Saturday, July 2, 2011

Forensic Investigation of Celullar and Mobile Phones

In general, the same forensic principles that apply to any computing device also apply to mobile devices in order to enable others to authenticate acquired digital evidence.” (Casey E. at. al. 2011) therefore a forensic investigator should follow the same forensic process as with any computing device. When an acquired digital evidence involves a recovered phone call, the investigation process usually include accessing data collected by the cellular network provider. A number of countries have erected laws to expedite the access of the law enforcement agencies to the client information, such as The Regulation of Investigatory Power Act of 2000 (RIPA) in UK, USA Patriot Act, The Surveillance Devices Bill 2004 in Australia and The Search and Surveillance Powers Bill 2008 in New Zealand. These laws require (telephone and internet) service providers to maintain a log of all communication such as calls, Email messages, SMS (text messages), MMS (multimedia messages), established Internet connection, etc.
With appropriate legal documents (as required), the investigator can obtain information such as customer name, billing name, geographic locations (based on the Base Station Transceiver), list of calls, etc. which could be helpful for the investigation process. More over, while it is generally believed that prepaid cellular phones are cheap enough and difficult to trace (Casey E. at. al. 2011), the device can still contain useful information. In addition, service provider could maintain information such as “credit card numbers used for purchases of additional time or an email address registered online for receipt of notifications” (Jansen W. and Ayers R. 2007).
Due to the diversity in the functionality and capabilities of the mobile devices (cellular phones, smart phones, etc) there is no one single investigation methodology of the cellar phone. In general, the process involves manual review of the information available through the menu such as address book, last call, text messages, etc. Specialized tools are used only when extraction of deleted information or access to “hidden” data (such as Apple iPhone cell towers and Wi-Fi hotspots database) is required (Laureate Online Education B.V. 2009). The potential evidences related to the mobile device include:
  • handset identifier - International Mobile Equipment Identity (IMEI)
  • Subscriber Identifier (SIM)
  • call register
  • address book
  • calendar
  • photographs
  • videos
  • voice mail
  • passwords such as Internet Mail accounts, desktop (for synchronization), etc.
  • installed applications
  • attached peripheral devices and special modification
  • accessed Wifi hotspots
  • cell towers


No comments:

Post a Comment