Mobile Forensics

Mobile devices, such as Personal Digital Assistants (PDAs), Blackberry, and cell phones have become essential tools in our personal and professional lives. The capabilities of these devices are continually evolving, providing users with greater storage capacities, better Internet connectivity, and enhanced Personal Information Management (PIM) capabilities. Devices with cellular capabilities provide users with the ability to perform additional tasks such as SNS (Short Message Service) messaging, Multi-Media Messaging Service (MMS) messaging, IM (Instant Messaging), electronic mail, and Web browsing. Over time, these devices accumulate a sizeable amount of information about the owner and the activities conducted with the device, which may be of value to law enforcement or other security officials as digital evidence.

When mobile devices are involved in a crime or other incident, forensic examiners require tools that allow the proper retrieval of information present on the device and associated media. In order to meet quality standards of forensic laboratories, a foundation for establishing reference materials for tool assessment along with procedures for assessing the quality of mobile forensic tools are needed. Moreover, proper techniques from seizure to final report generation must be in place and followed to ensure quality and consistent results.

Resources

Further Reading

Guide to SIMfill Use and Development, NIST IR-7658, February 2010, Wayne Jansen, Aurelien Delaitre.

Mobile Forensic Reference Materials: A Methodology and Reification, NIST IR-7617, October 2009, Wayne Jansen, Aurélien Delaitre.

Forensic Protocol Filtering of Phone Managers, International Conference on Security and Management (SAM’08), July 2008. Wayne Jansen, Aurelien Delaitre

Overcoming Impediments to Cell Phone Forensics, Hawaii International Conference on System Sciences (HICSS), January 2008. Wayne Jansen, Aurelien Delaitre, Ludovic Moenner.

Reference Material for Assessing Forensic SIM Tools, International Carnahan Conference on Security Technology, October 2007. Wayne Jansen, Aurelien Delaitre.

Guidelines on Cell Phone Forensics, SP 800-101, May 2007, Wayne Jansen, Rick Ayers.

Cell Phone Forensic Tools: An Overview and Analysis Update, NISTIR 7387, March 2007. Rick Ayers, Wayne Jansen, Ludovic Moenner, Aurelien Delaitre.

Forensic Software Tools for Cell Phone Subscriber Identity Modules, Conference on Digital Forensics, Association of Digital Forensics, Security, and Law (ADFSL), April 2006. Wayne Jansen, Rick Ayers.

Cell Phone Forensic Tools: An Overview and Analysis, NISTIR 7250, October 2005. Rick Ayers, Wayne Jansen, Nicolas Cilleros, Ronan Daniellou.

An Overview and Analysis of PDA Forensic Tools, Digital Investigation, The International Journal of Digital Forensics and Incident Response, Volume 2, Issue 2, April 2005. Wayne Jansen, Rick Ayers.

Guidelines on PDA Forensics, SP 800-72, November 2004. Wayne Jansen, Rick Ayers.

PDA Forensic Tools: An Overview and Analysis, NISTIR 7100, August 2004. Rick Ayers, Wayne Jansen.