Yuval Ben-Moshe writes:
Freezing Android phones just won't break the ice with forensic investigators.
Leading and available mobile forensics tools already have similar capabilities, enabling law enforcement to effectively obtain admissible evidences from mobile devices.
Mobile forensics has evolved at an exponential rate over the last decade or so. The rise of the Smartphone has meant it’s had to. Forensic investigations can rely on taking fingerprints or finding DNA samples on a car seat, as well as data from digital devices, such as mobile phones.
With the correct software, operated by a trained investigator, mobile data can be extracted and analysed very quickly. It’s vital that this process isn’t a lengthy one, as investigators can sometimes be operating in life or death situations.
A single device that has both the capability to extract as well as analyse mobile data is far more efficient and accurate than freezing the phone first and then processing the data in a separate computer.
The data that’s stored on a user’s mobile phone such as sent messages, browsed websites and recent calls can help investigators build a fairly accurate picture of a case. Devices such as the UFED device from Cellebrite, can not only retrieve this data but can also salvage data that’s been deleted by the user.
This can be critical to an investigation. Criminals could be mistaken for thinking that by deleting sensitive data they are removing it from the reach of the investigator.
Although digital technology has made criminal coordination easier, it has also made criminals more vulnerable to being caught. Before the age of the mobile phone, criminals would communicate via a landline telephone and, before that, through a telegram or a written letter. These methods of communication could be easily erased to avoid discovery.
Research into data extraction and analysis methods for the latest technology is of vital importance to law enforcement agencies. But, people should be aware of the technology that’s out there and at the disposal of investigators.
People should also be aware that due to the critical nature of digital forensics, taking a ‘DIY approach’ to data extraction is not the way forward. Investigators must use technology such as the UFED device for accuracy’s sake, in addition to the fact that it saves a considerable amount of time.
Yuval Ben-Moshe is senior forensics technical director at Cellebrite. Last year we spoke to Dave Golding of Cellebrite about the company’s smartphone fault diagnosis tool; you can hear the interview via our website audio player or by downloading the mp3 file.