Applied Cellphone Forensics

From ForensicsWiki
Revision as of 15:40, 14 February 2006 by Rmislan (Talk | contribs)

Jump to: navigation, search

Applied Cellphone Forensics

• Defining processes of the acquisition, preservation, analysis of evidence

• Presentation of physical and digital cellular phone evidence in the investigation process

• Evidence regulation and its impacts in the investigation process

• Applications: practical forensic cases related to cellular phones

Introduction

Cellular telephones are a ubiquitous consumer device. Over 180 million subscribers are using one of over 500 different cellphones offered in the United States from over 30 different manufacturers, processing voice and data traffic over 4 carrier networks. Invariably, with so much voice and data traffic being sent from one cellphone to another, many of these phones can provide critical evidentiary data to crime scene investigators. Unfortunately, the forensic acquisition and analysis of these phones is a new process in the computer forensics world. Several reasons exist, but the main reasons are the lack of awareness and training of law enforcement agencies. This paper is an effort to change this deficiency.

Processes of the acquisition, preservation, analysis of evidence

Due to their nature, cell phones are acquired and preserved in the same action. This acquisition and preservation is done with various tools and technologies. It can be done through various cabling systems and various software applications. Examples of the cabling systems include Paraben’s Cell Seizure Toolkit, Susteen’s Law Enforcement Cabling Kit, or the various manufacturers data cables.

The various software applications include: Paraben’s Cell Seizure Susteen’s SecureView BITPim Nokia’s Oxygen PM Forensic Edition GSM .XRY SuperAgent RSS MobilEdit Tulp2G Access Data’s FTK Guidance Software’s EnCase

SIM Card software applications: SIM Seizure SIMCon Tulp2G


The process of phone acquisition. 1. Take phone off network via faraday technology 2. Connect power source and ensure at least 50% charge 3. Connect the data synchronization cable to the phone 4. Launch the software application for acquisition and analysis 5. Acquire the phones image

Overly simplified… Is there a method for determining which application to use based on the phone? Can this be built from a database of knowledge


Presentation of physical and digital cellular phone evidence in the investigation process

Folder Organization Analog – Screenshots of phones Digital – Reports from applications Word Document for binding information together


Evidence regulation and its impacts in the investigation process

Applications: practical forensic cases related to cellular phones