Mobile Forensic Investigations

by

by Lee Reiber

Reviewed by Scar de Courcier, Forensic Focus

The subtitle of this book is A Guide to Evidence Collection, Analysis and Presentation – a grand aim considering the scope of the subject matter. ‘Mobile devices’ these days is an umbrella term covering an overwhelming amount of evidence.

However, the book does it justice. It’s an in-depth guide and one that’s unusually easy to read for something so technical.The book begins by introducing the reader to the world of mobile forensics. Several non-technical challenges are discussed in the introduction, including the fact that mobile devices are so prevalent, and also that investigators often overlook them when gathering digital evidence, especially if a computer is also present at the scene. The introduction sets the tone for the rest of the book: a good mix between technical descriptions of how to go about analysing a device, and real-world applications that would be useful for even the non-technical field investigator or scene of crime officer.

The evolution of devices in terms of storage, data and size is also discussed in this chapter, which serves to give an overview of how much and how quickly the state of the technology has changed.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

Throughout the book there are grey boxes containing real-world examples, which are written in the first person and allow the reader to understand how the elements being discussed within each chapter can be – and have been – applied to investigations. As well as providing interesting back stories, these are also useful for the novice reader who may not want to focus so much on the more technical aspects, but instead look for an idea of what the life of an investigator looks like on a day to day basis.

There is an ‘Educational Resources’ section at the end of the introductory chapter too, which gives a list of websites, forums and places to look for further information.

One aspect of mobile forensics that is often overlooked in guidebooks is how it relates to computer forensics more generally. This is an important relationship, because the distinction between forensic methods is something every investigator should have at least a passing knowledge of, and Mobile Forensic Investigations provides precisely this.

The second chapter contains a list of common misconceptions about mobile forensic examinations. Interestingly, this is broken down into misconceptions held by seasoned computer forensic examiners, and those more frequently believed by first responders. Again, this highlights the book’s usefulness to a wide range of practitioners and scenes.

Following the introductory chapters are a few sections on the basics of what to do when arriving at a scene where mobile forensic data needs to be preserved. Data seizure, storage and analysis is described in some depth, covering various different operating systems and models. While there is a limit as to how much information can be contained within a single book that comes in at just under 500 pages, Reiber does an excellent job of not missing out any important information, as well as consistently providing resources and tips for readers who want to find out more.

Of course, no mobile forensic investigation would be complete without the use of various tools. Reiber promotes a multiple tool approach to a scene, and discusses some of the popular options within chapters five and six. Alongside the pros and cons of each there are screenshots to demonstrate the abilities of the software, as well as case studies to highlight how these tools have been used in the past.

These chapters, along with chapter seven, will be particularly useful for newly formed forensic companies or individuals who are looking to begin their digital forensics careers. Each piece of software is discussed fairly in terms of effectiveness for the investigation, and chapter seven talks about how to prepare the environment for your first collection. Despite covering all the basics, however, the guidebook remains useful for the seasoned examiner as well. After all, the world of mobile forensics is labyrinthine at best; having a guide through the maze is of use to us all.

Mobile Forensic Investigations then goes on to discuss the details of how to collect data from a mobile device, followed by analysis of SIM cards and then how to analyse data from feature phones, BlackBerries, and Windows phones. This is especially useful as these are often overlooked in books about mobile forensics. The table on pages 256-257 is an excellent reference point describing the locations of critical data in various feature phones.

iOS analysis is covered in chapter 11. Although there are whole books dedicated to this subject, if you’re looking for a surprisingly in-depth overview, this is a great place to start.

Chapter twelve – Querying SQLite and Taming the Forensic Snake – wins my accolade of favourite chapter title in a digital forensics textbook. It discusses how examiners can automate the process of obtaining information from smart device file systems using custom-built SQLite queries or Python code. This is an accessibly written chapter – even if you’re new to the subject of custom-built queries, you’ll no doubt be able to follow what is required. A handy guide to Python terminology is included on page 360, and the guides to data types and additional terms will also prove useful to the less experienced examiner.

