Hi,
I am currently involved in a number of investigations relating to the analysis of mobile phones etc and I think a new sub-forum dedicated to this area would be welcome. I am particularly interested in getting an idea of how many of us cross-over from time to time between computer analysis and mobile technology analysis. Also how do we collectively feel about the impact this mobile technology will have on our investigations in respect of the proprietary software employed by most of these devices. For example the "Blackberry" is a very complex device and the encryption technologies it employs makes sound forensic analysis very dificult and expensive. I have many other questions regarding this area and look forward to hearing your opinions on those put forward here.
A happy new year to you all!
Frank
Hi there, yes I am very interested in mobile phone forensics. At present we do not handle them, and my constabulary uses an outside commercial agency (at some considerable cost) to examine seized phones for evidence. I would love to learn more on mobile phones forensics, as I feel it will be huge area in the future (and save my organisation money). Many challenging issues face forensics regarding mobile phones, including legal obstacles, such as the RIP (Regulation of Investigatory Powers) Act 2000 (UK) – which covers interception of communications data. One important factor is how do we conduct an examination without switching the phone on? Can it be done? As we do not wish to intercept any calls (as this would be against RIPA). I have heard of some companies using Faraday cages to handle this type of problem.
Here is an interesting link:
and here:
I think a sub-board would come in handy, and I would contribute to the best of my ability.
Andy
I agree mobile phone analysis is a very challenging area that could become very problematic in regard to applying sound forensic protocol. Faraday cages are a really expensive system to set up and hence the cost of a standard analysis increases. The Faraday cloth/bags are really impractical to work with and can lead to actually increasing the chance of a mobile receiving a signal if the investigator plugs in a charger to charge a spent battery. However this must all be weighed up in how important it is to ensure that any data on the mobile is not overwritten by a new message or call. More modern mobiles can preserve the most relevant data if the battery is removed then replaced quickly after the original SIM card is swapped with a forensic SIM card that will not log on to a network. This analysis in conjunction with billing records will be a cost effective and effecient basic analysis of most mobile phones.
also a lab deep underground would do!
Or my local pub….reception is really bad there 🙂
you can look here
I know one tool for PDAs - WInCE, Palm, Blackberry - is Paraben PDA Seizure
for cell phones - paraben Cell Seizure, tulp2G (open source), Oxygen 2 forensic edition (freeware).
very intresting indeed.. where i am it is like a bomb shelter heh i am lucky if i can roam ANY network. does anyone have any recommendations on hardware? i want to just browse around.. everything i have seen so far seems to be an ebay collection of serial/usb interface cables and possibly nokia phone management software etc.
if the phone is sim based, wouldn't it be easier to just clone the sim and work with it from there in?
I just saw them build a faraday cage on mythbusters over the weekend that you could stand in. Just used a wooden frame and some fine mesh bronze screen. A smaller one should be very cheap to build.
what about if we gut out a massive block of lead 😉
I just saw them build a faraday cage on mythbusters over the weekend that you could stand in. Just used a wooden frame and some fine mesh bronze screen. A smaller one should be very cheap to build.
I don't think you have to go that far. They used a single layer of bronze screen and a cellphone to test it, no signal whatsoever.