Cell Phone Forensics / Mobile Device Forensics is the recovery of digital evidence, or data, from a Cell Phone using forensically sound methods. The term Mobile Device usually refers to Smart Phones but it can also relate to other digital devices that have both internal memory and communication ability. These devices include Personal Digital Assistants (PDA) devices, Global Positioning System (GPS) devices, and tablet computers such as iPads and other Tablets.
Mobile devices have the ability to store many types of personal information such as contacts, photos, calendars, notes, iMessage, Short Message Service (SMS) Text Messages, and Multimedia Message Service (MMS) messages. In addition, more sophisticated Cell Phones commonly referred to as Smart Phones or Smart Cell Phones may also contain location information, videos, email, web browsing history | content, as well as messages and content from Social Networks like Facebook, LinkedIn, Twitter, TikTok, and Instagram. Some Cell Phones are also able to report the history of the cellular towers they were attached to when a call was made or a Text Message was sent.
Sample SMS Message Extracted Using Cell Phone Forensics:
Sample Contact Information Extracted Using Cell Phone Forensics:
Other Applications
Almost all modern cell phones provide some ability to load additional applications and store and process personal and sensitive information independently of a desktop or notebook computer. Some applications synchronize data either to the Internet or to a local computer. Apps like Google Voice, Whatsapp, WeChat, and others not only have message data but may have other data including but not limited to location information. They can also exchange data with other mobile devices and with personal computers as well. As Cell Phone technology evolves, the capabilities of Mobile Devices continue to improve rapidly. When Cell Phones or other Mobile Devices are involved in a crime or other incident, the device(s) are able to tell a significant story about what was going on with the user at the time if the information is properly captured.
Cell Phone Cameras
Mobile Devices normally have Digital Cameras built in. Digital Photos have information embedded in them which may include GPS coordinates that can indicate where the photo was taken.
Sample Photo Extracted Using Cell Phone Forensics:
Additional Challenges
Cell Phone forensics can be particularly challenging as each device is unique and has a unique set of software installed. In addition, the storage which may be added to the device, usually in the form of an SD card, may further complicate the analysis process. This is just one reason it is critical to have an educated and trained cell phone expert involved.
Sample File Information Extracted Using Cell Phone Forensics:
Call Detail Records (CDRs)
When examining Cell Phones, it is normal protocol to obtain the Cell Phone Carrier records. Cell Phone Carrier Forensics examines records that may validate what was found on the Cell Phones. There may also be additional information the carrier has that may not be on the phone.
See this article for more information: Cell Phone Carrier Forensics AKA Call Detail Record Forensics (CDRs)
Archives and Cloud-Based Backups
In addition to the CDRs and the Mobile Device itself, archives and backups of the data contained in the phone may be stored on the user's computer system or located in the cloud. Automated cloud-based backups are available through iOS, android, google, and other services. Archives and backups may contain data that was deleted between the time of the backup and when the phone was examined.
Rapid Seize and Freeze
When investigating an incident, it is essential to get possession of the cell phone and to capture its data early in the investigation - we call this “Rapid Seize and Freeze”. Don’t wait months, weeks or even days hoping the data is still on the Mobile Device. Generally, the sooner the data on the Smartphone or Mobile Device is captured, the better.
Call our Cell Phone / Mobile Device Forensics Experts at 866.795.7166 for a free consultation. We can help you with preservation letters, interrogatories, and requests for production.
