SlideShare a Scribd company logo

Mobile Device Forensics Guide

A
ArthyR3

Cyber Forensics - Unit V

Engineering
1 of 8
Download to read offline
DEPARTMENT OF INFORMATION TECHNOLOGY Subject Code : CS6004 Staff Name : R. Arthy, AP/IT Subject Name: Cyber Forensics Class : IV IT Prepared by: R. Arthy, AP/IT CELL PHONE AND MOBILE DEVICES FORENSICS I. Understanding Mobile Device Forensics  People store a wealth of information on cell phones, and the thought of losing your cell phone and, therefore, the information stored on it can be a frightening prospect.  Despite this concern, not many people think about securing their cell phones, although they routinely lock and secure laptops or desktops.  Depending on your phone’s model, the following items might be stored on it: o Incoming, outgoing, and missed calls o Text and Short Message Service (SMS) messages o E-mail o Instant messaging (IM) logs o Web pages o Pictures o Personal calendars o Address books o Music files o Voice recordings  Despite the usefulness of these devices in providing clues for investigations, investigating cell phones and mobile devices is one of the most challenging tasks in digital forensics.  No single standard exists for how and where cell phones store messages, although many phones use similar storage schemes.  In addition, new phones come out about every six months, and they’re rarely compatible with previous models.  Therefore, the cables and accessories you have might become obsolete in a short time. Mobile Phone Basics
 Since the 1970s, when Motorola introduced cell phones, mobile phone technology has advanced rapidly.  Gone are the days of two-pound cell phones that only the wealthy could afford.  In the past 40 years, mobile phone technology has developed far beyond what the inventors could have imagined.  Up to the end of 2008, there have been three generations of mobile phones: analog, digital personal communications service (PCS), and third-generation (3G).  3G offers increased bandwidth, compared with the other technologies: o 384 Kps for pedestrian use o 128 Kbps in a moving vehicle o 2 Mbps in fixed locations, such as office buildings  4G networks can use the following technologies: o Orthogonal Frequency Division Multiplexing (OFDM)—The Orthogonal Frequency o Division Multiplexing (OFDM) technology uses radio waves broadcast over different frequencies, uses power more efficiently, and is more immune to interference.
o Mobile WiMAX—This technology uses the IEEE 802.16e standard and Orthogonal Frequency Division Multiple Access (OFDMA) and is expected to support transmission speeds of 12Mbps. Sprint has chosen this technology for its 4G network, although some argue it’s not true 4G. o Ultra Mobile Broadband (UTMS)—Also known as CDMA2000 EV-DO, this technology is expected to be used by CDMA network providers to switch to 4G and support transmission speeds of 100 Mbps. o Multiple Input Multiple Output (MIMO)—This technology, developed by Airgo and acquired by Qualcomm, is expected to support transmission speeds of 312 Mbps. o Long Term Evolution (LTE)—This technology, designed for GSM and UMTS  Although digital networks use different technologies, they operate on the same basic principles. Basically, geographical areas are divided into cells resembling honeycombs.  As described in NIST SP 800-101 (mentioned earlier in this section), three main components are used for communication with these cells:  Base transceiver station (BTS)—This component is made up of radio transceiver equipment that defines cells and communicates with mobile phones; it’s sometimes referred to as a cell phone tower, although the tower is only one part of the BTS equipment.  Base station controller (BSC)—This combination of hardware and software manages BTSs and assigns channels by connecting to the mobile switching center.  Mobile switching center (MSC)—This component connects calls by routing digital packets for the network and relies on a database to support subscribers. This central database contains account data, location data, and other key information needed during an investigation. If you have to retrieve information from a carrier’s central database, you usually need a warrant or subpoena. Inside Mobile Devices  Mobile devices can range from simple phones to small computers, also called smart phones.  The hardware consists of a microprocessor, ROM, RAM, a digital signal processor, a radio module, a microphone and speaker, hardware interfaces (such as keypads, cameras, and GPS devices), and an LCD display.
 Many have removable memory cards, and Bluetooth and Wi-Fi are now included in some mobile devices, too.  Most basic phones have a proprietary OS, although smart phones use the same OSs as PCs (or stripped-down versions of them).  These OSs include Linux, Windows Mobile, RIM OS, Palm OS, Symbian OS, and, with the introduction of the Apple iPhone, a version of Mac OS X.  Typically, phones store system data in electronically erasable programmable read only memory (EEPROM), which enables service providers to reprogram phones without having to access memory chips physically.  SIM Cards Subscriber identity module (SIM) cards are found most commonly in GSM devices and consist of a microprocessor and 16 KB to 4 MB EEPROM. There are also high-capacity, high-density, super, and mega SIM cards that boast as high as 1 GB EEPROM. SIM cards are similar to standard memory cards, except the connectors are aligned differently.  The SIM card is necessary for the ME to work and serves these additional purposes: o Identifies the subscriber to the network o Stores personal information o Stores address books and messages o Stores service-related information  SIM cards come in two sizes, but the most common is the size of a standard U.S. postage stamp and about 0.75 mm thick. Portability of information is what makes SIM cards so versatile.  By switching a SIM card between compatible phones, users can move their information to another phone automatically without having to notify the service provider. Inside PDAs  Personal digital assistants (PDAs) can still be found as separate devices from mobile phones.  Most users carry them instead of a laptop to keep track of appointments, deadlines, address books, and so forth. Palm Pilot and Microsoft Pocket PC were popular models when PDAs came on the market in the 1990s, and standalone PDAs are still made by companies such as Palm, Sharp, and HP.  A number of peripheral memory cards are used with PDAs:
