explain that these challenges are the result of frequent updates to the operating system and the constant attempts to communicate externally. Accordingly, it is imperative that forensic examiners employ proper evidence handling of mobile devices to prevent contamination and/or data destruction. For this reason, forensic examiners should employ a mobile forensic process that will provide the necessary procedures to follow for conducting a forensically sound investigation. As a result, the process model for mobile forensics will encompass four phases. Ayers et al. (2014) describes these phases as:
• Preservation, which encompasses searching, recognition, documentation, and collection of digital evidence to ensure admissibility in a court of
…show more content…
• Reporting, this provides a detailed report describing procedures, observations, and results. For this reason, it is imperative that the forensic examiner maintains all documentation, notes, images, and steps taken in a clear and concise manner that can be repeated by another forensic examiner.
Strengths and Weaknesses
There are a few advantages of the forensic methodology regarding mobile forensics. One of the advantages is the ability to search a digital device that 64% of Americans utilize on a daily basis. As a result, this media permits forensic examiners to acquire, analyze, and examine texts, emails, phone calls, images, and internet history. Also, since current smartphones are heavily employed for GPS, location tracking is also possible. Additionally, there have been advances in forensic tools that are exclusive for mobile forensics that were developed by companies like Cellebrite and MSAB (XRY tool).
However, even though there are specialized forensic tools available, they are not completely reliable. Gogolin (2013) attributes this to the misperception that a mobile forensic tool can be reliably employed for every device, when in fact it may not support as many devices as advertised. Additionally, Raghav and Saxena (2009) describe several challenges that examiners may encounter, for example:
• is the mobile device functional or has it been damaged (water or physical damage);
• the type of mobile device (smartphone or
As disaventadges, this method does not guarantee the intergrity of possible evidences, it is not possble to locate hidden information or deleted data, and if the device is looked by Pin, Gesture pattern, or password, the researcher cannot perform manual acquisition.
Forensic evidence has been shown to be reliable due to many factors of evidence such as DNA, blood, fingerprints, etc.; however, many cases have shown that
Review the information in the text sheet entitled “Overview of Evidence and Digital Forensic Analysis Techniques,” which describes different types of digital forensic analysis techniques, such as disk forensics and e-mail forensics.
Ibrahim Baggili, an assistant Professor of Computer Science at the University of New Haven said this, "Forensic evidence from a smartphone or a computer might be critical to solving a crime (Baggili).” Personal and private information are stored on phones and computers and it is a great tool for a scientist to use when working on a crime.
It is critical that evidence is collected in the correct manor to ensure that evidence is not destroyed. The investigator who is collecting the evidence should be properly trained in collection of evidence (Cosic, 2011). One example of proper protocol would be if a computer or cell phone is turned on when found, then it should not be turned off to prevent possible destruction of evidence or prompting for a password for access. The collection process can sometimes prove to be the most difficult because it evidence can easily be compromised or even destroyed (Manes,
What potential sources of digital evidence do you find at a crime scene? First of all, what is digital evidence? Digital evidence is any information or data of value to an investigation that is stored on, received by, or transmitted by an electronic device. Also, Digital evidence or electronic evidence is any probative information stored or transmitted in digital form that a party to a court case may use at trial. Text messages, emails, pictures and videos, and internet searches are some of the most common types of digital evidence. Most criminals now leave a digital trail;
The second aspect we identified is that of public safety, given the nature of our work as investigators. Digital forensic investigations can have a very drastic impact on public safety from a community wide concern to that of the health and well being of a single person. Often times when a mobile device is explained by a forensic investigator, the investigation is related to a criminal matter where a person is either harmed physically harmed or harmed in the less
Cell phones contain call history, contacts, text messages, web browser history, email, a Global Positioning System (GPS), and other location information that police and law enforcement agencies find valuable. Evidence from cell phones can help investigators piece together motives and events and provide new leads.(Darice Britt, 2016). The use of Ashley Smiths phone record was one of the strategies used in the investigation to link someone to Ashley’s death. Once they received Ashley Smiths phone records they were able to go one by one and filter the times the phone was used or called within the parameters of the investigation. The phone records of Ashley Smith was a big strategy within the law enforcement
When a mobile phone is submitted for laboratory processing, usually specific items are requested for recovery. These terms may be call logs, graphics, etc. If the forensic examiner has any doubt during the process, he should contact the submitter for clarification. It is recommended to do a complete acquisition to avoid redoing the process later. Sometimes, if there is a limited scope search warrant, it will not be possible to recover all available data. For example first the text messages, then only the items that are covered by the warrant should be reported. The following steps are followed in general for memory card data acquisition:
Electronic evidence is very fragile because it can be destroyed or altered very easily, therefore it is imperative that investigators follow very careful all the procedural steps when collecting electronic evidence (Diversified Forensics). Before any electronic evidence is gathered investigators should determine whether there is probable cause that a crime has been committed, or if the crime was committed somewhere else the investigator should determine whether the electronic evidence will aid the investigation process to prove or disapprove the crime, if a warrant is needed it must be obtained prior to collecting the evidence (Diversified Forensics). Hard drives, computers, and other electronic devices must be turned off, unplug all cables,
For this reason, it is imperative that the information gathered is reliable and accurate to ensure the evidence collected can be utilized by the digital forensic investigator for the current case (Ingalls & Rodriguez, 2011). Additionally, cyber incidents require digital forensic investigators to interview various individuals regarding the information needed for the case. According to the National Institute of Justice (2004), interviewing the system administrator, users, and employees of an organization regarding a cyber incident would provide investigators with valuable information; for example, user accounts, email accounts, network configuration, logs, and passwords. Furthermore, for digital forensic investigators to conduct an effective interview, they must have the proper tools and training to employ the interview process. For instance, formal procedures or instructions should be developed and implemented to ensure that the investigator follows a standard during all investigations. Additionally, training should be provided to ensure that digital forensic investigators comprehend by what means to prepare, conduct, and evaluate an interview. Furthermore, resources should be made available for digital forensic investigators to accomplish their tasks; for example, recording devices and references. Also, definitions should be provided to the digital forensic investigators for
Providing training, examination services and research into cutting edge processes to extract potential evidence from mobile devices to include cellular phones, skimming devices and GPS units
Preservation: Before performing a computer forensics analysis, we must ensure to do everything possible to preserve the original data and media. It involves making a forensic image of the media and conducting our analysis on the copy versus the original.
The book gives a general overview of the field of forensic science. The sections of the book include “The Scene of the Crime; Working the Scene--The Evidence; Working the Scene of the Body Human;
In simple terms, computer or digital forensic evidence analysis is the scientific collection of data that is either retrieved or held by a computer storage device that can be used against a criminal in a court of law. For the information to be used in court it should be collected before it is presentation; therefore, there are a number of recommendations proposed to make sure that information collected meets the intended integrity.