The use of Mobile devices in criminal investigations and similar activity has been present and widely recognised for some years. The forensic method and study of mobile devices is relatively new (dates from the early 2000s).
Just as the regular population uses mobile devices, so do the criminals. The forensic investigations of mobile devices cannot be done in the conventional manner of a computer forensics investigation, as there are lots of hardware, software, and filesystem differences in mobile devices. In the case of mobile devices, there are many closed and open source operating systems which make mobile device forensics even more difficult. This gives rise to the field of Mobile Forensics, which covers feature phone, smart phone, tablets, and other mobile devices.
A mobile phone contains various information – ranging from contacts, notes, images, calendars, SMS, MMS.
A smart phone contains more than simply email or files. A mobile device can contain videos, web browsing, location, and social networks. All of these components are useful in Mobile Forensics to uncover useful evidence.
Mobile device forensics is a field to obtain digital evidence from mobile devices for an investigation. Mobile Forensics is not only limited to a mobile phone, but it also covers GPS, tablets, PDA, and other mobile devices. The main goal in Mobile Forensics is to retrieve data from memory, SD card, SIM without any loss, damage, or manipulation of data.
Types of evidence found on mobile devices are not only limited to memory, SIM, or SD card, but it also includes all the smartphone evidence such as cloud storage, browser history, and geo location.
The evidence is stored in internal memory, flash memory or external memory devices, such as SIM and SD cards, call history, and details may be obtained from service providers.
The detailed list of evidence on mobile devices will include the following:
- Subscriber and equipment identifiers
- Date/time, language, and other settings
- Phonebook/Contact information
- Calendar information
- Text messages
- Outgoing, incoming, and missed call logs
- Electronic mail
- Audio and video recordings
- Multimedia messages
- Instant messaging
- Web browsing activities
- Electronic documents
- Social media related data
- Application related data
- Location information
- Geolocation data
Challenges in Mobile Forensics
The mobile device undergoes a wide range of software and hardware upgrades. Various vendors push these upgrades. Different operating systems and their flavor add to the challenge. As another factor in the problem, there are lots of differences in architecture and filesystems. Different operating systems such as Android, Feature Phone or IOS requires different forensic methods. Thus, a Mobile Forensics examiner has to use different tools and techniques to address this issue.
Cloud Based Services for Mobile Devices
Mobile cloud computing is the combination of mobile networks and cloud computing allowing user applications and data to be stored in the cloud (i.e., internet servers) rather than the mobile device memory. This data may be stored in geographically diverse locations. Cloud computing environments are complex in their design and frequently geographically disperse. Often, storage locations for cloud computing are chosen due to lowest cost and data redundancy requirements. One issue may be the identification of the location of the data. This is an emerging field.