Cell Phone Forensics: Tools and Techniques
Data Acquisition is the process of gathering data from mobile phones or any other media. This process declines the chances of data loss due to the damage to the phone. However, extracting data from mobile phones is also known as Cell phone forensics. The identification process begins by understanding the type of cell phone, its operating system and some other important parts of the mobile phone. There are multiple tools and techniques available to identify such things without wasting precious time. The investigators keep themselves aware of the new and modern techniques during their Digital Forensics training. With the use of
modern techniques, the investigators solve the crucial cases within a short span.
What are the types of techniques used in mobile forensics? Forensic software tools are significantly developing new techniques for extracting the evidence data from various cellular devices. However, there are multiple types of modern techniques used in mobile forensics such as: •
Logical extraction - In
this
technique,
the
investigator connects the cellular device to a forensic workstation via Bluetooth. With the utilization of a USB cable, the computer sends a series of commands to the mobile device. However, as a result, the required data is collected from the phone's memory and sent back to the workstation. Various tools used for logical extraction are XRY logical, Oxygen forensic suite, etc.
•
Manual Extraction - This
technique
allows
investigators to extract and view data through the touch screen or keypad devices. After extracting the data is documented photographically. The manual extraction technique is timeconsuming and includes a great probability of human error. However, some popular tools used in extracting information manually are project A-phone, Fernico ZRT, and EDEC Eclipse.
•
Micro Read - This
process includes interpreting and
viewing data on memory chips. The investigators use a highpowered electron microscope to analyze the physical gates present on the chip.
•
Chip-Off - This technique allows the investigator to extract data directly from the flash memory of the cellular device. The investigator creates a binary image by removing the binary chip. The chip-off process is costly and requires ample knowledge of hardware.
•
Hex Dumping/JTAG - It is also known as physical extraction as it extracts the raw image in binary format from the mobile phone. The investigator connects the mobile to the workstation and pushes boot-loader into the mobile devices. Later, the boot-loader instructs the device to dump the memory to the computer efficiently. It is a cost-effective process and includes various common tools such as XACT, Cellebrite UFED physical analyzer, and Pandora's box.
You can visit various online portals to know in-depth knowledge related to various Cell phone forensics techniques.