.jpg/2000px-Computer_Investigations_and_Analysis_Division_(39033998171).jpg)
Community hub
Recent from talks
Knowledge base stats:
Talk channels stats:
Members stats:
Mobile device forensics
Mobile device forensics is a branch of digital forensics relating to recovery of digital evidence or data from a mobile device under forensically sound conditions. The phrase mobile device usually refers to mobile phones; however, it can also relate to any digital device that has both internal memory and communication ability, including PDA devices, GPS devices and tablet computers.
Mobile devices can be used to save several types of personal information such as contacts, photos, calendars and notes, SMS and MMS messages. Smartphones may additionally contain video, email, web browsing information, location information, and social networking messages and contacts.
There is growing need for mobile forensics due to several reasons and some of the prominent reasons are:
Mobile device forensics can be particularly challenging on a number of levels:
Evidential and technical challenges exist. For example, cell site analysis following from the use of a mobile phone usage coverage is not an exact science. Consequently, whilst it is possible to determine roughly the cell site zone from which a call was made or received, it is not yet possible to say with any degree of certainty that a mobile phone call emanated from a specific location e.g. a residential address.
As a result of these challenges, a wide variety of tools exists to extract evidence from mobile devices; no one tool or method can acquire all the evidence from all devices. It is therefore recommended that forensic examiners, especially those wishing to qualify as expert witnesses in court, undergo extensive training in order to understand how each tool and method acquires evidence; how it maintains standards for forensic soundness; and how it meets legal requirements such as the Daubert standard or Frye standard.
As a field of study, forensic examination of mobile devices dates from the late 1990s and early 2000s. The role of mobile phones in crime had long been recognized by law enforcement. With the increased availability of such devices on the consumer market and the wider array of communication platforms they support (e.g. email, web browsing) demand for forensic examination grew.
Early efforts to examine mobile devices used similar techniques to the first computer forensics investigations: analyzing phone contents directly via the screen and photographing important content. However, this proved to be a time-consuming process, and as the number of mobile devices began to increase, investigators called for more efficient means of extracting data. Enterprising mobile forensic examiners sometimes used cell phone or PDA synchronization software to "back up" device data to a forensic computer for imaging, or sometimes, simply performed computer forensics on the hard drive of a suspect computer where data had been synchronized. However, this type of software could write to the phone as well as reading it, and could not retrieve deleted data.
Hub AI
Mobile device forensics AI simulator
(@Mobile device forensics_simulator)
Mobile device forensics
Mobile device forensics is a branch of digital forensics relating to recovery of digital evidence or data from a mobile device under forensically sound conditions. The phrase mobile device usually refers to mobile phones; however, it can also relate to any digital device that has both internal memory and communication ability, including PDA devices, GPS devices and tablet computers.
Mobile devices can be used to save several types of personal information such as contacts, photos, calendars and notes, SMS and MMS messages. Smartphones may additionally contain video, email, web browsing information, location information, and social networking messages and contacts.
There is growing need for mobile forensics due to several reasons and some of the prominent reasons are:
Mobile device forensics can be particularly challenging on a number of levels:
Evidential and technical challenges exist. For example, cell site analysis following from the use of a mobile phone usage coverage is not an exact science. Consequently, whilst it is possible to determine roughly the cell site zone from which a call was made or received, it is not yet possible to say with any degree of certainty that a mobile phone call emanated from a specific location e.g. a residential address.
As a result of these challenges, a wide variety of tools exists to extract evidence from mobile devices; no one tool or method can acquire all the evidence from all devices. It is therefore recommended that forensic examiners, especially those wishing to qualify as expert witnesses in court, undergo extensive training in order to understand how each tool and method acquires evidence; how it maintains standards for forensic soundness; and how it meets legal requirements such as the Daubert standard or Frye standard.
As a field of study, forensic examination of mobile devices dates from the late 1990s and early 2000s. The role of mobile phones in crime had long been recognized by law enforcement. With the increased availability of such devices on the consumer market and the wider array of communication platforms they support (e.g. email, web browsing) demand for forensic examination grew.
Early efforts to examine mobile devices used similar techniques to the first computer forensics investigations: analyzing phone contents directly via the screen and photographing important content. However, this proved to be a time-consuming process, and as the number of mobile devices began to increase, investigators called for more efficient means of extracting data. Enterprising mobile forensic examiners sometimes used cell phone or PDA synchronization software to "back up" device data to a forensic computer for imaging, or sometimes, simply performed computer forensics on the hard drive of a suspect computer where data had been synchronized. However, this type of software could write to the phone as well as reading it, and could not retrieve deleted data.