Mobile Phone Forensics

To a fraudster, the mobile phone, especially the more advanced smartphones such as the iPhone and alternative Android based devices, are just mobile pc’s – tools of the trade.

Devices that may have been used to perpetrate a crime against you or your business, if seized, may hold a wealth of data that can be used to prove the intentions or actions of the individual concerned. This is where Blackhawk’s mobile device forensics service can help.

Just like computers, the information stored on a mobile phone is often accessible, even if the owners has attempted to wipe the data to avoid detection. Where these devices are concerned forensics data is typically available in 4 categories:

Mobile SIM Card Forensics

The Mobile device’s SIM card. The SIM card stores a range of useful data that may be recoverable. A removable SIM card can be transferable between phones, so it is one place where a more permanent copy of the persons contacts and phone book entries are stored. In addition, it may store text messages and even deleted text messages, along with the last numbers dialled, email addresses, where else the SIM has been used and other network information. In essence, the Sim can hold a significant amount of potential useful information to an ongoing financial fraud or other criminal investigation.

Mobile Memory Card Forensics

The memory cards or built in memory for today’s mobile devices store an enormous amount of data – hundreds of gigabytes. This memory is used to store information, from photos taken by the phone’s camera, to data from the device’s applications, such as spreadsheets with potentially revealing financial data useful to a fraud investigation. In addition, the baseline data, typically stored in the phone’s memory may also consist of the users contact lists, calls made, received and missed, SMS records and contents from other applications such as calendars and todo lists.

Enhanced Mobile Data Forensics

This type of data is usually created by applications resident on the phone, such as documents and spreadsheets. It can also includes records of connectivity including, Bluetooth and WiFi connections, images, video, audio and of course email usage.

Deleted Data Access

Just because a message or a document has been deleted, it doesn’t mean it’s not available. Deleting a file doesn’t necessarily destroy the file. For the same reasons they can often be recovered from a PC, all that happens is that the memory space the file resides in becomes available to other device applications to write over. This is why it is critical to access the phone in a forensically controlled way, so as not to destroy files such as these, as the data may still be intact and not yet written over. This naturally includes all the information the user believes they have deleted. As with any form of IT forensics service, speed is of the essence and so is process. Ensuring the right processes are used to extract, record and log data recovered is critical to protecting the integrity of the evidence.

Your own company phones used against you

If you suspect a phone has been used to commit a fraud against you and you have legal access to that device, Blackhawk’s expert team of mobile phone forensics investigators can help extract the data needed to help support any criminal proceedings.

Call Blackhawk Intelligence’s London mobile phone forensics team on +44 (0)20 8108 9317 today.