Why Mobile Forensics?
As of 2015, there were 377.9 million wireless subscriber connections of smartphones, feature phones, and tablets in the United States. This is equivalent to a staggering 115.7 percent of the population. When cell phones and other mobile devices are involved in investigations, important digital evidence remains within those devices just waiting to be uncovered. Mobile forensics is the service through which examiners extract and ultimately make sense of the data stored within a mobile device. Modern smart phones contain a plethora of information that could potentially be of evidentiary value including:
- Incoming, outgoing, missed call history
- Phone book or contact lists
- SMS text, application based, and multimedia messaging content
- Pictures, videos and audio files and sometimes voicemail messages
- Internet browsing history, content, cookies, search history, analytics information
- To-do lists, notes, calendar entries, ringtones
- Documents, spreadsheets, presentation files and other user created data
- Passwords, pass codes, swipe codes, user account credentials
- Historical geolocation data, cell phone tower related location data, Wi-Fi connection information
- User dictionary content
- Data from various installed apps
- System files, usage logs, error messages
- Deleted data from all of the above
Data extracted from devices during the mobile forensics process can provide investigators and attorneys with the information they need to crack a case wide open. Mobile devices go everywhere the users goes which means they can tell a story about who the user is communicating with, what they are communicating about, and where the user has been. With the mass proliferation of mobile devices in the U.S. and around the world the field of mobile forensics is providing information that was unimaginable just a decade ago, creating windows where previously there were only brick walls.
Smartphones are Microcomputers
Smartphones function as microcomputers and have the ability to contain many gigabytes of data as Electronically Stored Information (ESI). For example, smartphones with a data storage capacity of 64 gigabytes are not uncommon. If printed, 64 gigabytes would be over 33,500 reams of paper – enough to fill two semi truck trailers. The future will most certainly bring higher storage capacities, enhanced security measures, and a wide variety of proprietary operating systems, embedded file systems, applications, services, and peripherals. The Gillware Digital Forensics team works hard to stay ahead of the curve ensuring we offer the best and most comprehensive mobile forensic solutions in the industry.
Smartphones’ Forensic Challenges
Gillware Digital Forensics uses a variety of tools to provide our mobile forensics services. Off-the-shelf software tools like Cellebrite support each unique device to differing extents. Some devices are fully supported while others may not be supported at all. The problem of software support for each mobile device is further complicated by the blistering pace at which new mobile devices are flooding onto the market. Where we used to see 50 or 60 new cell phones in a given year we now see thousands. Each new model brings with it new hardware, software, operating systems, firmware, and security measures that must be first understood and then new mobile forensics solutions developed.
Beyond the mobile device itself there is constant evolution in the way smartphones are used and the types of data they store. With the popularity of smart phones, it is no longer sufficient to document only the phone book, call history, text messages, photos, calendar entries, notes and media storage areas. Because these devices are fully functioning minicomputers, they potentially contain a great deal more relevant data and metadata. The data from an ever-growing number of installed applications can contain a wealth of relevant information. Understanding how and where each application stores its data is critical to providing robust and comprehensive mobile forensics solutions.
Gillware’s Approach to Mobile Device Forensics
Gillware utilizes both industry standard mobile software forensic platforms available on the market today and solutions developed internally by Gillware engineers. Gillware leverages more than a decade of experience and hundreds of proprietary techniques and tools developed in our world-class data recovery lab. Our proprietary tools and techniques are useful in situations where the mobile device is not supported by commercial mobile forensic tools or has been tampered with or physically damaged, rendering access to data through standard interfaces impossible. Gillware specializes in recovering ESI from mobile devices regardless of their make, model, operating system or their electrical and physical condition.
Gillware engineers specialize in physically dismantling the device and accessing the raw memory chips directly using a process called chip-off extraction. We also specialize in accessing data through test connections on the device’s printed circuit board, commonly referred to as a JTAG extraction and “In-System Programming” which involves connecting directly to an eMMC or eMCP flash memory chip to obtain a full extraction of the data from the chip(s) within the mobile device. We can also read and recover data from the UFS chips found in mobile devices such as the Samsung Galaxy S7.
Gillware Digital Forensics’ president, Cindy Murphy, has many years of experience as a mobile forensics practitioner. Her expertise in mobile device forensics is highly regarded and has gained recognition for her skills in solving unique mobile forensics problems. She is personally recommended as an effective digital forensics expert by Cellebrite and maintains several other certifications and training.
We are proud to offer a full spectrum of mobile forensic services for situations ranging from the mundane to the exceedingly challenging. We persevere for our clients where others might fail.
To get started on a case, follow the link below to request an initial consultation with Gillware Digital Forensics.