o Compact Flash (CF)—CF cards are used for extra storage and work much the same way as PCMCIA cards. o MultiMedia Card (MMC)—MMC cards are designed for mobile phones, but they can be used with PDAs to provide another storage area. o Secure Digital (SD)—SD cards are similar to MMCs but have added security features to protect data. II. Understanding Acquisition Procedures for Cell Phones and Mobile Devices  All mobile devices have volatile memory, so making sure they don’t lose power before you can retrieve RAM data is critical.  At the investigation scene, determine whether the device is on or off. If it’s off, leave it off, but find the recharger and attach it as soon as possible.  If the device is on, check the LCD display for the battery’s current charge level. Because mobile devices are often designed to synchronize with applications on a user’s PC, any mobile device attached to a PC via a cable or cradle/docking station should be disconnected from the PC immediately.  The alternative is to isolate the device from incoming signals with one of the following options: o Place the device in a paint can, preferably one that previously contained radio wave blocking paint. o Use the Paraben Wireless StrongHold Bag, which conforms to Faraday wire cage standards. o Use eight layers of antistatic bags (for example, the bags that new hard drives are wrapped in) to block the signal.  When you’re back in the forensics lab, you need to assess what can be retrieved. Knowing where information is stored is critical. You should check these four areas: o The internal memory o The SIM card o Any removable or external memory cards o The system server  Memory storage on a mobile device is usually implemented as a combination of volatile and nonvolatile memory.  Volatile memory requires power to maintain its contents, but nonvolatile memory does not.
 Although the specific locations of data vary from one phone model to the next, volatile memory usually contains data that changes frequently, such as missed calls, text messages, and sometimes even user files.  Nonvolatile memory, on the other hand, contains OS files and stored user data, such as a personal information manager (PIM) and backed-up files.  You can retrieve quite a bit of data from a SIM card. The information that can be retrieved falls into four categories: o Service-related data, such as identifiers for the SIM card and subscriber o Call data, such as numbers dialed o Message information o Location information Mobile Forensics Equipment  Mobile forensics is such a new science that many of the items you’re accustomed to retrieving from computers, such as deleted files, aren’t available on mobile devices.  The biggest challenge is dealing with constantly changing models of cell phones. This section gives you an overview of procedures for working with mobile forensics software, and specific tools are discussed in the following sections.  The first step is identifying the mobile device. Most users don’t alter their devices, but some file off serial numbers, change the display to show misleading data, and so on.
 When attempting to identify a phone, you can make use of several online sources, such as www. cellphoneshop.com, www.phonescoop.com, and www.mobileforensicscentral.com.  The next step is to attach the phone to its power supply and connect the correct cables.  Often you have to rig cables to connect to devices because cables for the model you’re investigating are not available. U.S. companies usually don’t supply cables for phones not commonly used in the United States, but the reverse is true for companies based in Europe.  Some vendors have toolkits with an array of cables you can use (discussed later in ―Mobile Forensics Tools‖).  After you’ve connected the device, start the forensics program and begin downloading the available information. SIM Card Readers  SIM Card Readers With GSM phones and many newer models of mobile devices, the next step is accessing the SIM card, which you can do by using a combination hardware/ software device called a SIM card reader.  The general procedure is as follows: 1. Remove the back panel of the device. 2. Remove the battery. 3. Under the battery, remove the SIM card from its holder. 4. Insert the SIM card into the card reader, which you insert into your forensic workstation’s USB port. iPhone Forensics  iPhone Forensics Because the iPhone is so popular, its features are copied in many other mobile devices. The wealth of information that can be stored on this device makes iPhone forensics particularly challenging.  At first, many researchers and hackers tried to find a way to ―crack‖ the iPhone but were unsuccessful because the device is practically impenetrable.  A more fruitful approach was hacking backup files. However, this method does have limitations: You can access only files included in a standard backup, so deleted files, for example, can’t be accessed. Mobile Forensics Tools
 Mobile Forensics Tools Paraben Software (www.paraben.com), a leader in mobile forensics software, offers several tools, including Device Seizure, used to acquire data from a variety of phone models.  Paraben also has the Device Seizure Toolbox containing assorted cables, a SIM card reader, and other equipment for mobile device investigations.  DataPilot (www.datapilot.com) has a similar collection of cables that can interface with Nokia, Motorola, Ericsson, Samsung, Audiovox, Sanyo, and others.  BitPim - Can view data on many phones, but it's not intended for forensics  MOBILedit! - Has a write-blocker  SIMCon’s features include the following: o Reads files on SIM cards o Analyzes file content, including text messages and stored numbers o Recovers deleted text messages o Manages PIN codes o Generates reports that can be used as evidence o Archives files with MD5 and SHA-1 hash values o Exports data to files that can be used in spreadsheet programs o Supports international character sets

