Hey guys,
I recently went to an interview and one of the tests was note taking, each of us was given a mobile device and was told to 'conduct an investigation'. We couldn't use software so therefore had to examine it the old way.
I did the following
1. Wrote down the condition of the phone,
2. Took the battery out and wrote down serial numbers
3. Put the battery back in
4. Turned on the phone
I'm guessing I shouldn't of done step 2 before step 4 been completed? Why - well when I turned the phone back on it had forgotten its date and time. I left these values has default 1997 … and noted what had happend.
Am I right doing it the way I did? I'd like to know for future tests.
Greetings,
This sounds similar to the initial steps I perform when acquiring an image of a computer system.
1) Document the system in words and photographs.
2) Note any external serial numbers.
3) Boot the system into the BIOS to get date, time and configuration information. Document in writing and in photographs.
4) Remove the battery.
5) Pull the hard drive and document it as I did the system.
With a phone, if you "boot into BIOS" you're also connecting to the cell network and thus allowing the phone to change, so you might want to add as step #1 "Isolate the phone from the network."
The people who do this sort of exam every day will have better input than mine.
-David
I think it was more of a 'note taking' exercise. No methods were given has to disabling the phone from contacting the cell network. Having asked them about it, I was told in the 'old days' that you would video the 'turning on part of the phone' and that would provide sufficient evidence in court. Nowadays though its completely different. Or so my course has taught me.