The following chapter deals with advanced Android analysis – again, a subject on which whole books have been written, but covered well in this guide. I was continually impressed throughout this book at the balance between detail and accessibility that Reiber manages to strike – not an easy line to walk!

The book’s final chapter discusses the presentation of mobile forensic data, including a section on how to become a mobile forensics expert. Further reading suggestions are once again given towards the end of the book.

On the whole, therefore, I certainly recommend Mobile Forensic Investigations as a practical, readable and highly useful guidebook for new and experienced investigators alike.

Mobile Forensic Investigations: A Guide to Evidence Collection, Analysis and Presentation is available on Amazon.

About the author

Lee has been actively involved in the digital forensic community for over 15 years as an examiner, lecturer, and author. Lee's expertise in mobile forensics has not only been recognized in US federal, state, and local courts, but around the world. Previously to his current role as COO of Oxygen Forensic, Inc., a global leader in mobile forensic software, he was the CEO of Mobile Forensics Inc. and also a law enforcement officer and investigator.

Leave a Comment

Latest Videos

Forensic Focus

Forensic Focus
Si and Desi interview Emi Polito from Amped about how to become an Amped FIVE Certified Examiner (AFCE). They discuss the exam requirements, format, timeline for certification, and Amped’s future plans. Emi explains that the certification is aimed at demonstrating competency with the Amped FIVE video analysis software after completing training. The exam consists of multiple choice questions on theory and practical exercises using the software. Emi talks about the online exam format and process for passing or failing. Emi also discusses the broader challenges many organizations face with validation and accreditation. He emphasizes Amped's commitment to developing tools that facilitate that process. The hosts reflect on the confusing accreditation landscape and Amped’s passion for improving training and certification in forensics. This episode provides an overview of Amped's new certification and perspective on challenges in the field of video forensics. Show Notes: Introducing The AFCE Certification (Amped FIVE Certified Examiner) - https://www.forensicfocus.com/news/introducing-the-afce-certification-amped-five-certified-examiner/ Video Evidence Principles With Amped Software - https://www.forensicfocus.com/podcast/video-evidence-principles-with-amped-software/ Digital Image Authenticity And Integrity With Amped Authenticate - https://www.forensicfocus.com/podcast/digital-image-authenticity-and-integrity-with-amped-authenticate/ File Analysis And DVR Conversion Training From Amped Software - https://www.forensicfocus.com/reviews/file-analysis-and-dvr-conversion-training-from-amped-software/ Amped FIVE Speed Estimation 2d Filter And Training From Amped Software - https://www.forensicfocus.com/reviews/amped-five-speed-estimation-2d-filter-and-training-from-amped-software/ Amped Software’s Martino Jerian on Key Challenges and Opportunities for Video Evidence - https://www.forensicfocus.com/podcast/amped-softwares-martino-jerian-on-key-challenges-and-opportunities-for-video-evidence/ LEVA 2023 Training Symposium - https://www.leva.org/ Forensic Collision Investigation & Reconstruction Ltd - https://www.fcir.co.uk/ Amped FIVE Certified Examiner - https://ampedsoftware.com/afce-certification Introducing the Amped FIVE Certification Program - https://blog.ampedsoftware.com/2023/10/04/introducing-the-amped-five-certification-program Amped Software YouTube - https://www.youtube.com/ampedsoftware How to Use the Validation Tool in Amped FIVE - https://blog.ampedsoftware.com/2023/03/29/how-to-use-the-validation-tool-in-amped-five

Si and Desi interview Emi Polito from Amped about how to become an Amped FIVE Certified Examiner (AFCE). They discuss the exam requirements, format, timeline for certification, and Amped’s future plans. Emi explains that the certification is aimed at demonstrating competency with the Amped FIVE video analysis software after completing training. The exam consists of multiple choice questions on theory and practical exercises using the software. Emi talks about the online exam format and process for passing or failing.

Emi also discusses the broader challenges many organizations face with validation and accreditation. He emphasizes Amped's commitment to developing tools that facilitate that process. The hosts reflect on the confusing accreditation landscape and Amped’s passion for improving training and certification in forensics. This episode provides an overview of Amped's new certification and perspective on challenges in the field of video forensics.

Show Notes:

Introducing The AFCE Certification (Amped FIVE Certified Examiner) - https://www.forensicfocus.com/news/introducing-the-afce-certification-amped-five-certified-examiner/

Video Evidence Principles With Amped Software - https://www.forensicfocus.com/podcast/video-evidence-principles-with-amped-software/

Digital Image Authenticity And Integrity With Amped Authenticate - https://www.forensicfocus.com/podcast/digital-image-authenticity-and-integrity-with-amped-authenticate/

File Analysis And DVR Conversion Training From Amped Software - https://www.forensicfocus.com/reviews/file-analysis-and-dvr-conversion-training-from-amped-software/

Amped FIVE Speed Estimation 2d Filter And Training From Amped Software - https://www.forensicfocus.com/reviews/amped-five-speed-estimation-2d-filter-and-training-from-amped-software/

Amped Software’s Martino Jerian on Key Challenges and Opportunities for Video Evidence - https://www.forensicfocus.com/podcast/amped-softwares-martino-jerian-on-key-challenges-and-opportunities-for-video-evidence/

LEVA 2023 Training Symposium - https://www.leva.org/

Forensic Collision Investigation & Reconstruction Ltd - https://www.fcir.co.uk/

Amped FIVE Certified Examiner - https://ampedsoftware.com/afce-certification

Introducing the Amped FIVE Certification Program - https://blog.ampedsoftware.com/2023/10/04/introducing-the-amped-five-certification-program

Amped Software YouTube - https://www.youtube.com/ampedsoftware
How to Use the Validation Tool in Amped FIVE - https://blog.ampedsoftware.com/2023/03/29/how-to-use-the-validation-tool-in-amped-five

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_VKk-mhlae1c

Becoming An Amped FIVE Certified Examiner (AFCE)

Forensic Focus 1st December 2023 4:25 pm

Subscribe to the Forensic Focus Podcast: https://www.forensicfocus.com/podcast/ Si and Desi are joined by Brittany and Ailsa from digital forensics software company ADF Solutions. They discuss how ADF is addressing key challenges for digital forensics practitioners, including handling the massive volumes of data from mobile devices and the cloud. The guests outline ADF's focus on developing their software as an easy-to-use onsite triage tool that can help quickly identify pertinent evidence. Key features include advanced handling of video files, AI-assisted classification of images, and new screen recording capabilities for mobile devices that allow suspects to safely share relevant data. The hosts and guests also explore ADF's ongoing research into areas like facial recognition, handling new device types like games consoles and smart watches, and identifying deepfake media. 00:00 – Introduction to Ailsa and Brittany 03:00 – The challenge of vast amounts of data 05:50 – Recovering data from Chromebooks 08:50 – Triaging using ADF tools 12:30 – Benefits of using ADF Solutions’ tools 15:50 – Limitations in types of apps 17:20 – Keeping up with technological advancements 19:15 – ADF customer base 21:00 - Artificial intelligence in classifying images 30:00 – ADF Solutions’ triaging kit 37:00 – Training with ADF 40:00 – Target user 44:50 – Roadmap of future devices to examine 51:30 – Main focus for ADF Solutions going forwards Show Notes: AI-generated CSAM article on Sky News - https://news.sky.com/story/thousands-of-ai-generated-child-abuse-images-being-shared-online-research-finds-12991727

Subscribe to the Forensic Focus Podcast: https://www.forensicfocus.com/podcast/

Si and Desi are joined by Brittany and Ailsa from digital forensics software company ADF Solutions. They discuss how ADF is addressing key challenges for digital forensics practitioners, including handling the massive volumes of data from mobile devices and the cloud.

The guests outline ADF's focus on developing their software as an easy-to-use onsite triage tool that can help quickly identify pertinent evidence. Key features include advanced handling of video files, AI-assisted classification of images, and new screen recording capabilities for mobile devices that allow suspects to safely share relevant data.

The hosts and guests also explore ADF's ongoing research into areas like facial recognition, handling new device types like games consoles and smart watches, and identifying deepfake media.

00:00 – Introduction to Ailsa and Brittany
03:00 – The challenge of vast amounts of data
05:50 – Recovering data from Chromebooks
08:50 – Triaging using ADF tools
12:30 – Benefits of using ADF Solutions’ tools
15:50 – Limitations in types of apps
17:20 – Keeping up with technological advancements
19:15 – ADF customer base
21:00 - Artificial intelligence in classifying images
30:00 – ADF Solutions’ triaging kit
37:00 – Training with ADF
40:00 – Target user
44:50 – Roadmap of future devices to examine
51:30 – Main focus for ADF Solutions going forwards

Show Notes:
AI-generated CSAM article on Sky News - https://news.sky.com/story/thousands-of-ai-generated-child-abuse-images-being-shared-online-research-finds-12991727

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_4z-EgH54KZk

The Power Of Digital Forensics: How ADF Solutions Is Revolutionizing The Digital Forensics Industry

Forensic Focus 30th November 2023 2:57 pm

Si and Desi talk to Gavin Prue and Selim Kang about their non-traditional paths into cybersecurity careers. They share their diverse educational backgrounds, from vocational college courses to returning to school later in life, and the hands-on training that helped prepare them for incident response roles. Gavin and Selim provide advice for aspiring cybersecurity professionals on the importance of networking, asking questions, having a positive attitude, and being willing to put in extra time learning new skills. They discuss the value of university degrees versus certifications, the pros and cons of accredited cybersecurity programs, and the need for continued education in this rapidly evolving field. Whether starting from scratch or changing careers, their stories demonstrate that resilience and motivation can overcome lack of formal qualifications.

Si and Desi talk to Gavin Prue and Selim Kang about their non-traditional paths into cybersecurity careers. They share their diverse educational backgrounds, from vocational college courses to returning to school later in life, and the hands-on training that helped prepare them for incident response roles.

Gavin and Selim provide advice for aspiring cybersecurity professionals on the importance of networking, asking questions, having a positive attitude, and being willing to put in extra time learning new skills. They discuss the value of university degrees versus certifications, the pros and cons of accredited cybersecurity programs, and the need for continued education in this rapidly evolving field. Whether starting from scratch or changing careers, their stories demonstrate that resilience and motivation can overcome lack of formal qualifications.

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_eFAnfQtuRI8

Hacking Your Future: Education Choices For A Cybersecurity Career

Forensic Focus 29th November 2023 2:43 pm

Load More... Subscribe
This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Experience The Power Of Binalyze AIR, Live At Black Hat Europe
News

Experience The Power Of Binalyze AIR, Live At Black Hat Europe

ByBinalyzeDec 4, 2023
The Power Of Digital Forensics: How ADF Solutions Is Revolutionizing The Digital Forensics Industry
Podcast

The Power Of Digital Forensics: How ADF Solutions Is Revolutionizing The Digital Forensics Industry

ByForensic FocusNov 30, 2023
Digital Forensics Round-Up, November 30 2023
News

Digital Forensics Round-Up, November 30 2023

ByForensic FocusNov 30, 2023
Turning The Tide Against Wildlife Crime With Detego Global’s Cutting-Edge Digital Forensics Tools
News

Turning The Tide Against Wildlife Crime With Detego Global’s Cutting-Edge Digital Forensics Tools

ByDetego Digital ForensicsNov 30, 2023
Hacking Your Future: Education Choices For A Cybersecurity Career
Podcast

Hacking Your Future: Education Choices For A Cybersecurity Career

ByForensic FocusNov 29, 2023
Becoming An Amped FIVE Certified Examiner (AFCE)
Podcast

Becoming An Amped FIVE Certified Examiner (AFCE)

ByForensic FocusNov 29, 2023