Recommended

Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenesprimeteacher32
 
Memory forensics.pptx
Memory forensics.pptxMemory forensics.pptx
Memory forensics.pptx9905234521
 
Data Acquisition
Data AcquisitionData Acquisition
Data Acquisitionprimeteacher32
 
Linux forensics
Linux forensicsLinux forensics
Linux forensicsSantosh Khadsare
 
E mail Investigation
E mail InvestigationE mail Investigation
E mail InvestigationDr Raghu Khimani
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute forcevishalgohel12195
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - NotesKranthi
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics abdullah roomi
 

Recommended

Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenesprimeteacher32
 
Memory forensics.pptx
Memory forensics.pptxMemory forensics.pptx
Memory forensics.pptx9905234521
 
Data Acquisition
Data AcquisitionData Acquisition
Data Acquisitionprimeteacher32
 
Linux forensics
Linux forensicsLinux forensics
Linux forensicsSantosh Khadsare
 
E mail Investigation
E mail InvestigationE mail Investigation
E mail InvestigationDr Raghu Khimani
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute forcevishalgohel12195
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - NotesKranthi
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics abdullah roomi
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics OverviewYansi Keim
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - NotesKranthi
 
Anti forensic
Anti forensicAnti forensic
Anti forensicMilap Oza
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptxAmbuj Kumar
 
Digital Forensic
Digital ForensicDigital Forensic
Digital ForensicCleverence Kombe
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensicsprimeteacher32
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic toolsParsons Corporation
 
Introduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsIntroduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsMayank Chaudhari
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensicsnoorashams
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber ForensicsKathirvel Ayyaswamy
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic pptSuchita Rawat
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
Memory forensics
Memory forensicsMemory forensics
Memory forensicsSunil Kumar
 
Tracking Emails
Tracking EmailsTracking Emails
Tracking Emailsprashant3535
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensicsprimeteacher32
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
Network forensic
Network forensicNetwork forensic
Network forensicManjushree Mashal
 
Lecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptLecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptSurajgroupsvideo
 
Current Forensic Tools
Current Forensic Tools Current Forensic Tools
Current Forensic Tools Jyothishmathi Institute of Technology and Science Karimnagar
 
Mobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu KhimaniMobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu KhimaniDr Raghu Khimani
 
Gsm
Gsm Gsm
Gsm Rzgar Ali
 

More Related Content

What's hot

Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics OverviewYansi Keim
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - NotesKranthi
 
Anti forensic
Anti forensicAnti forensic
Anti forensicMilap Oza
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptxAmbuj Kumar
 
Introduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsIntroduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsMayank Chaudhari
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensicsnoorashams
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic pptSuchita Rawat
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
Memory forensics
Memory forensicsMemory forensics
Memory forensicsSunil Kumar
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
Lecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptLecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptSurajgroupsvideo
 

What's hot (20)

Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics Overview
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes
 
Anti forensic
Anti forensicAnti forensic
Anti forensic
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptx
 
Digital Forensic
Digital ForensicDigital Forensic
Digital Forensic
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensics
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic tools
 
Introduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsIntroduction to filesystems and computer forensics
Introduction to filesystems and computer forensics
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensics
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic ppt
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Memory forensics
Memory forensicsMemory forensics
Memory forensics
 
Tracking Emails
Tracking EmailsTracking Emails
Tracking Emails
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
 
Network forensic
Network forensicNetwork forensic
Network forensic
 
Lecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptLecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.ppt
 
Current Forensic Tools
Current Forensic Tools Current Forensic Tools
Current Forensic Tools
 

Similar to Mobile Device Forensics Guide

Mobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu KhimaniMobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu KhimaniDr Raghu Khimani
 
Phone works when it's off
Phone works when it's off Phone works when it's off
Phone works when it's off Belshazzar Affum
 
2 g _3g__4g..._omg_what_g_is_right_for_m2m
2 g _3g__4g..._omg_what_g_is_right_for_m2m2 g _3g__4g..._omg_what_g_is_right_for_m2m
2 g _3g__4g..._omg_what_g_is_right_for_m2mIrfan Ahmad
 
811719104102_Tamilmannavan S.pptx
811719104102_Tamilmannavan S.pptx811719104102_Tamilmannavan S.pptx
811719104102_Tamilmannavan S.pptxDEVIKAS92
 
J.-P. Seifert; Security-Aware Android Applications for the Enterprise
J.-P. Seifert; Security-Aware Android Applications for the EnterpriseJ.-P. Seifert; Security-Aware Android Applications for the Enterprise
J.-P. Seifert; Security-Aware Android Applications for the EnterpriseDroidcon Berlin
 
Mobile and SIM Forensics
Mobile and SIM ForensicsMobile and SIM Forensics
Mobile and SIM ForensicsYugal Pathak
 
a-presentation-on-wireless-communication
a-presentation-on-wireless-communication a-presentation-on-wireless-communication
a-presentation-on-wireless-communicationjhcid
 
All the 12 Payment Enabling Technologies & 54 Illustrative Companies
All the 12 Payment Enabling Technologies & 54 Illustrative CompaniesAll the 12 Payment Enabling Technologies & 54 Illustrative Companies
All the 12 Payment Enabling Technologies & 54 Illustrative CompaniesMEDICI admin
 
Silicon IP for Low Cost Smartphones
Silicon IP for Low Cost SmartphonesSilicon IP for Low Cost Smartphones
Silicon IP for Low Cost SmartphonesSam Beal
 
Mobile Computing I-Unit Notes
Mobile Computing I-Unit NotesMobile Computing I-Unit Notes
Mobile Computing I-Unit Notesgouse_1210
 
Architecture and Development of NFC Applications
Architecture and Development of NFC ApplicationsArchitecture and Development of NFC Applications
Architecture and Development of NFC ApplicationsThomas de Lazzari
 
Asifuzzaman (061846556)
Asifuzzaman (061846556)Asifuzzaman (061846556)
Asifuzzaman (061846556)mashiur
 

Similar to Mobile Device Forensics Guide (20)

Mobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu KhimaniMobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu Khimani
 
Gsm
Gsm Gsm
Gsm
 
Phone works when it's off
Phone works when it's off Phone works when it's off
Phone works when it's off
 
2 g _3g__4g..._omg_what_g_is_right_for_m2m
2 g _3g__4g..._omg_what_g_is_right_for_m2m2 g _3g__4g..._omg_what_g_is_right_for_m2m
2 g _3g__4g..._omg_what_g_is_right_for_m2m
 
pda forensics
pda forensicspda forensics
pda forensics
 
811719104102_Tamilmannavan S.pptx
811719104102_Tamilmannavan S.pptx811719104102_Tamilmannavan S.pptx
811719104102_Tamilmannavan S.pptx
 
J.-P. Seifert; Security-Aware Android Applications for the Enterprise
J.-P. Seifert; Security-Aware Android Applications for the EnterpriseJ.-P. Seifert; Security-Aware Android Applications for the Enterprise
J.-P. Seifert; Security-Aware Android Applications for the Enterprise
 
Mobile and SIM Forensics
Mobile and SIM ForensicsMobile and SIM Forensics
Mobile and SIM Forensics
 
What is an IoT terminal?
What is an IoT terminal?What is an IoT terminal?
What is an IoT terminal?
 
a-presentation-on-wireless-communication
a-presentation-on-wireless-communication a-presentation-on-wireless-communication
a-presentation-on-wireless-communication
 
All the 12 Payment Enabling Technologies & 54 Illustrative Companies
All the 12 Payment Enabling Technologies & 54 Illustrative CompaniesAll the 12 Payment Enabling Technologies & 54 Illustrative Companies
All the 12 Payment Enabling Technologies & 54 Illustrative Companies
 
