Mobile Phone Forensics
For many would be fraudsters, the mobile phone is the gateway to the internet and more often that desired, into either your personal affairs or the affairs of your business. Getting access to potentially incriminating information from a seized mobile phone is where our mobile phone forensics team can help, we are experts in forensic mobile phone analysis and mobile phone data recovery.
To a fraudster, the mobile phone, especially the more advanced smartphones such as the iPhone and alternative Android based devices, are just mobile pc’s – tools of the trade.
Devices that may have been used to perpetrate a crime against you or your business, if seized, may hold a wealth of data that can be used to prove the intentions or actions of the individual concerned. This is where Blackhawk’s mobile device forensics service can help.
Just like computers, the information stored on a mobile phone is often accessible, even if the owners has attempted to wipe the data to avoid detection. Where these devices are concerned forensics data is typically available in 4 categories:
Mobile SIM Card Forensics
The Mobile device’s SIM card. The SIM card stores a range of useful data that may be recoverable. A removable SIM card can be transferable between phones, so it is one place where a more permanent copy of the persons contacts and phone book entries are stored. In addition, it may store text messages and even deleted text messages, along with the last numbers dialled, email addresses, where else the SIM has been used and other network information. In essence, the Sim can hold a significant amount of potential useful information to an ongoing financial fraud or other criminal investigation.
Mobile Memory Card Forensics
The memory cards or built in memory for today’s mobile devices store an enormous amount of data – hundreds of gigabytes. This memory is used to store information, from photos taken by the phone’s camera, to data from the device’s applications, such as spreadsheets with potentially revealing financial data useful to a fraud investigation. In addition, the baseline data, typically stored in the phone’s memory may also consist of the users contact lists, calls made, received and missed, SMS records and contents from other applications such as calendars and todo lists.
Enhanced Mobile Data Forensics
This type of data is usually created by applications resident on the phone, such as documents and spreadsheets. It can also includes records of connectivity including, Bluetooth and WiFi connections, images, video, audio and of course email usage.
Deleted Data Access
Just because a message or a document has been deleted, it doesn’t mean it’s not available. Deleting a file doesn’t necessarily destroy the file. For the same reasons they can often be recovered from a PC, all that happens is that the memory space the file resides in becomes available to other device applications to write over. This is why it is critical to access the phone in a forensically controlled way, so as not to destroy files such as these, as the data may still be intact and not yet written over. This naturally includes all the information the user believes they have deleted. As with any form of IT forensics service, speed is of the essence and so is process. Ensuring the right processes are used to extract, record and log data recovered is critical to protecting the integrity of the evidence.
Your own company phones used against you
If you suspect a phone has been used to commit a fraud against you and you have legal access to that device, Blackhawk’s expert team of mobile phone forensics investigators can help extract the data needed to help support any criminal proceedings.
Call Blackhawk Intelligence’s London mobile phone forensics team on +44 (0)20 8108 9317 today.