Cell Phone Forensics Analysis
Modern phones have become more portable and they possess greater capabilities, are more affordable, and offer a common communication place in our society. They are one of the most versatile pieces of technology in our society today. Used by individuals for both personal and professional purposes thus the possibilities are endless. Currently there are over three (3) billion cell phones in use around the world, (Raghav & Saxena, pars. 1 – 2). Since the inception of the cell phones they have become but an integral part of peoples lives. They hold huge amounts of data and information spanning from personal all the way to business. The emergence of smart phones on the other hand has revolutionized the whole arena of how people conduct their personal or business schedules (Ashcroft, pars. 1 – 46) i.e. they have become daily life planners; where people can schedule their activities as well as store data on the same, for they also provide a memory base.
This revolutionary tool has both its advantages and disadvantages too. In retrospect to the legal framework and investigations the cell phones have been a key determinant factor when it comes to criminal or ethical issues. Over the years, the cell phone has been a gold mine when it comes to collection and analysis of evidence; this is because a digital trail is always left once some one has used the cell phone, (Ashcroft, pars. 1 -46). This is so because every time a text is drafted, received or sent leaves a mark of evidence, every time a call is made or received it adds on the trail, also still every time one browses the internet via the cell phone there is a record left within the memory database; therefore this proves that the cell phone is at the core of any investigation.
The cell phones in this analysis refers to the personal digital assistants (PDAs) and Smart phones, since these are the most widely used communication tools both within and without the professional and social interactions.
The legal professionals and forensic agencies view the cell phone as an electronic store of information where data can be retrieved to assist in investigations, (Ayers et.al. pars. 3 – 103). This has brought about the concept of Electronically Stored Information (Murphy & Byers, pars. 116 – 120), which came to the lime light at the end of 2006, when the Amendments to the Federal Rules of Civil Procedure was enacted: this was in the regard to ESI as well as ‘E-Discovery’.
There before most forensic investigators harvested ESI from personal computers (desktops and laptops) and servers but due to technological enhancements on the cell phones, thus their antennas and restructuring of their microchips and databases within has led to the expansion of the ESI concept in retrieval of data or and information from the cell phones. This has been made possible by the similar basic set-ups and features as well as capabilities that are common among cell phones. This include: a read only memory (ROM) and random access memory (RAM), (Murphy & Byers, pars. 116 – 120). Since the cell phone has an operating system (OS) this is housed within the ROM (though by use of relevant tools it can be erased as well as reprogrammed effectively).
On the other hand the fact that digital data is fragile in that it can be erased and overwritten by use of appropriate programming tools, it makes the cell phone forensic to be complex especially because the data storage mechanisms within it, is proprietary and at the same time unique on the basis of the manufacturer, model and system. According to Raghav & Saxena (pars. 1 – 2) Smart phones are but cell phones integrated with advanced technological capabilities, and they are usually equipped with considerable memory capacities, qwerty keyboards, touch-screen functionalities, Wi-Fi capabilities, high speed data transfers and other applications that support office packages like Microsoft office and excel sheets. They are also accompanied by Mini Secure Digital cards (MiniSD) which act as memory cards for storing important or any other data as preferred by the user. This memory storage is what the forensic investors target since it is where most evidentiary data is stored, (Ayers et.al. pars. 3 – 103).
The other target is the basic set of Personal Information Management (PIM) applications that comprises of phone-books, calendar functionalities as well as the medium through which the cell phone PIM data can be synchronized with a personal computer, (Murphy & Byers, pars. 116 – 120).
The legal and forensic professionals conduct certain practices and procedures while collecting or retrieving data from the cell phones. Some of the distinct procedures include: the consideration of other types of evidence like the finger prints or DNA thus the forensics handle the cell phones procedurally so as not to tamper with the evidence, they normally turn off the cell phones so as to prevent data loss since some batteries do require network activity, and if the cell phones are to remain on they are normally interjected with chargers and without being tampered where upon transportation they are switched-off thus while on they make sure it is not on a current network for information can be distorted by use of complex technological network links and finally they are inserted into evidence bags which are then sealed to prevent or restrict access which is then followed by labeling procedures so as to maintain a chain of custody, (Ashcroft, pars. 1 – 46).
Those few basic principles offer a grasp as to how the forensics seek to handle cell phones before or during collection of evidentiary data, but because investigations vary and are distinct in uniqueness and circumstances, there is no standard approach as to how the forensic investigations in cell phones can be administered. But a guide on electronic crime scene investigation produced by the U.S. Department of Justice gives a few suggestions on the same. The guide stipulates a step by step procedure that can be generally followed while collecting evidentiary data from the cell phones. The guide starts by emphasizing on securing and evaluating the scene which involves ensuring safety of individuals and identification as well as protecting the integrity of potential evidence, it is then followed by documentation of the scene where a permanent record of digital-related and conventional evidence is created. Then after documentation the evidence is then analyzed through collection and retrieval of important and relevant information from the devices seized which are (devices and analysis report) then packaged, transported and stored this is where maintaining of custody comes into play. (Ashcroft, pars. 1 – 46)
Chain custody then becomes at the centre of the whole basis of investigation for it provides for a written account of all the individuals or persons who initially had the sole physical custody of the cell phone/ device from which the information and evidence was collected up until the final disposition, (Ashcroft, pars. 1 – 46). On the other hand the evidence is collected in a manner through which is presentable in a court of law.
Therefore in cell phone forensics the data held within the gadget is retrieved with an aim of answering the questions: who, what, where, how and why, (Ayers et.al. pars. 3 – 103). Therefore certain softwares for data retrieval are used by the forensic investigators so as to acquire ESI from the cell phone i.e. calls made and received (date, time, duration), dialed numbers, contact lists, text messages, video clips, emails, locations etc. the other important set of tool in the investigation process is the SIM (subscriber identity module) card which contains a processor as well as a non-volatile memory thus acting like a smart card, (Murphy & Byers, pars. 116 – 120).
Therefore the cell phones are but personal items that hold very important data and information (ESI) that can be very relevant in any civil or criminal investigations. Thus utilization of these simple gadgets as key tools in the forensic investigation process can give candid evidence which is presentable in a court case and may lead to fair judgments upon the plaintiff and the accused. These gadgets therefore seek to eliminate the ‘What if’ question in the court cases thus giving a good platform for the right judgment.
References
Ashcroft John. “Electronic Crime Investigation: A Guide for First Responders”. National Institute of Justice: U.S. Dept. of Justice. 2001: p 1 – 46. Web. 11 October2011 <https://www.ncjrs.gov/pdffiles1/nij/187736.pdf>
Ayers Rick, Jansen Wayne, Cilleros Nicolas & Daniellou Ronan. “Cell Phone Forensic Tools: An Overview and Analysis”. National Institute of Standards and Technology. 2005: P 3 – 103. Web. 11 October 2011 <http://csrc.nist.gov/publications/nistir/nistir-7250.pdf>
Raghav Shivankar & Saxena Kumar. “Mobile Forensics: Guidelines and Challenges in Data Preservation and Acquisition”. UPM Serdang-Malysia. 2009: p 1 – 2. Web. 11 October 2011 <http://aksitservices.co.in/Mobile_Forensics.pdf>
Murphy Justin & Byers Stephen. “White Collar Crime Report: E-Discovery”. The Bureau of National Affairs. Vol. 4, No. 4 p 116-120. 2009. Web. 11 October 2011 <http://www.crowell.com/documents/E-Discovery-in-the-Criminal-Context_Considerations-for-Company-Counsel.pdf>