3G Technology
3G Technology3G Technology
3G Technology
 
IP for Low Cost Smartphone
IP for Low Cost SmartphoneIP for Low Cost Smartphone
IP for Low Cost Smartphone
 
Silicon IP for Low Cost Smartphones
Silicon IP for Low Cost SmartphonesSilicon IP for Low Cost Smartphones
Silicon IP for Low Cost Smartphones
 
Unit 1
Unit 1Unit 1
Unit 1
 
Mobile Computing I-Unit Notes
Mobile Computing I-Unit NotesMobile Computing I-Unit Notes
Mobile Computing I-Unit Notes
 
M Commerce
M CommerceM Commerce
M Commerce
 
Architecture and Development of NFC Applications
Architecture and Development of NFC ApplicationsArchitecture and Development of NFC Applications
Architecture and Development of NFC Applications
 
MOBILE.........PPPT
MOBILE.........PPPTMOBILE.........PPPT
MOBILE.........PPPT
 
Asifuzzaman (061846556)
Asifuzzaman (061846556)Asifuzzaman (061846556)
Asifuzzaman (061846556)
 

More from ArthyR3

Unit IV Knowledge and Hybrid Recommendation System.pdf
Unit IV Knowledge and Hybrid Recommendation System.pdfUnit IV Knowledge and Hybrid Recommendation System.pdf
Unit IV Knowledge and Hybrid Recommendation System.pdfArthyR3
 
VIT336 – Recommender System - Unit 3.pdf
VIT336 – Recommender System - Unit 3.pdfVIT336 – Recommender System - Unit 3.pdf
VIT336 – Recommender System - Unit 3.pdfArthyR3
 
OOPs - JAVA Quick Reference.pdf
OOPs - JAVA Quick Reference.pdfOOPs - JAVA Quick Reference.pdf
OOPs - JAVA Quick Reference.pdfArthyR3
 
NodeJS and ExpressJS.pdf
NodeJS and ExpressJS.pdfNodeJS and ExpressJS.pdf
NodeJS and ExpressJS.pdfArthyR3
 
MongoDB.pdf
MongoDB.pdfMongoDB.pdf
MongoDB.pdfArthyR3
 
REACTJS.pdf
REACTJS.pdfREACTJS.pdf
REACTJS.pdfArthyR3
 
ANGULARJS.pdf
ANGULARJS.pdfANGULARJS.pdf
ANGULARJS.pdfArthyR3
 
JQUERY.pdf
JQUERY.pdfJQUERY.pdf
JQUERY.pdfArthyR3
 
Qb it1301
Qb it1301Qb it1301
Qb it1301ArthyR3
 
CNS - Unit v
CNS - Unit vCNS - Unit v
CNS - Unit vArthyR3
 
Cs8792 cns - unit v
Cs8792 cns - unit vCs8792 cns - unit v
Cs8792 cns - unit vArthyR3
 
Cs8792 cns - unit iv
Cs8792 cns - unit ivCs8792 cns - unit iv
Cs8792 cns - unit ivArthyR3
 
Cs8792 cns - unit iv
Cs8792 cns - unit ivCs8792 cns - unit iv
Cs8792 cns - unit ivArthyR3
 
Cs8792 cns - unit i
Cs8792 cns - unit iCs8792 cns - unit i
Cs8792 cns - unit iArthyR3
 
Java quick reference
Java quick referenceJava quick reference
Java quick referenceArthyR3
 
Cs8792 cns - Public key cryptosystem (Unit III)
Cs8792 cns - Public key cryptosystem (Unit III)Cs8792 cns - Public key cryptosystem (Unit III)
Cs8792 cns - Public key cryptosystem (Unit III)ArthyR3
 
Cryptography Workbook
Cryptography WorkbookCryptography Workbook
Cryptography WorkbookArthyR3
 
Cs6701 cryptography and network security
Cs6701 cryptography and network securityCs6701 cryptography and network security
Cs6701 cryptography and network securityArthyR3
 
Compiler question bank
Compiler question bankCompiler question bank
Compiler question bankArthyR3
 

More from ArthyR3 (20)

Unit IV Knowledge and Hybrid Recommendation System.pdf
Unit IV Knowledge and Hybrid Recommendation System.pdfUnit IV Knowledge and Hybrid Recommendation System.pdf
Unit IV Knowledge and Hybrid Recommendation System.pdf
 
