Why bother using mo...
 
Notifications
Clear all

Why bother using mobile forensic tools

8 Posts
7 Users
0 Likes
671 Views
(@georgefan)
Posts: 27
Eminent Member
Topic starter
 

I'm wondering why there is market for mobile forensic tools if the service providers store everything? The authorities can directly go to service providers for evidence in legal cases and sure enough they will get everything they want no matter whether the information is deleted or not on the suspect's phone.

Especially as the storage cost of digital information becomes cheaper and cheaper(eg 1TB Seagate HDD drops to around $ 50),it is absolutely practical that service providers can store everything related to their users.Does anybody has any ideas about this?

 
Posted : 11/10/2013 9:13 am
(@trewmte)
Posts: 1877
Noble Member
 

I'm wondering why there is market for mobile forensic tools if the service providers store everything? The authorities can directly go to service providers for evidence in legal cases and sure enough they will get everything they want no matter whether the information is deleted or not on the suspect's phone.

Especially as the storage cost of digital information becomes cheaper and cheaper(eg 1TB Seagate HDD drops to around $ 50),it is absolutely practical that service providers can store everything related to their users.Does anybody has any ideas about this?

Because there is usually content recorded (phyiscally and logically) on a mobile device that is NOT stored with the operators.

Wireless and communications content stored on a device is used to identify elements in a case that can be used in the request for potential evidence that may be stored with the operator.

Wireless and communication content that is stored with an operator can be used to corroborate content found on a mobile device.

Importantly, personal or wireless and communication content on a mobile device can be used in the analysis and link to a particular person or persons and investigations to understand movement, location, association, intention/s (mens rea), action/s (actus reus) etc etc.

The issue of cost of processing data from a 1TB HDD and examination of a mobile phone are not really compared in the pursuit of investigation and evidence. A cost is considered when costing a case but not in the context you have framed your question.

It is down to the examination person or organisation which of the variety of charged and free tools out there will be included in the investigation arsenal of tools. No one tool does everything. This is another point to remember do not buy tools on the basis that they can create a production line approach of 'bang it on, bang it out' philosophy because its cheap. When you work in forensics it is about investigation and analysis and should not be about 'well we didn't get that content because our tool couldn't extract and harvest that data or we don't think its relevant because our tool didn't tell us to get the data.

 
Posted : 11/10/2013 11:22 am
(@georgefan)
Posts: 27
Eminent Member
Topic starter
 

Because there is usually content recorded (phyiscally and logically) on a mobile device that is NOT stored with the operators.
The issue of cost of processing data from a 1TB HDD and examination of a mobile phone are not really compared in the pursuit of investigation and evidence. A cost is considered when costing a case but not in the context you have framed your question.

trewmte,thanks for the reply,I thinkg the process of accessing service provider's storage is easier because it only needs a database search ,difficult point is how to get authority to access the database.
I agree with you that maybe there is something on mobile device that is not stoead in the service provider such as contacts,especially as the smartphone's era comes,a lot of stuff on the external SD card is not going to be stored in the service provider'database.Also if applications on mobile device communicate with other using WIFI but not 3G/CDMA/GSM,then there is good reason to examine the phone.

 
Posted : 12/10/2013 3:14 pm
(@astro)
Posts: 33
Eminent Member
 

I would think that accessing the data stored on a device would be necessary to prove physical possession of certain "illegal" content.

 
Posted : 12/10/2013 11:09 pm
sward6
(@sward6)
Posts: 23
Eminent Member
 

Some service providers don't retain certain data after 3 days, so it's not feasible to always rely on the service providers for evidence, especially if you get a late start and was not able to fire off a preservation letter.

 
Posted : 13/10/2013 9:17 am
(@twjolson)
Posts: 417
Honorable Member
 

I'm wondering why there is market for mobile forensic tools if the service providers store everything?

Your question is flawed in that cell service providers don't store everything. They actually record only very little. For instance, while they may store call logs for a year, they don't store any text messages (the main way people communicate now days). The ONLY place you will get text messages is via cell phone forensics.

On top of that, a service provider has no right, nor incentive, to store other things, such as facebook, twitter, kik messenger, text+, skype, and so on. You can only get at those via cell phone forensics.

 
Posted : 13/10/2013 9:53 am
(@randomaccess)
Posts: 385
Reputable Member
 

they really only store what they need for billing

not to mention theres always the legal defense of "you got this on the server, and not my clients phone. what's to say someone spoofed his phone somehow and put it there"
and i dont want to deal with that…

if you have a call charge record that shows text messages sent from a to b
and the phone contains the messages sent from a to b you can infer that the messages were sent

 
Posted : 13/10/2013 3:33 pm
aeiforensics
(@aeiforensics)
Posts: 27
Eminent Member
 

Another point to be made is data stored within specific apps. Some apps use the carrier for the transmission, but the actual data is end-to-end aka phone-to-app-server-to-phone. This type of data would not be stored by the carrier and the phone would potentially have that data.

 
Posted : 18/10/2013 11:07 pm
Share: