A comparison of forensic evidence recovery techniques for a windows mobile smart phone

<p>Acquisition, decoding and presentation of information from mobile devices is complex and challenging. Device memory is usually integrated into the device, making isolation prior to recovery difficult. In addition, manufacturers have adopted a variety of file systems and formats complicating decoding and presentation.</p> <p>A variety of tools and methods have been developed (both commercially and in the open source community) to assist mobile forensics investigators. However, it is unclear to what extent these tools can present a complete view of the information held on a mobile device, or the extent the results produced by different tools are consistent.</p> <p>This paper investigates what information held on a Windows Mobile smart phone can be recovered using several different approaches to acquisition and decoding. The paper demonstrates that no one technique recovers all information of potential forensic interest from a Windows Mobile device; and that in some cases the information recovered is conflicting.</p&gt

SIM Card Forensics: Digital Evidence

With the rapid evolution of the smartphone industry, mobile device forensics has become essential in cybercrime investigation. Currently, evidence forensically-retrieved from a mobile device is in the form of call logs, contacts, and SMSs; a mobile forensic investigator should also be aware of the vast amount of user data and network information that are stored in the mobile SIM card such as ICCID, IMSI, and ADN. The aim of this study is to test various forensic tools to effectively gather critical evidence stored on the SIM card. In the first set of experiments, we compare the selected forensic tools in terms of retrieving specific data; in the second set, genuine user data from eight different SIM cards is extracted and analyzed. The experimental results on a real-life dataset support the effectiveness of the SIM card forensics approach presented in this paper. Keywords: SIM card, Digital Forensics, Forensic tools, ICCID, IMS

Forensic Tools for Mobile Phone Subscriber Identity Modules

Mobile phones and other handheld devices incorporating cellular capabilities, such as Personal Digital Assistants, are ubiquitous. Besides placing calls, these devices allow users to perform other useful tasks, including text messaging and phonebook entry management. When cell phones and cellular devices are involved in a crime or other incident, forensic specialists require tools that allow the proper retrieval and speedy examination of data present on the device. For devices conforming to the Global System for Mobile Communications (GSM) standards, certain data such as dialed numbers, text messages, and phonebook entries are maintained on a Subscriber Identity Module (SIM). This paper gives a snapshot of the state of the art of forensic software tools for SIMs and an explanation of the types of digital evidence they can recover

Paper Session V: Forensic Software Tools for Cell Phone Subscriber Identity Modules

Cell phones and other handheld devices incorporating cell phone capabilities (e.g., smart phones) are ubiquitous. Besides placing calls, cell phones allow users to perform other tasks such as text messaging and phonebook entry management. When cell phones and cellular devices are involved in a crime or other incident, forensic specialists require tools that allow the proper retrieval and speedy examination of data present on the device. For devices conforming to the Global System for Mobile Communications (GSM) standards, certain data such as dialed numbers, text messages, and phonebook entries are maintained on a Subscriber Identity Module (SIM). This paper gives a snapshot of the state of the art of forensic software tools for SIMs. Keywords: Cell Phone, Forensic Tool, Subscriber Identity Modul

Forensic Analysis of the Contents of Nokia Mobile Phones

Acquiring information from a mobile phone is now an important issue in many criminal investigations. Mobile phones can contain large amounts of information which can be of use in an investigation. These include typical mobile device data including SMS, phone records and calendar and diary entries. As the difference between a PDA and a mobile phone is now blurred, the data that can reside on a mobile phone is somewhat endless. This report focuses on the performance of different mobile phone forensic software devices, and reports the findings. All aspects of the different software pieces will be reported, as well as what the investigators extract from the phones. The ability of different software tools to produce certain hash algorithm sums will be analysed, as well as the forensic methods used to extract the information. This area is one which will gain momentum in the future, hence any advances made in the field is an advantage to upcoming studies

Systems And Methods For Detecting Call Provenance From Call Audio

Various embodiments of the invention are detection systems and methods for detecting call provenance based on call audio. An exemplary embodiment of the detection system can comprise a characterization unit, a labeling unit, and an identification unit. The characterization unit can extract various characteristics of networks through which a call traversed, based on call audio. The labeling unit can be trained on prior call data and can identify one or more codecs used to encode the call, based on the call audio. The identification unit can utilize the characteristics of traversed networks and the identified codecs, and based on this information, the identification unit can provide a provenance fingerprint for the call. Based on the call provenance fingerprint, the detection system can identify, verify, or provide forensic information about a call audio source.Georgia Tech Research Corporatio

Using smartphones as a proxy for forensic evidence contained in cloud storage services

Cloud storage services such as Dropbox, Box and SugarSync have been embraced by both individuals and organizations. This creates an environment that is potentially conducive to security breaches and malicious activities. The investigation of these cloud environments presents new challenges for the digital forensics community. It is anticipated that smartphone devices will retain data from these storage services. Hence, this research presents a preliminary investigation into the residual artifacts created on an iOS and Android device that has accessed a cloud storage service. The contribution of this paper is twofold. First, it provides an initial assessment on the extent to which cloud storage data is stored on these client-side devices. This view acts as a proxy for data stored in the cloud. Secondly, it provides documentation on the artifacts that could be useful in a digital forensics investigation of cloud services

Wireless communication, identification and sensing technologies enabling integrated logistics: a study in the harbor environment

In the last decade, integrated logistics has become an important challenge in the development of wireless communication, identification and sensing technology, due to the growing complexity of logistics processes and the increasing demand for adapting systems to new requirements. The advancement of wireless technology provides a wide range of options for the maritime container terminals. Electronic devices employed in container terminals reduce the manual effort, facilitating timely information flow and enhancing control and quality of service and decision made. In this paper, we examine the technology that can be used to support integration in harbor's logistics. In the literature, most systems have been developed to address specific needs of particular harbors, but a systematic study is missing. The purpose is to provide an overview to the reader about which technology of integrated logistics can be implemented and what remains to be addressed in the future