Information contained in smartphones can aid criminal investigations

This post is by Soraya Harding, Module Leader for Portsmouth Online's MSc in Cyber Security and Digital Forensics

Over the last 30 years, we have seen various changes in the technology world: mobile networks, mobile phones, remote working, and cloud computing, to name just a few. 

Mobile device use is not just personal but organisational, to the point that it has become one of the core components of a business’s daily run of activities.

According to the latest GSM Intelligence report, approximately 5 billion people are unique mobile users worldwide out of the global population of 7.53 billion, representing 66% of the worldwide population. The statistics only consider individual mobile device users; however, with the impact of COVID-19 on businesses and households, mobile connections have increased to ten billion over the last year.

The current landscape shows that there are at least three mobile devices per employee in an average company. The previous year has made businesses evolve from the traditional working environment to the remote one, becoming more reliant on mobile devices, networks, and security.

The remote working environment has made it easier for data to be corrupted and changed for criminal purposes, to the extent of being stolen. Here is where mobile forensics comes into play.

What is mobile digital forensics?

Digital forensics encompasses a variety of disciplines, mobile forensics being one of them. Mobile forensics concentrates on acquiring data from mobile devices to be identified as evidence in a court of law.

There are various organisations and scenes where the data collected from mobile devices helps, such as law enforcement, military operations, stolen intellectual property, unauthorised use of business devices and many more.

There are numerous types of information residing in smartphones which aid criminal investigations; some of them are:

  • Call history (incoming, outgoing and missed calls)

  • Contact list

  • Text messages (from different applications, including multimedia)

  • Multimedia content (pictures, videos, audio including voicemail inbox and ringtones)

  • Internet content (bookmarks, history, cookies, searches, and other analytics)

  • Lists (to-do, notes, calendars)

  • Office files (documents, spreadsheets, presentations, and other created files)

  • Security data (passwords, passcodes, swipe codes, authentication credentials)

  • Network data (geolocation history, cell phone tower locations, wi-fi information)

  • System files (user dictionary, usage logs, error messages)

  • Specific apps data

  • Deleted data from all of the above if not rewritten.

Interested in career options in Cyber Security and Digital Forensics?

Find out more >

Why is mobile digital forensics growing in importance?

Collecting data with traditional methods such as searching and copying it to external devices is not enough in a forensic investigation. Mobile forensics requires specific legal and technical expertise in the forensic process, including seizure, acquisition, examination, analysis, and reporting.

The use of specialised software to extract and analyse information is necessary where mobile forensics expertise is valuable. The legal and technical aspects require substantial training and experience in historical and current cases to allow forensic investigators to give unbiased, fact-based opinions in a court of law.

With more and more devices being developed every year, more forensics software also gets updated to extract as much data as possible from digital devices.

What is XRY software?

There are various data acquisition methods, classified depending on factors such as technical expertise, longer analysis times, more forensically sound, more training required, more invasive, and the cost of the tools.

The main types of data extraction are manual, logical, hex dumping/JTAG, Chip-off, and Micro read.  Without going into detail on the technicalities of each of them, the most used is logical extraction.

XRY is a verified mobile forensics tool accepted in a court of law to perform logical and physical data acquisition from mobile devices. Still, it also includes pinpoint (non-standard phones), drone and cloud data.

XRY allows collecting data without tampering with the original, maintaining the integrity and validity of the data.

Interested in studying Cyber Security and Digital Forensics? Join our virtual Q&A on 25 August to ask your questions about doing a master's degree online with the University of Portsmouth:

Register now >

How do digital forensic specialists use XRY software?

XRY software application runs on Microsoft Windows operating systems. A mobile forensics investigator would connect the device to a workstation wire or wirelessly for the tools to recognise make and model and start the acquisition process.

Depending on the mobile device “make and model”, there are extra steps to consider; for example, if an Apple device is locked, the passcode must be retrieved first.

By law, the mobile device owner should provide the passcode to aid investigations or be charged for perverting the cause of justice.

What’s the future look like for mobile digital forensics?

Mobile forensics has grown because mobile device providers launch new models every year, sometimes making it challenging for forensics investigators to gather information.

However, mobile phones are not the only mobile devices in today's society; devices such as drones, iPods, smart cars, and even the cloud also play a role in cybercrime.

Mobile forensics is still evolving as the Internet of Things and Big Data has become a technological trend, helping digital forensics investigators to gather a vast amount of information. Mobile Forensics will continue to play a crucial role in the digital forensics field.

This post was written by Soraya Harding, Module Leader for 'Mobile Forensics: Issues and Practice', part of the University of Portsmouth's online MSc in Cyber Security and Digital Forensics.

Looking to develop a career in mobile forensic investigations? You can study the course part-time and choose from three start dates a year:

Explore the course >

Recent Posts

The benefits of CIPD accreditation for human resource managers

Whether you recruit, train and manage people directly, or develop company strategy instead, people management can be rewarding and satisfying. In a ...

university of portsmouth online Read More

Why mobile digital forensics is a growing field

Over the last 30 years, we have seen various changes in the technology world: mobile networks, mobile phones, remote working, and cloud computing, to ...

university of portsmouth online Read More

What's it like to study an MSc in Cybercrime online?

In this Q&A, current MSc Cybercrime student Zoe-Clair tells us about why she chose to study online with Portsmouth, how she thinks her degree ...

university of portsmouth online Read More