Cell Phone Forensics / Mobile Device Forensics is the recovery of digital evidence, or data, from a Cell Phone using forensically sound methods. The term Mobile Device usually refers to Smart Phones. However, it can also relate to other digital devices that have both internal memory and communication ability. These devices include Personal Digital Assistants (PDA) devices, Global Positioning System (GPS) devices and tablet computers such as iPad, smartphones and Galaxy Tablets.
Mobile devices have the ability to store several types of personal information such as contacts, photos, calendars, notes, iMessage, Short Message Service (SMS) Text Messages and Multimedia Message Service (MMS) messages. In addition, more sophisticated Cell Phones commonly referred to as Smart Phones or Smart Cell Phones may also contain location information, videos, email, web browsing history and content, as well as Social Network, such as Facebook and LinkedIn, messages and contacts. Some Cell Phones are also able to report the history of the cellular towers they were attached to when a call was made or a Text Message was sent.
Sample SMS Message Extracted Using Cell Phone Forensics
Sample Contact Information Extracted Using Cell Phone Forensics
The majority of Cell Phones used in today’s society provide some ability to load additional applications, store and process personal and sensitive information independently of a desktop or notebook computer. Some applications synchronize data either to the Internet or to a local computer. As Cell Phone technology evolves, the capabilities of Mobile Devices continues to improve rapidly. When Cell Phones or other Mobile Devices are involved in a crime or other incident, the device(s) are able to tell a significant story about what was going on with the user at the time, if the information is property captured.
Mobile Devices usually have a Digital Camera built in. Digital Photos have information embedded in them including GPS coordinates that can also indicate where the photo was taken.
Sample Photo Extracted Using Cell Phone Forensics
Cell Phone forensics can be particularly challenging as each device is unique and has a unique set of software installed. In addition, the storage which may be added to the device, usually in the form of an SD card, may further complicate the analysis process. This is just one reason it is critical to have an educated and trained cell phone expert involved.
Sample File Information Extracted Using Cell Phone Forensics
When examining Cell Phones, it is normal protocol to obtain the Cell Phone Carrier records. Cell Phone Carrier Forensics examines records that may validate what was found on the Cell Phones as well as information the carrier has which many not be on the phone. This information usually includes:
- Whether the call was originated by the Cell Phone.
- The quantity of data downloaded
- Text messaging history such as date and time of the text message as well as the phone numbers which were sending and receiving Short Message Service (SMS) Text Messages.
- Plan code (M2M - Mobile to Mobile, for instance )
- Cellular tower number and GPS location for the cellular tower(s) used for the phone call, text message or data exchange.
For Phone calls the carrier should give you additional information including:
- Connection date
- Connection time
- Seizure time
- Originating phone number
- Originating IMEI or MEID ( cell phone serial number )
- Originating IMSI ( SIM Serial Number )
- Terminating Phone number
- Elapsed time or call duration
- Number dialed
For Text or SMS Messages the cell phone company should also provide:
- Originating phone number
- Originating IMEI or MEID ( cell phone serial number )
- Originating IMSI ( SIM Serial Number )
- Terminating Phone number
In addition to the Mobile Device and Cellular Carrier records, archives and backups of the data contained in the phone may be found either stored on the Internet or on a local computer. Archives and backups may contain data which was deleted between the time of the backup and when the phone was examined.
It is important, when investigating an incident, to get possession of the cell phone and to capture its data early in the investigation - we call this “Rapid Seize and Freeze”.
Don’t wait months, weeks or even days hoping the data is still on the Mobile Device. Generally, the sooner the data on the Smartphone or Mobile Device is captured, the better.
Call our Cell Phone / Mobile Device Forensics Experts at: 866-795-7166 for a free consultantion. We can help you with preservation letters, interrogatories and requests for production.