Essential Guidelines On Mobile Device Forensics

Mobile device forensics refers to the science of trying to recover digital evidence from smartphone or any mobile device. It is normally carried out under special conditions that do not interfere with investigations by using approved methods. In this guideline, you will acquire a deeper understanding about this fast growing specialty, technologies and procedures used as well as their relationship. Basic procedures discussed include acquisition, validation, preservation, examination, reporting as well as analysis of digital information from mobile devices.


To begin with, you need to have thorough knowledge about software characteristics of various mobile devices. Know the kind of operating system they use, the messaging system and numerous other applications that can have important information to help in the investigation.

You need to know the memory characteristics of mobile devices. Retrieving information from RAM is quite challenging because information is stored temporarily. But with appropriate technology, this is possible.

You should also be aware of various forensic tools available today e.g commercial and open source. They help to collect information from the internal memory of handsets or SIM cards without altering data.

There are various methods which are used to extract data from mobile devices during forensic investigation. These are discussed here.

Firstly, we have what we call manual extraction. This is where information is obtained from a mobile device by manually viewing the contents displayed on LCD or any other display unit. Forensic examiners will manipulate the keyboard, touch screen and button to get precisely the information they want. It is the most commonly used method in most investigations.

Secondly, we have logical extraction. In this method, forensic investigators connect the mobile device to their work station through wired or wireless network such as Bluetooth and WiFi. This enables them to access information from the phone and transfer it to their work station.

The third method is chip extraction. It involves acquiring data directly from the flash memory of mobile devices. In fact, the flash memory is physically removed from the phone to get the required information.

The fourth method is called micro-read. It is one of the most advanced methods used in serious cases especially when there is a national crisis. Physical observation is recorded on NOR or NAND chip by using an electron microscope.

It is advisable to disconnect network so as to prevent any incoming form of communication e.g text, calls e.t.c that may change or alter the state of the information in the mobile device.

Forensic experts also need to ensure that evidence is identified clearly and accounted for appropriately. This can be achieved by taking photographs of peripheral cables, mobile phones, power connectors, removable media and the entire scene.

The way data or evidence is packed matters a lot. Forensic examiners should seal the mobile device in a good container. This should be followed by proper labeling. It should then be taken directly to the laboratory for processing because some mobile devices are very volatile.

After analysis and interpretation, forensic experts prepare a report and then hand it over to the relevant officers.

In conclusion, the above guidelines will help you to undestand what mobile device forensic entails and procedures used.