VIT336 – Recommender System - Unit 3.pdf
VIT336 – Recommender System - Unit 3.pdfVIT336 – Recommender System - Unit 3.pdf
VIT336 – Recommender System - Unit 3.pdf
 
OOPs - JAVA Quick Reference.pdf
OOPs - JAVA Quick Reference.pdfOOPs - JAVA Quick Reference.pdf
OOPs - JAVA Quick Reference.pdf
 
NodeJS and ExpressJS.pdf
NodeJS and ExpressJS.pdfNodeJS and ExpressJS.pdf
NodeJS and ExpressJS.pdf
 
MongoDB.pdf
MongoDB.pdfMongoDB.pdf
MongoDB.pdf
 
REACTJS.pdf
REACTJS.pdfREACTJS.pdf
REACTJS.pdf
 
ANGULARJS.pdf
ANGULARJS.pdfANGULARJS.pdf
ANGULARJS.pdf
 
JQUERY.pdf
JQUERY.pdfJQUERY.pdf
JQUERY.pdf
 
Qb it1301
Qb it1301Qb it1301
Qb it1301
 
CNS - Unit v
CNS - Unit vCNS - Unit v
CNS - Unit v
 
Cs8792 cns - unit v
Cs8792 cns - unit vCs8792 cns - unit v
Cs8792 cns - unit v
 
Cs8792 cns - unit iv
Cs8792 cns - unit ivCs8792 cns - unit iv
Cs8792 cns - unit iv
 
Cs8792 cns - unit iv
Cs8792 cns - unit ivCs8792 cns - unit iv
Cs8792 cns - unit iv
 
Cs8792 cns - unit i
Cs8792 cns - unit iCs8792 cns - unit i
Cs8792 cns - unit i
 
Java quick reference
Java quick referenceJava quick reference
Java quick reference
 
Cs8792 cns - Public key cryptosystem (Unit III)
Cs8792 cns - Public key cryptosystem (Unit III)Cs8792 cns - Public key cryptosystem (Unit III)
Cs8792 cns - Public key cryptosystem (Unit III)
 
Cryptography Workbook
Cryptography WorkbookCryptography Workbook
Cryptography Workbook
 
Cns
CnsCns
Cns
 
Cs6701 cryptography and network security
Cs6701 cryptography and network securityCs6701 cryptography and network security
Cs6701 cryptography and network security
 
Compiler question bank
Compiler question bankCompiler question bank
Compiler question bank
 

Recently uploaded

IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfAsst.prof M.Gokilavani
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...srsj9000
 
Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Satyam Kumar
 
chaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningchaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningmisbanausheenparvam
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionDr.Costas Sachpazis
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...asadnawaz62
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)dollysharma2066
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...VICTOR MAESTRE RAMIREZ
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidNikhilNagaraju
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )Tsuyoshi Horigome
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfAsst.prof M.Gokilavani
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.eptoze12
 

Recently uploaded (20)

young call girls in Green Park🔝 9953056974 🔝 escort Service
young call girls in Green Park🔝 9953056974 🔝 escort Serviceyoung call girls in Green Park🔝 9953056974 🔝 escort Service
young call girls in Green Park🔝 9953056974 🔝 escort Service
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
 
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
 
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
 
Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .
 
chaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningchaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learning
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
 
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfid
 
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.
 

