Digital Forensics Dispatch
Digital Forensics Blog
by Sensei Enterprises, Inc.
Mobile Forensics: A Brief Introduction
October 19, 2021
What is mobile forensics?
Mobile forensics is a branch of digital forensics that specifically deals with the acquisition, analysis, and recovery of evidence from mobile devices. Mobile devices are items like a smart phone, a feature phone or a tablet. These devices have become more commonplace in investigations in recent years and can contain data critical to an investigation.
What data can be found on a mobile device?
Mobile devices can store a trove of information, such as call logs and message data. Many applications such as WhatsApp, Snapchat and Facebook Messenger can serve as both a chat messaging application and a phone call application. These messaging and call making applications often contain data of importance, whether it is the time a call was placed to a specific contact and how long the call lasted, or if it is a message that was sent to a contact containing information on where and when a meet up is supposed to happen.
Web browser history and searched items are also prominent on mobile devices, as most smart phones and tablets contain built-in web browsers such as Apple’s Safari browser or Android’s Google Chrome browser. A glimpse into browser history on the mobile device can reveal what websites have been visited and what internet searches were run on that device.
Mobile devices can also contain location data. This data depends on settings on the mobile device and if location data is enabled. If location data is enabled there can be information such as latitude and longitude points for specific dates and times. This information can be key to an investigation when trying to determine where a device was at a specific time. Additionally, if there is a Google account set up with the device, there is a good chance that there is location data within the Google account’s Location History.
Media files, such as pictures, videos, and audio recordings are prevalent on mobile devices. An analysis of media files can reveal information such as the date and time the files were created, location information of where a photo was taken or a video recorded. Media files on mobile devices frequently contain screenshots of other data. The screenshots could be of important messages or of messages from applications like Snapchat, where messages disappear after opening.
The analysis of a mobile device will also reveal the applications that are on the device. This information can be useful in determining if there are any applications that could be used to hide or delete data from the mobile device. A review of installed applications can also aid in the ability to detect malware or spyware on a mobile device.
Mobile devices contain a trove of information. However, before engaging an expert there is some information that they will need from you before they can answer specific questions. They will likely need to know the make and model of mobile device – this is because support varies from forensic software and hardware. Knowing the make and model of the device will help the expert identify what information can be acquired from the device and if that device is supported by their forensic tools. The expert will also probably be able to provide you with a time frame of how long the mobile device will be needed to acquire the data with the make and model of device. The expert may also ask about the storage capacity of the device as this can affect the amount of time it takes for the acquisition process. More data usually means more time.
Email: Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology