ATTENTION: The new home of the Digital Forensics Wiki is at https://forensicswiki.xyz/. Yeah, it's a silly name, but it was cheap.
This wiki will be going offline permanently in the near future. An exact date will be announced soon. Thank you for being a part of this community.
If you wish to work on the new forensicswiki, please join the Google Group forensicswiki-reborn
Cell Phone Forensics
- If on, switch it off. If off, leave off.
- Note only under exceptional circumstances should the handset be left switched on and in any case every precaution to prevent the handset connecting with the Communication Service Provider should be made. Consider use of a Faraday Bag (Shielded Bag). An example of a cellular seizure package is Paraben's Handheld First Responder Kit which also includes a Faraday Bag.
- Instead of switching off, it may be better to just pop the battery. Phones run a different part of their program when they are turned off. You may wish to avoid having this part of the program run.
- Collect and preserve other surrounding and related devices. Be especially careful to collect the power charger. The phone's battery will only last a certain amount of time. When it dies, much of the data on the device may go too!
- Plug the phone in, preferably in the evidence room, as soon as possible.
- Retain search warrant (if necessary - LE).
- Return device to forensic lab if able.
- Use forensically sound tools for processing. However, also remember ACPO Principle 2 says: In exceptional circumstances, where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions.
Expand on as to what to collect:
- Model Number,
- Color, and
- Other information related to Cell Phone and SIM Card...
- Research the Cell Phone for technical specifications. Visit PhoneScoop.com or GSMArena.com for more information.
- Research the Cell Phone for forensic information. Visit trewmte.blogspot.com or Phone-Forensics.com or SmartPhoneForensics.com for more information.
- forensicfocus.com(Practitioners Forum)
- trewmte.blogspot.com (Mobile Telephone Evidence Practitioner Site)
- GSMArena.com (Technical information regarding GSM Cell Phones)
- Phone-Forensics.com (Practitioners Forum)
- PhoneScoop.com (Technical information regarding all Cell Phones)
- MobileForensics.com (Good article on Cell Phones)
- SmartPhoneForensics.com (Knowledge Base for Cell Phone Forensics)
- Paraben-Forensics.com (Paraben's Handheld Forensic Training Classes)