Mobile phones have become part of our lives. Today almost everyone, from children to adults uses a mobile phone.

It has come a long way from just communication devices to feature-rich kits such as high-quality cameras, 4G/5G technology, HD Video resolution and great game playing graphics. These contain a lot of information about users and user activity.

Mobile devices such as cell phones, smartphones and tablets present special challenges to the digital forensic investigator.

Mobile phones can provide an abundance of information. The most obvious types of data you can get from a phone are call logs, contact lists and text messages.

However, various other types of mobile evidence are certain documents from notes or calendar events, miscellaneous documents and data files as well as locations which can also provide valuable clues for the investigation.

This evidence is very fragile in nature and can be tampered easily so it must be taken with utmost care.

Challenges Faced in Mobile Forensics

There are various challenges faced in mobile forensics in relation to its authenticity and integrity. As mobile technology has seen rapid growth over the years going, forensic experts must be advanced with the new techniques to deal with the new challenges.

1. Data Protection

The information on the mobile device can be compromised by breaking the device security using various tools.

The server and hard drive are discrete from mobile devices in the construction of the file system. In cell phones, the structure is scattered and available across numerous apps and utilities.

This Secure system varies from handset consumer locks to SIM cards, PINs, PUKs and tool encryption. A tool locked through a PIN or Password is probably unlocked both through the proper software program application or through facts from the proprietor of the tool.

Encryption is going deeper, securing statistics at a software program or hardware level and is commonly very difficult to decrypt.

2. Manufacturer's Identification

The identification of the phone is necessary in the case of mobile forensics investigation as there are multiple device manufacturers which makes identifying difficult.

A particular model of a single hardware manufacturer may be sold by different carriers under different names.

Mobile phones can sometimes be identified by removing the device's battery, which also prudent the risk of forcing a user to lock or losing data from volatile memory.

Even mobile forensics professionals can find it very toilsome to identify a smartphone-based solely on its appearance. For example, the Mobile Forensics Toolkit provides the ability to automatically identify devices when connected.

3. Power and Connectors

Here the problem arises is the power supply to the device for how long can the battery last unplugged as it has information stored on its volatile memory which can be the crucial evidence and if the power goes off, there is loss of the volatile data.

So, an appropriate driver must be found to have a communication connection with the computer.

4. Mobile Device Signals

Here the challenge is to block cell phone signals to prevent new access to the device.

The essence of this challenge is to block access to all signals that reduce the power efficiency of the battery.

Therefore, investigations must be conducted in isolated forensic laboratories to prevent telephone power problems. The device can be put in the faraday’s bag to prevent the incoming and outgoing of signals.

5. Data Content

The amount of data is appropriate for developing growth that is because of the magnificent increase in the storage capacity.

However, modern-day gadgets are restrained in processing strength and storage capacity.

As an end result of such an elevated proportion of data, cloud providers are used to storing the data, however, in the cloud, it can no longer be easy to recognize wherein the information is truly located, which makes the investigation technique extra difficult.

6. Data Extraction

Different types of data are available on mobile devices such as contacts, text messages, call history, photos, and videos which are considered as evidence.

The problem in extraction is whether the data obtained is authentic or not. If evidence, is not error-free then it cannot be used in a court of law.

This means mobile data is manipulated. Servers and hard drives have a different file system structure than mobile devices.

How to Gather Data from Mobile Devices?

Data that can be collected from mobile devices are SMS, contacts, call logs, media, app data, files, hidden files and deleted files. Techniques to gather such data are:

Physical Acquisition: It is a technique for capturing all data including deleted data from a mobile device. The received data is originally in raw format which is converted into human readable format.

Logical Acquisition: It is a technique for extracting files and folders without any deleted data from the device. It makes a copy of the file using a software tool. For example, iTunes backups are used to create logical image for the iPhone or iPad.

Mobile Forensics Tools

In recent years, various tools related to hardware, software and packages have emerged to recover the logical and physical evidence of mobile devices. The hardware contains various cables to connect the phone to the forensic acquisition engine.

The package is designed to extract evidence and often analyze it.

Recently, a rhetoric tool for mobile devices was developed.

This is often a response to both military unit requirements, and anti-terrorist information and Execution is a rhetorical foresight in crime scenes, execution of arrest warrants or emergency situations.

In general, for anyone tool to capture all evidence from all mobile devices is not possible it requires various different working model software.

Commercial Forensic Tools

• Mobiledit Forensic: Retrieve all data from a phone which includes call history, phonebook, SMS, media, files, calendars and raw application data with information on the Operating system, IMEI, ICCID and location.
• Oxygen Forensic: It is a platform where data can be extracted, decoded and analyzed from multiple digital sources.
• Paraben DDS: It is a forensic analysis tool kit which allows to gather the digital data for a variety of different source like networking email, computer, cloud storage, internet data and phones.
• Cellebrite: It provides tools for federal, state, local law enforcement agencies, businesses and service providers to collect, review and analyze the digital data.
• Belkasoft Trial: It captures different mobile devices and performs different analytical tasks, performs case wide searches, bookmark artifacts and generate reports.
• Elcomsoft Los Forensic Toolkit: It performs complete file system and logical survey of iPhone, iPad and iPod Touch devices. It creates image of the device file system, extracts the device password, encryption key, protected data and can decrypt the file system image.

Free Mobile Forensics Tools

• AFLogical OSE
• FTK Imager
• Andriller
• Autopsy
• Linux Memory Extractor

Conclusion

Mobile device rhetoric is a developing field filled with many challenges and opportunities after mobile devices have been analysed for forensic evidence to support criminal investigations.

The method is often more difficult than the forensics of older laptops due to the nature of the electronic evidence.

Although the forensic toolkit exists most of the tool area units have not been fully developed and do not provide the full multi-device utility.

Budget Constraints Law enforcement agencies needs to purchase high quality software packages for use by various mobile device manufacturers.

The secret of investigators is to use an acceptable toolset to analysis in a good way to support criminal cases.

Mobile forensics is an integral part of modern criminal investigations. In most cases, at least one type of mobile device is involved and may contain valuable information.

While regular mobile phones can usually provide the call data and SMS information, the rise of smartphones and the increasing number of features can provide far more valuable data.

In addition, the rapidly changing areas of mobile forensics have forced professionals to stay up to date as its important to know what data and how much data can be extracted with the usage of a particular toolkit.

Therefore, continued training on mobile forensics and the knowledge to the professionals is important to successfully address the challenges of mobile forensics.