If you’ve ever wondered what mobile device forensics is, the goal of this post is to inform you about the basics of analyzing mobile devices and what you can expect to be retrieved from them.
Mobile device forensics refers to the collection and analysis of digital evidence or data from a mobile device such as a cellphone, smartphone, or tablet. As their availability has increased significantly, mobile device casework is more common than ever.
Mobile devices often provide the convenience to send and receive information from virtually anywhere in the world, allowing them to contain huge amounts of personal data. The type of evidence that can be retrieved often depends on the make and model of the device.
In general, the types of evidence that can be found on mobile devices includes:
- Messages (SMS/MMS, iMessage)
- Third Party Messaging Apps (Kik, Whatsapp, Facebook Messenger, etc.)
- Browser History
- Call Logs
- Pictures and Videos
- Location Data
- App Specific Data
- Active and deleted content
If you are looking to recover deleted data from the device, there are some factors that can limit the capabilities of recovery. The number one limitation is the make and model of the device. If the forensic tools used do not have support for the type of device, the likelihood of recovering data is limited. Another major contributing factor is the length of time that has passed since the content has been deleted and the amount of new data that has been written to the device since deletion.
Email: firstname.lastname@example.org Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology