Computer Methodology - Digital Forensics

Mobile Device Forensics - Methodology

Mobile-devices are widely used nowadays and have lot of varying features, from GPS to sending emails. According to ForensicYard(2020), "Mobile devices keep the user’s contacts from a variety of sources (including the phone, social networks, instant electronic messaging, and communication applications), data about phone calls, sent and received text messages, and e-mails and attachments." Mobile forensics is a branch of digital forensics which is related to the recovering of digital evidences by acquiring and analysing mobile devices(Duc, 2015).

The diagram below illustrates the steps of forensic methodology with respect to mobile device forensics.

                                                                              (Da Silveira et al., 2020)

The steps involved in this methodology will be explained according to Da Silveira et al(2020) :

1) Evidence Identification: Firstly, an evidence must be identified for seizure as not everything should be taken and analysed. Accordingly, the details for this evidence must be recorded.

2) Preservation: Evidence must be preserved well for it to be admissible in a court of law. Forensic experts must try to put the device seized away from alternation attempts by making sure it does not receive anymore calls, SMS, use GPS and remote data wiping. This could be prevented by placing the device in a special bag called the Faraday bag, which may shield the device against a large range of radio frequencies and wireless signals(forensicyard, 2020).

3) Chain of Custody: The chronological order of the transfer of physical and electronic data is significant and must be documented.

4) Methods: The digital forensic analyst must figure out which particular methodology, approach or tool should be used for data acquisition of the evidence.

5) Investigation: Analysts must search the evidence for answers from the questions provided by the authority responsible for the case.

6) Analysis: This step involves the analysis of the evidence acquired.

7) Final report: The documentation of all records done in the previous steps adding the answers to the questions asked by the respective authority.

Reference(s):


Da Silveira, C., T. de Sousa Jr, R., de Oliveira Albuquerque, R., Amvame Nze, G., de Oliveira Júnior, G., Sandoval Orozco, A. and García Villalba, L., (2020). Methodology for Forensics Data Reconstruction on Mobile Devices with Android Operating System Applying In-System Programming and Combination Firmware. Applied Sciences, [online] 10(12), p.4231. Available at: <https://www.mdpi.com/2076-3417/10/12/4231/htm> [Accessed 2 December 2020].

Duc, H., (2015). Introduction To Mobile Forensics. [online] eForensics. Available at: <https://eforensicsmag.com/introduction-to-mobile-forensics/> [Accessed 2 December 2020].

ForensicYard, (2020). Mobile Forensics : An Overview Of Techniques In Mobile Forensics Investigation - Forensic Yard. [online] Forensic Yard. Available at: <https://forensicyard.com/mobile-forensics/> [Accessed 2 December 2020].