Why is mobile forensics important?
While technology gets wider and wider and its usage becomes all over the globe, the need for understanding different forms of technology and their effects on our daily lives becomes extremely important in the meantime. Since data becomes more significant and allocated space to store such immense amount of data gets more substantial as well, analyzing such data and making sense out of it becomes an important issue to understand and grasp so correctly.
Nowadays, mobile forensics has become one of the most critical parts of an investigation process searching for the evidence. But why is that? Let’s take yourself as an example, and you definitely use your mobile device to make calls, browse the internet, send messages, play music, create notes, and get help through navigation. All of such data is very valuable when it comes to an investigation procedure.
For all who strives to become professionals in the field, several notions need to be very well understood and complied with before hands. Some of them relate to digital forensics in general, and some others refer to the technique in which data should be acquired and utilized.
What is digital forensics in the first place?
Maybe you have heard of forensics in some field of science even if you are pretty new to the area of computer security. It is fundamentally no different in concept from investigating and recovering the material found in digital devices. In fact, it includes all such devices that contain numeric data stored or processed on them.
Although such notion of forensics is often referred to when talking of a crime or a similar incident, it is very essential for corporates whether they are private or public organizations. During such process of forensics, data are captured and then analyzed in order to produce a report summarizing any detected attack or discovered evidence.
There are plenty of sub-domains underlined by the digital forensics term. According to which type of devices are to be investigated or utilized, the sort of digital forensics specialized for it varies as well. There are those types which are called: computer forensics, network forensics, forensic data analysis and mobile device forensics. In this article, our primary focus will inherently entitle the part of mobile forensics.
How to collect data professionally from a mobile phone?
There are several points to take care of when performing a collection of a mobile device. Of these points, there are the following important points to think about while collecting it:
- The location from where you received the mobile device should be noted and memorized very A suggestion to do so is to depend on a camera to take a photo of the location of the phone and the phone itself before starting to do anything related to the investigation process.
- The status of a device has to get noticed as well. In other words, it is always advisable to know whether the phone is powered on or off. Also, the battery level should also be checked, and of course the network status whether the phone is connected to an internet connection or it is just offline. The status of the screen lock should also get checked because it could be locked or not.
- The SIM package should be investigated such that any existing cables could be detected.
How to Preserve the evidence now?
Now comes one of the most important steps when it comes to mobile forensics. It is, in fact, the preservation of evidence. Evidence has to get maintained whilst performing the investigation. The next steps aim to clarify the process of preserving evidence of mobile forensics:
- Kindly note that data could simply get removed or deleted by an attacker through a remote access or connection. In the meanwhile, currently existing data could get overwritten by such an attacker. For the sake of avoiding being in such hassle. You should isolate the phone from any connection to any type of networks:
- Remove the SIM card to make sure that no connection through network provider is established.
- Get the phone into the Airplane mode where connections are forbidden.
- Make use of what is referred to as Faraday’s bag or jammer. Such bag is intended to protect a device and isolate it from RF for the purposes of such forensics.
- Pay attention to maintain the chain of Custody. But what is the chain of Custody in the first place? To elaborate on this, you should know that the process of digital forensics witnesses several stages starting from the stage of collection explained before, and ending with the stage of presenting the results in a comprehensively understandable manner.
All of such stages could be saved and recorded. These records are thereby maintained inside a document named the chain of Custody. What details should be included in such report then? Basically the serial number, number of the case, and the number of the locker. In addition to that, the name of the investigator performing the forensics process, and the time and date of every stage or step should all be documented for further references. It is also important to record the details of evidence transportation because this allows for keeping track of the digital evidence.
- Make use of the method of hashing. This is an excellent means of getting the integrity of the evidence proved and clearly shown. Two of the most commonly used hashing types are MD5 or SHA; they are in fact utilized for the sake of getting the values of the hashed evidence calculated and retrieved.
One of the good points to make a note of is that forensics always make some alterations on mobile devices, making it impossible to have the phone on the same exact status after collecting the data. Nevertheless, extracted data could get its hash values calculated through making use of logical extraction of the data. Or physical removal could get applied towards the image of the file.
Try Certified Ethical Hacker for FREE!!!– https://infosecaddicts.com/course/certified-ethical-hacker-v10/