The final stage is the analysis of the mobile data. This stage allows police to read patterns of communications between criminals and put pieces of the investigative puzzle together. It will improve their chances of obtaining evidence that can prevent a potential crime from occurring or to bring a criminal to justice.
But, there is no rule of thumb when it comes to mobile forensic investigation. Every case is different and for that reason, varying approaches may be needed to fully optimise the forensic technology. Creativity among investigators is essential because mobile devices are not meant to be interrogated. They were not designed to have police teams rip data from them and so a level of experimentation is required by investigators during the more challenging cases.
Digital forensic equipment such as the UFED Link Analysis product from Cellebrite, can drill into mobile data to the point where investigators can see how long communication between criminals has being going on for and who they are talking to on a regular basis to gain a further insight into criminal activity through a more thorough assessment of retrieved mobile data.
But, as with standard forensic equipment, every case differs so investigators have to choose the right tool in order to effectively extract mobile data from a suspect's phone.
In a case where time is of the essence, perhaps in a kidnapping incident, a quicker analysis of mobile data will be needed. What is called a 'logical extraction' provides investigators a thorough download of all 'visible' content of a suspect's phone, in a much quicker time. A 'physical extraction' provides a bit by bit flash memory download of a suspect's phone, which yields all visible content, including hidden files and deleted data. In a murder investigation, where lots of evidence, hidden or unhidden, deleted or undeleted needs to be collated and triple-checked, the physical extraction option would be the most effective.
Any investigation is about gathering information and building up a picture. Just as biological forensics helps to put pieces of the puzzle together, mobile forensics can give more information about people and their habits. In addition, this can throw up alternative leads for the police and can help to identify key facts within an investigation.
What the future holds
The process of examining data is a science, but with all sciences changes occur that need updated solutions. Just as viruses mutate, forcing scientists to develop remedies to combat the bacteria, methods of communication mature meaning that investigators have to think outside the box in order to stay one step ahead.
It is not just police forces that have to stay in the loop with technological developments; the mobile forensics industry must ensure that it is also one step ahead of criminal operations, providing law enforcement agencies with the latest software to fight the advances in criminal communications.
Sign up for Computerworld eNewsletters.