2. AGENDA
What is Mobile device forensics?
History
Types of evidence
Internal memory
External memory
Service provider logs
Forensic process
Seizure
Acquisition
Examination and analysis
Rooting / jailbreak
Controversies
Demo : mobile phone data acquisition using santaku AFLogic
13-07-2017
Suresh Kumar K
3. WHAT IS MOBILE
DEVICE FORENSICS?
Mobile device forensics is a branch of digital forensics
relating to recovery of digital evidence or data from a mobile
device under forensically sound conditions. The phrase
mobile device usually refers to mobile phones; however, it
can also relate to any digital device that has both internal
memory and communication ability, including PDA devices,
GPS devices and tablet computers.
13-07-2017
Suresh Kumar K
5. HISTORY
As a field of study forensic examination of mobile devices
dates from the late 1990s and early 2000s. The role of mobile
phones in crime had long been recognized by law
enforcement. With the increased availability of such devices
on the consumer market and the wider array of
communication platforms they support (e.g. email, web
browsing) demand for forensic examination grew
13-07-2017
Suresh Kumar K
6. TYPES OF EVIDENCE
• Internal memory
• Nowadays mostly flash memory consisting of NAND or
NOR types are used for mobile devices
• External memory
• External memory devices are SIM cards, SD cards
(commonly found within GPS devices as well as mobile
phones), MMC cards, CF cards, and the Memory Stick.
• Service provider logs
• Although not technically part of mobile device forensics,
the call detail records (and occasionally, text messages)
from wireless carriers often serve as "back up" evidence
obtained after the mobile phone has been seized.
13-07-2017
Suresh Kumar K
9. CONTROVERSIES
In general there exists no standard for what constitutes a
supported device in a specific product. This has led to the
situation where different vendors define a supported device
differently.
13-07-2017
Suresh Kumar K