Mobile Device Forensics Guide

  • 1. DEPARTMENT OF INFORMATION TECHNOLOGY Subject Code : CS6004 Staff Name : R. Arthy, AP/IT Subject Name: Cyber Forensics Class : IV IT Prepared by: R. Arthy, AP/IT CELL PHONE AND MOBILE DEVICES FORENSICS I. Understanding Mobile Device Forensics  People store a wealth of information on cell phones, and the thought of losing your cell phone and, therefore, the information stored on it can be a frightening prospect.  Despite this concern, not many people think about securing their cell phones, although they routinely lock and secure laptops or desktops.  Depending on your phone’s model, the following items might be stored on it: o Incoming, outgoing, and missed calls o Text and Short Message Service (SMS) messages o E-mail o Instant messaging (IM) logs o Web pages o Pictures o Personal calendars o Address books o Music files o Voice recordings  Despite the usefulness of these devices in providing clues for investigations, investigating cell phones and mobile devices is one of the most challenging tasks in digital forensics.  No single standard exists for how and where cell phones store messages, although many phones use similar storage schemes.  In addition, new phones come out about every six months, and they’re rarely compatible with previous models.  Therefore, the cables and accessories you have might become obsolete in a short time. Mobile Phone Basics
  • 2.  Since the 1970s, when Motorola introduced cell phones, mobile phone technology has advanced rapidly.  Gone are the days of two-pound cell phones that only the wealthy could afford.  In the past 40 years, mobile phone technology has developed far beyond what the inventors could have imagined.  Up to the end of 2008, there have been three generations of mobile phones: analog, digital personal communications service (PCS), and third-generation (3G).  3G offers increased bandwidth, compared with the other technologies: o 384 Kps for pedestrian use o 128 Kbps in a moving vehicle o 2 Mbps in fixed locations, such as office buildings  4G networks can use the following technologies: o Orthogonal Frequency Division Multiplexing (OFDM)—The Orthogonal Frequency o Division Multiplexing (OFDM) technology uses radio waves broadcast over different frequencies, uses power more efficiently, and is more immune to interference.
  • 3. o Mobile WiMAX—This technology uses the IEEE 802.16e standard and Orthogonal Frequency Division Multiple Access (OFDMA) and is expected to support transmission speeds of 12Mbps. Sprint has chosen this technology for its 4G network, although some argue it’s not true 4G. o Ultra Mobile Broadband (UTMS)—Also known as CDMA2000 EV-DO, this technology is expected to be used by CDMA network providers to switch to 4G and support transmission speeds of 100 Mbps. o Multiple Input Multiple Output (MIMO)—This technology, developed by Airgo and acquired by Qualcomm, is expected to support transmission speeds of 312 Mbps. o Long Term Evolution (LTE)—This technology, designed for GSM and UMTS  Although digital networks use different technologies, they operate on the same basic principles. Basically, geographical areas are divided into cells resembling honeycombs.  As described in NIST SP 800-101 (mentioned earlier in this section), three main components are used for communication with these cells:  Base transceiver station (BTS)—This component is made up of radio transceiver equipment that defines cells and communicates with mobile phones; it’s sometimes referred to as a cell phone tower, although the tower is only one part of the BTS equipment.  Base station controller (BSC)—This combination of hardware and software manages BTSs and assigns channels by connecting to the mobile switching center.  Mobile switching center (MSC)—This component connects calls by routing digital packets for the network and relies on a database to support subscribers. This central database contains account data, location data, and other key information needed during an investigation. If you have to retrieve information from a carrier’s central database, you usually need a warrant or subpoena. Inside Mobile Devices  Mobile devices can range from simple phones to small computers, also called smart phones.  The hardware consists of a microprocessor, ROM, RAM, a digital signal processor, a radio module, a microphone and speaker, hardware interfaces (such as keypads, cameras, and GPS devices), and an LCD display.
  • 4.  Many have removable memory cards, and Bluetooth and Wi-Fi are now included in some mobile devices, too.  Most basic phones have a proprietary OS, although smart phones use the same OSs as PCs (or stripped-down versions of them).  These OSs include Linux, Windows Mobile, RIM OS, Palm OS, Symbian OS, and, with the introduction of the Apple iPhone, a version of Mac OS X.  Typically, phones store system data in electronically erasable programmable read only memory (EEPROM), which enables service providers to reprogram phones without having to access memory chips physically.  SIM Cards Subscriber identity module (SIM) cards are found most commonly in GSM devices and consist of a microprocessor and 16 KB to 4 MB EEPROM. There are also high-capacity, high-density, super, and mega SIM cards that boast as high as 1 GB EEPROM. SIM cards are similar to standard memory cards, except the connectors are aligned differently.  The SIM card is necessary for the ME to work and serves these additional purposes: o Identifies the subscriber to the network o Stores personal information o Stores address books and messages o Stores service-related information  SIM cards come in two sizes, but the most common is the size of a standard U.S. postage stamp and about 0.75 mm thick. Portability of information is what makes SIM cards so versatile.  By switching a SIM card between compatible phones, users can move their information to another phone automatically without having to notify the service provider. Inside PDAs  Personal digital assistants (PDAs) can still be found as separate devices from mobile phones.  Most users carry them instead of a laptop to keep track of appointments, deadlines, address books, and so forth. Palm Pilot and Microsoft Pocket PC were popular models when PDAs came on the market in the 1990s, and standalone PDAs are still made by companies such as Palm, Sharp, and HP.  A number of peripheral memory cards are used with PDAs:
