Seven Problems with Cell Phone Forensics

Monday, March 26, 2012

Bozidar Spirovski

E973b16363b3de77b360563237df7e32

Article by Coleen Torres

Cell phones don’t feel newfangled but in truth they are. With innovation comes swift change, sometimes so swift that it is difficult for forensic scientists to keep up.

Criminals use cell phones in a variety of crimes and it is up to the forensic scientists to uncover their transgressions.

But where do they start? What are some complications that scientists encounter?

  • Innovation - Change is the number one issue for forensic scientists to overcome. Even the cell phone manufactures don’t always know how to retrieve information stored in new phones, so how can scientists retrieve the information? Staying up-to-date on new cell phones is challenging but not impossible. As fast as they are created, criminals come up with ways to abuse them. Strangely enough, this can be beneficial for forensic scientists. Using online tips can allow scientists to simply access information that would otherwise remain unreachable.
  • Charge – Unlike computers, much of what is stored in a phones memory is reliant upon the battery. When the electricity goes, so does the information. Depending on what information you are looking for and how it is stored, battery or charger power is an essential thing to think about.
  • SIM cards and removable media - SIM cards are the soul of a cell phone. They carry vital user information. Likewise, removable media, such as SD cards, can have lots of stored data on them. It is important that forensic scientists have the appropriate equipment to read and evaluate the data.
  • Passwords – Password protection on cell phones is challenging to overcome, though not impossible. Depending on the model, passwords can be circumvented in several ways.
  • Internet connection – The smarter cell phones become, the harder they are to examine. Using an internet connection instead of SMS or voice makes a forensic scientist’s job much more difficult.
  • Quarantine – One thing that is often disregarded is the need to sequester the cell phone before analyzing it. New text messages can overwrite old material, and connections to the internet can invalidate old data. It is imperative to make sure the phone is isolated.
  • Security augmentations - Forensic scientists must be especially alert when dealing with cell phones that have been improved in some way. Some users have the capability of putting in dead man’s switches, effectually wiping the contents after an action or a period of time. Malware can also be downloaded onto the phone, placing the computer systems in danger.

There are many more problems for forensic scientists to watch out for, but these are the seven most common. Tracing cell phone data is a laborious task, but it can be done. All it takes is a little investigation, a few tools, and a lot of persistence.

This is a guest post by Coleen Torres, blogger at Phone Internet. She writes about saving money on home phone, digital TV and high-speed Internet by comparing prices from providers in your area for standalone service or phone TV Internet bundles.

Talkback and comments are most welcome...

Cross-posted from Short Infosec

Possibly Related Articles:
9465
PDAs/Smart Phones
Information Security
Passwords Storage Forensics Mobile Devices Smart Phone Investigation Innovation Data Recovery SIM Card Coleen Torres
Post Rating I Like this!
Default-avatar
Mike Adams Like most articles not written by one who practices cell phone forensics this one is a mixture of current and valid information and out of date information.

A SIM was once the "soul" of cell phone forensics but that changed a long time ago. Today most cell phone SIM cards store just enough data to allow the user access to their carrier's network. In fact many cell phones do not even have a SIM card; iPhones, for example, do not have SIM cards.

While battery power is sometimes an issue it has yet to interfere with any cell phone investigations we have performed in the last four years. We have successfully pulled months old data from cell phones that have been dropped in the water and could not have been charged even if the owner had tried. This is because the memory chip has special technology designed to retain memory at all costs. You just have to know how to get it.

The general tone of the article rings true although not for every point the author makes. As cell phones become more sophisticated so does cell phone security.

Privacy laws, automatic encryption, the Cloud, legal challenges, and Federal Government Specifications that require built in security measures pose real challenges to cell phone forensics.

Still, for the most part, if there is a warrant to get your data on your phone it can be gotten. If one spouse wants to know what the other spouse is really up to, well, there are ways to do that too. If you really want to be safe just don't use anything digital. HA!

Mike
1375465119
Default-avatar
Mike Adams CORRECTION!!!

In my above comment I meant to say that iPhones and other phones do not even USE SIM cards for anything except subscriber information. They do have a mini SIM but in relation to cell phone forensics the solid state memory chip is the 'soul' of the iPhone and most other phones. We use 'chip off' forensics when required to access the solid state memory.

Thank you,

Mike
1375475502
Default-avatar
jassica john Purchasing or even selling jewelry is an essential part of the precious jewelry advertise, while learning that it and exactly how in order to prevent cons can be complicated.
http://www.realizzazionesitiwebitalia.net
1393233940
Default-avatar
jassica john In order to get started selling Final Expense Life insurance, you need to be licensed in the state you're selling in. In most states, you simply need to pass their insurance license exam.
http://www.oregon-insurancelicense.com
1393502559
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.