Show all

Mobile Phone Investigations: Ensuring Credible Evidence

As mobile phones become an ever-increasing part of the minutiae of our lives they consequently become more and more necessary as evidence in Australian legal cases.

An article in Evidence Technology Magazine states that the number of mobile phone investigations and evidence finding their way into courtrooms has jumped tenfold over the last decade.

Despite this the phone forensics industry is still relatively small. Many investigators haven’t taken the time to properly resource and train themselves in the excavation of data beyond what the everyday phone user could gather.

Why mobile phone investigations are important

Think about how you use your mobile phone. You don’t just make calls (though call logs can be pretty useful evidence) but you also purchase products, go online, conduct searches, and chat on Facebook or SMS. Some mobile phone users download apps to look and share images like Instagram, maybe they have online dating or hook-up apps like Tinder or Grindr. There are also gambling apps, spyware apps… the list goes on. All of this software creates data that could be useful in an investigation. Such data can give amazing insight into the secret lives of an individual; their thought processes, their activities, their desires. Such evidence can be used to prove a theory, establish a motive or help investigators discover the geo location of the victim or the accused at significant times and dates.

But a mobile phone isn’t simply a piece of stand-alone technology. Instead they can be operated and altered through a system of many connected devices. This means that investigators need to ensure a device isn’t going to be wiped of evidence whilst it’s in their custody.

Best Practice for Forensic Investigators: An extract from Evidence Technology Magazine

Steve Bunting, Senior Forensic Consultant at Forward Discovery, laid out the general process of securing a mobile device from remote access to ETM in an article called ‘Best Practices in Mobile Phone Investigations’ like this:

  1. Achieve and maintain network isolation using a Faraday bag, RF-shielded box, and/or RF-shielded room.
  2. Document the device thoroughly, noting all information available. Use photography to support this written documentation.
  3. If a SIM card is in place, remove it and then read and image the SIM card. Note: If there is no SIM card in place, skip to Step 6.
  4. Clone the SIM card.
  5. With the cloned SIM card installed, do a logical extraction of the cell device with a forensic extraction and analysis tool.
  6. Note: If this is a non-SIM device, start here. Examine the extracted data from the logical examination.
  7. If supported by both the model and the tool, do a physical extraction of the cell device.
  8. View parsed data from physical extraction; this will vary greatly depending on the make and model of cell phone and the tool being used.
  9. Carve a raw image for various file types or strings of data.
  10. Report your findings

The Final Verdict – Mobile Phone Investigations and the Forensic Industry

It’s crucial forensic industry experts continue to strengthen and broaden their knowledge base when it comes to computer and mobile phone software and data restoration. Seeking advice from tech heads themselves (those making and breaking new technology aka developers and hackers) will ensure you stay steps ahead. It is important to note that if a mobile phone is to be used as evidence in court a forensics expert, like the team at Lyonswood, must perform it according to relevant legal frameworks in order for it to hold up.

We have worked in insurance, murder, suicide, employment and intellectual property cases where the data we’ve extracted has proved to be vital to the outcome of those investigations.

If you need to be certain about the facts of an event then it’s highly likely that the contents of a mobile phone can assist in that process. Contact Lyonswood Investigations and Forensic Group to discuss your matter in strict confidence.