acquiring information from operating systems; therefore, getting forensic information from file systems becomes a challenge. Additionally, OS and FS have different states of operation. A mobile phone device can remain active even after being switched off, unlike computers. This means that dead forensic acquisitions from mobile devices will not generate the same has vales even after switching them off (Jansen, 2004).
The demand to examine cellular phones is increasing. However, the process of extracting data from mobile phone devices is not easy and it is becoming complex as more types of smartphones are developed. These devices have unique operating systems and file systems and the data used in these devices is rapidly evolving. Therefore, forensic investigators need sufficient knowledge regarding the uniqueness of mobile devices and their operations, including data storage (Brothers, 2011). Additionally, not all data found in cellular phones is important.
Evidence extraction from mobile devices is a multi-layer process. It involves nine phases, which starts with the intake phase, identification, preparation, isolation, processing, verification, reporting, presentation, and then archiving.
There is a need to develop specific examination guidelines for mobile forensics to guide investigators through the process. However, the examination will not be uniform since mobile devices vary and new ones with more complex systems are emerging each day. Therefore, due to the rapid development, the examination procedures should be reviewed from time to time to ensure they align meet the demand of investigating data in emerging devices.
There are speculations that mobile forensics has no future because getting passcodes for resent IOS devices is almost impossible. However, the future of mobile forensics depends on the capability to individual mobile developers to create secure devices.
So far, IOS devices are considered the most secure. IOS provides cloud backups for users and forensic investigators can use data stored in the cloud to conduct investigations. Additionally, some applications such as Itunes will make data forensics in the future easier because they can allow investigators to access data when device passcode is not known.
Android phones are also enhancing their security as seen with new products getting into the market. Therefore, the speculations that mobile forensics lies with over-the-air acquisition is not entirely true. This is because investigators too are developing tools to acquire data from devices whose passcodes are not known. Developers too can help with the process.
References
Brothers, S. (2011). How Cell Phone “Forensic” Tools Actually Work – Cell Phone Tool
Leveling System. DoD Cybercrime Conferece. 2011. Atlanta, GA
Jansen, W., & Ayers, R. (2004). Guidelines on PDA Forensics.
http://csrc.nist.gov/publications/nistir/nistir-7100-PDAForensics.pdf,