  • 5. o Compact Flash (CF)—CF cards are used for extra storage and work much the same way as PCMCIA cards. o MultiMedia Card (MMC)—MMC cards are designed for mobile phones, but they can be used with PDAs to provide another storage area. o Secure Digital (SD)—SD cards are similar to MMCs but have added security features to protect data. II. Understanding Acquisition Procedures for Cell Phones and Mobile Devices  All mobile devices have volatile memory, so making sure they don’t lose power before you can retrieve RAM data is critical.  At the investigation scene, determine whether the device is on or off. If it’s off, leave it off, but find the recharger and attach it as soon as possible.  If the device is on, check the LCD display for the battery’s current charge level. Because mobile devices are often designed to synchronize with applications on a user’s PC, any mobile device attached to a PC via a cable or cradle/docking station should be disconnected from the PC immediately.  The alternative is to isolate the device from incoming signals with one of the following options: o Place the device in a paint can, preferably one that previously contained radio wave blocking paint. o Use the Paraben Wireless StrongHold Bag, which conforms to Faraday wire cage standards. o Use eight layers of antistatic bags (for example, the bags that new hard drives are wrapped in) to block the signal.  When you’re back in the forensics lab, you need to assess what can be retrieved. Knowing where information is stored is critical. You should check these four areas: o The internal memory o The SIM card o Any removable or external memory cards o The system server  Memory storage on a mobile device is usually implemented as a combination of volatile and nonvolatile memory.  Volatile memory requires power to maintain its contents, but nonvolatile memory does not.
  • 6.  Although the specific locations of data vary from one phone model to the next, volatile memory usually contains data that changes frequently, such as missed calls, text messages, and sometimes even user files.  Nonvolatile memory, on the other hand, contains OS files and stored user data, such as a personal information manager (PIM) and backed-up files.  You can retrieve quite a bit of data from a SIM card. The information that can be retrieved falls into four categories: o Service-related data, such as identifiers for the SIM card and subscriber o Call data, such as numbers dialed o Message information o Location information Mobile Forensics Equipment  Mobile forensics is such a new science that many of the items you’re accustomed to retrieving from computers, such as deleted files, aren’t available on mobile devices.  The biggest challenge is dealing with constantly changing models of cell phones. This section gives you an overview of procedures for working with mobile forensics software, and specific tools are discussed in the following sections.  The first step is identifying the mobile device. Most users don’t alter their devices, but some file off serial numbers, change the display to show misleading data, and so on.
  • 7.  When attempting to identify a phone, you can make use of several online sources, such as www. cellphoneshop.com, www.phonescoop.com, and www.mobileforensicscentral.com.  The next step is to attach the phone to its power supply and connect the correct cables.  Often you have to rig cables to connect to devices because cables for the model you’re investigating are not available. U.S. companies usually don’t supply cables for phones not commonly used in the United States, but the reverse is true for companies based in Europe.  Some vendors have toolkits with an array of cables you can use (discussed later in ―Mobile Forensics Tools‖).  After you’ve connected the device, start the forensics program and begin downloading the available information. SIM Card Readers  SIM Card Readers With GSM phones and many newer models of mobile devices, the next step is accessing the SIM card, which you can do by using a combination hardware/ software device called a SIM card reader.  The general procedure is as follows: 1. Remove the back panel of the device. 2. Remove the battery. 3. Under the battery, remove the SIM card from its holder. 4. Insert the SIM card into the card reader, which you insert into your forensic workstation’s USB port. iPhone Forensics  iPhone Forensics Because the iPhone is so popular, its features are copied in many other mobile devices. The wealth of information that can be stored on this device makes iPhone forensics particularly challenging.  At first, many researchers and hackers tried to find a way to ―crack‖ the iPhone but were unsuccessful because the device is practically impenetrable.  A more fruitful approach was hacking backup files. However, this method does have limitations: You can access only files included in a standard backup, so deleted files, for example, can’t be accessed. Mobile Forensics Tools
  • 8.  Mobile Forensics Tools Paraben Software (www.paraben.com), a leader in mobile forensics software, offers several tools, including Device Seizure, used to acquire data from a variety of phone models.  Paraben also has the Device Seizure Toolbox containing assorted cables, a SIM card reader, and other equipment for mobile device investigations.  DataPilot (www.datapilot.com) has a similar collection of cables that can interface with Nokia, Motorola, Ericsson, Samsung, Audiovox, Sanyo, and others.  BitPim - Can view data on many phones, but it's not intended for forensics  MOBILedit! - Has a write-blocker  SIMCon’s features include the following: o Reads files on SIM cards o Analyzes file content, including text messages and stored numbers o Recovers deleted text messages o Manages PIN codes o Generates reports that can be used as evidence o Archives files with MD5 and SHA-1 hash values o Exports data to files that can be used in spreadsheet programs o Supports international character sets