2. What would you do if presented with an exhibit bag containing a mobile phone (which cannot be fully accessed without a SIM Card) and a SIM Card (which was not inserted and may/may not be associated with the device) separately and what could the affects be if the SIM Card was inserted into the mobile phone?
3. What methods could be applied to prevent network connection to a device?
4. If a device was not seized in the correct manner (e.g. a battery was removed) what could be affected on the device in question? or if the device was turned on/activated with a memory card inserted, what would the affects be?
5. If the connection port is damaged/missing, what would you do? what alternatives methods could be used to obtain the notable data?
6. What data extraction method would you apply if the points to prove for the case was focused on obtaining deleted data? what alternative methods could you use to carve for deleted pictures files etc?
2. Software's such as UFED 4PC can extract devices that require a sim card without the sim card being put into the device, in which sometimes a physical, file-system and even logical extraction is possible. Sometimes, you can even get an extraction using Bluetooth using UFED.
If none of these is at your disposal then continue reading.
3. Farday bags can prevent network connection, but I'm not sure if you can then access the device because it would have to be sealed, then there's these things,
http//
http//
gotta loveee technology these days eh. This way you can manually look at the data and report what you see in an evidential manner.
4. It depends, usually battery removal doesn't do anything, unless something was being done at that time with the phone, so let's say a file transfer to something else, in which you may lose to who and what was being transferred, other than that not such a big deal.
If a memory card is inserted, you have to know if it is the device owner's card or not, or you you will be confused in to who it belongs to, which can lead to a wrong investigation, BUT if it is the target's phone's memory card, then all round better for you since, you are now capable of retrieving more data, because in most cases, a memory card would be used for the transfer of some sort of data. This can later be ripped, by either using FTK to get an E01 file which would be the best thing to do, to make sure you get the most out of the memory card.
5. If the connection port is damaged, and you have no experience in repairing or replacing it then if you're allowed go to a mobile phone repair shop and request to repair the connection port.
Now, a VERY advanced method of obtaining data would be JTAG or Chip off, which would require you to attach specific cables to specific area's of the device's board, to retrieve a full on Physical Dump of the phone, which can be later parsed using commercial software out there, some of the best would be Magnet IEF / Axiom, you can even get some free software out there but it would require a lot of work to get through.
6. Mainly, physical extractions have the best amount of data, new and deleted on there, since it's an image file of the entire device, whence carved, it brings back a whole lot of good stuff. A File System Extraction would also be decent. If you were to recover SD card data, then as I said an FTK E01 would be enough for the job. If it is the device and you want to recover content on there, then software's such as UFED 4PC is needed, or would do the best for the job!
Hope I could be of any help, UFED 4PC which is made by Cellebrite, does an outstanding job of ripping all sort of smartphone's, so personally I just rely on that to get the job done when it comes to phones…