Mobile and Cellular Device Forensics Tools

As mobile devices rise in popularity and sophistication, so does their use among people conducting illegal activities. For that reason, evidence from mobile devices is becoming increasingly important to law enforcement in fighting crime. In fact, digital evidence from a mobile phone led international police to the terrorists responsible for the Madrid train bombings that killed at least 190 people in 2004.

On this page, find:

Mobile Device Evidence Collection Tools Needed by Law Enforcement

To successfully collect and analyze evidence from mobile devices, law enforcement needs tools that can recover system files, operating system information, applications, deleted files and unallocated space. Some available tools capture the logical image (what users can see without using special tools), which is only a portion of the phone's data storage capacity. However, law enforcement needs more tools that capture the entire physical image including deleted files, messages, photos and call logs. Often, the deleted data is extremely valuable to the investigation and provides more comprehensive evidence for prosecution.

Mobile Devices and Data Mining

Evidence from cellular devices plays a key role in data mining, an often overlooked use of digital evidence. By exporting information from multiple digital devices (such as call logs from multiple cellular phones or e-mails from computers) and importing that data into an analytical software package, investigators using data-mining techniques can diagram and visualize a criminal enterprise or a timeline of events. This graphical representation can make it easier for investigators to understand the complex relationships in a criminal enterprise or for a jury to understand criminal activity and the possible connections among offenders in a courtroom presentation.

Understanding the Fundamentals of Mobile Device Analysis

A greater understanding of the fundamentals of mobile cellular device analysis is needed. Law enforcement needs a baseline knowledge of tools for collecting and analyzing digital evidence from mobile phones. Issues of importance include:

  • An assessment of the current knowledge level in the field.
  • Identification of tools available to collect digital evidence from mobile devices.
  • Identification of all the cell phones in use that may become evidence in an investigation and a determination of how many can be forensically acquired and analyzed with the existing cell phone forensic solutions.
  • Identification of the gaps in the number of cell phones in use and the existing cell phone forensic solutions for future technology development projects.

Next Section: Mobile Device Forensics Training.

Date Created: November 5, 2010