Professionals increasingly carry data on their cell phones, including email messages, documents, videos and instant messages. Also now the financial transactions can be carried out via the mobile phone, this means that an individual can easily transfer the money from one account to another; pay the bills and much more. This information can belong to different levels of priority; i.e. from personal & confidential information to some very secret information about company deals, etc. This increases the risk of hackers who want to get at that data without your permission, to attack your mobile phone.
To extract data from a mobile phone was not an easy thing to do few years ago. However, with the advancement in the forensic science, many tools exist which help in extracting all the information from your mobile phone. Of course, there are some challenges that are faced during this process. The biggest one is that there are hundreds of models of cell phones, with manufacturers adding dozens of new ones each year. And all those models employ a wide array of BIOS versions, operating systems and software. The other nut to crack is portability.
Mobile forensic experts should always stress on the following as the main sources of evidence:
1. The subscriber,
2. The mobile station, and
3. The network
Some of the other sources for collecting evidence could be:
- Look for the SIM card which provides details regarding the name of network provider and a unique ID number printed on the surface.
- SIM contains a processor and non-volatile memory. So using a standard smart card reader and SIM access software like AgapeMobiTool, one can easily extract all the information from the mobile phone.
- Gather the contacts that are stored in the SIM. Also look out for the SMS sent and received, to get any clue.
- Check the Settings (language, date/time, tone/volume etc), stored audio recordings, images/multimedia files, executable programs (e.g. J2ME), stored calendar events, GPRS, WAP and Internet settings.
- Look out for the calls received and dialed. Even if someone deletes the entries, it can be found out as that memory location is filled with void. So issues related to evidence tampering can also be tracked.
Following these steps can help in recovering the data from mobile phones and hand held devices and can help in investigation.