Conducting a digital forensic examination of a mobile phone for potential evidence is not as straightforward as simply turning it on and having a look , for more information visit http://www.cclgroupltd.com or call us at 01789 261 200 .

1. The Real CSI: Mobile Phone Digital Forensics
As with computer forensics, it is important not to turn the device on. If the phone being
examined is live, it will connect to a network cell and start downloading data as soon as
it is switched on. This can alter or overwrite any potentially incriminating data that may
be stored on the device.
A Faraday Box is used to minimise the risk of any potentially useful data such as texts
and calls being altered by switching the phone on. Calls, contacts, SMS and logs often
contain crucial information and are always worth investigating. There are also other
potentially valuable sources of intelligence on a modern smartphone that could also aid
an investigation, and these sources could potentially could be overlooked. These include
social media content, third party applications and web history, all of which can provide
useful intelligence. We have built up broad experience in extracting this more advanced
data from mobile phones, and we can decode new applications as needed.
Where possible our analysts will take a full read of the phone’s memory for a raw binary
file, bypassing the phone’s operating system and taking as much data from the device as
possible. We then use internally developed software to convert that data (which can
include: contacts, calls, SMS, organiser, emails, app data, etc.) from its database format
into a more easily interpreted format. Data that is not stored in databases would be
searched for using a script. Again, this is a capability that CCL has developed in-house,
as it is not widely supported by commercial forensic tools – so our friends in Miami may
struggle here.
Developments in mobile technology are coming thick and fast, presenting increasing
challenges in obtaining data and crucial evidence – whether it is live or has been deleted.
The expertise lies not only in being able to access and present this ever-expanding range
of information, but also in ensuring that the processes and methodology that define how
this evidence is obtained guarantee its integrity. Unfortunately, this often means that the
process is a lot less ‘Hollywood’ than TV would lead us to believe.
For more information about digital mobile phone forensics or CCL’s other products and
services please visit www.cclgroupltd.com or call 01789 261200.
CCL Group - the UK’s leading supplier of digital forensics Solutions , includes:
computer forensics Investigation, mobile phone forensics and cell site analysis
services. Check out http://www.cclgroupltd.com/digital-forensics
t: 01789 261 200
e: contact@cclgroupltd.com