Prevalent Challenges in Mobile Phone Forensics
With an ever-increasing range of exquisite features and storage capacitance, mobile phones have become ubiquitous. They store a vast amount of information about those who possess them. Just as these devices have become integral parts of our lifestyle, they prove to be the source of crucial information that act as evidence in forensic investigations. There are some tools and techniques, available for this; however, there exists no such solution, which single handedly can perform the entire forensic investigation of mobile phones, thus, the challenges in mobile phone forensics are increasing at an alarming rate.
A mobile can be tied to a crime in many ways. They are:
- It can be used as a tool for communication while committing a crime.
- In a crime, it can be used as a storage device for extracting information.
- It can also contain information of a victim.
Persistent Challenges In Mobile Phone Forensics
There is no denial in the fact that mobiles/smartphones play a vital role in the investigation of a crime committed by using the device. However, it is a very difficult task accompanied with many forensic challenges, as listed below:
- Identification Of The Mobile Phone
In the process of mobile phone investigation, the first step is the identification of the phone. Keeping in mind that there are several network carriers and manufacturers, identification of the phone by mere viewing is impossible. Inspite of the fact that all the mobile operating systems, function in the same way, they greatly vary in the way they store the data, security settings, accessing rights and other settings. A single model can be marketed by the manufacturers under different names. Moreover, the Chinese phone models replicate the look several known brands but deploys different OS than the original one. Unless and until, the phone battery is removed, the investigator cannot come to know of the correct model of the software.
- Preservation Of Existing Data
Preservation of existing mobile phone data is the next step in the investigation process. It is necessary to prevent any new information, in the form of a call or a message, from being received by the acquired phone. It happens that sometimes the newly received messages may delete the older messages. Therefore, in order to prove the integrity of the data it is recommended to place the mobile phone in an isolated and wireless environment. There are multiple technologies, which give this kind of isolation to keep the mobile devices away from radio frequencies.
- Phone Power And Connection Establishment
One of the most crucial challenge that the investigators come across is the preservation of power of the phone. If kept in an operational mode for a longer period, its battery will eventually drain out. This may lead to the deletion of volatile data stored in the phone, thus resulting in the loss of prospect evidence. Therefore, keeping a check on the battery of phone is necessary to ensure preservation of data. However, there exists no standard for the power requirement in the mobile phones. This is because there is no standard for the cable connectors. Therefore, even if two different mobile phones may require the same voltage it is likely to happen that they do not use compatible power connectors.
- Data Protection Via Encryption & Passwords
There are a variety of security mechanism that are used on different mobile phones in order to safeguard the data stored in the phones. These mechanisms differ from manufacturers, to SIM cards, PINs and PUKs. Getting access to the data does not necessarily mean that the investigator will be able to carve out the evidence. The data stored on the mobile phones is usually encrypted using encryption algorithm. Thus, it gets difficult for the investigators to access the data without the assistance of hardware or software devices.
- Unequaled Data Formats
Let us assume that the investigator does not follow the above-mentioned challenges in a particular case. However, there still remains a barrier that can make the entire investigation useless. There does not exist a standard location or format for storing information in a mobile phone. The data can be stored at different places in different kinds of memories. Some information may be stored in the SIM card of the mobile phone while some may also be stored in its RAM (volatile memory). Also, some of the data is stored in the ROM too. Information such as contacts, text messages, emails, etc. are stored in their default file format that cannot be understood without any software.
- Selection Of Assessment Tool
The biggest challenge in mobile phone forensics that an investigator comes across and which when fulfilled ensures completion of the forensic investigation is the selection of right forensic tool. Even though there are numerous forensic tools available in the market, but the one which suits your investigation completely, sometimes is hard to find. In addition, there exists no such tool that can fulfill all the requirements of an investigation.
At times, examiners have to face lot of technical problems as well, that can prove to be fatal for an investigation. However, with right choice of procedures and presence of mind, an examiner can solve the case without any issue and overcoming the challenges in mobile phone forensics. Moreover, choice of right tool can give a right direction to your investigation and justice to the victim.