Presentation

Mobile forensics is obtaining information on a mobile device such as a smartphone or tablet. The technology has grown in sophistication, and it can be used to uncover hidden content on devices, including text messages, apps and wifi connections. Mobile forensics goes beyond mere wireless security breaches. Today's mobile forensic tools can uncover true digital evidence and unlock devices with few endpoints or no recovery partitions to access."

The importance of mobile forensics is rising in the connected world of today. Discover further regarding mobile forensics, its applications, and the significance and procedures of a mobile investigation with a strong forensic foundation in this course.

Mobile forensics is a digital forensics subfield that focuses well on data extraction from electronic origin. Recovery of evidence from portable digital devices such as tablets, smartwatches, and smartphones is the focus of mobile forensics. Mobile devices are used by numerous people these days, so it seems reasonable that they would hold a large quantity of evidence that might be helpful to investigators. These gadgets search for data and collect and transmit data (Moreb, 2022).

Mobile devices can reveal numerous important pieces of information, such as messages, GPS data, call logs, and internet search activity that discloses the owner's probable whereabouts anywhere at any given moment.

The secret to gathering digital evidence is following forensically sound procedures, regardless of who utilizes mobile forensics or how it is applied. According to Duke University's Electronic Discovery Reference Model, the word "forensically sound" refers to "procedures employed for gathering electronic information in a way that assures it is "as originally discovered" and is dependable enough to be allowed into evidence."

This implies that mobile evidence is treated so that it will be admissible in court and that it is not compromised during the forensic procedure. The idea of being forensically sound is based on the fundamental idea that transportable evidence should be kept in the same condition as when it was first discovered.

A defined procedure that helps to guarantee law enforcement or anyone collecting the data follows best practices for doing so lies behind forensically sound mobile evidence collection. Let's examine those actions ( Kumar, 2021,p.102).

The cornerstone of digital forensics is the principle that evidence should always be correctly handled, preserved, and acceptable in court. Just a few legal issues are related to seizing a mobile device.

The two major risks involved with this step of a mobile forensic method are the cellular connection and the lock activation (by operator, suspect, or inadvertent related parties). Isolating a network is usually a great idea, and you have two different ways to accomplish it: either 1) deactivate wifi and hotspots on the phone and set it in aeroplane mode, or 2) duplicate the SIM card from your smartphone.

The best approach to transport mobile devices is to attempt to keep devices powered on to prevent a shutdown that could inevitably alter files. This is because maintaining evidence is the purpose of their seizure (Kaushik, 2022, p46).

A Faraday box/backpack plus an external power supply are typical pieces of gear for forensics. The former is a box specifically designed to separate mobile phones from communication networks whilst still helping with the safe handling of evidence in a lab, in contrast to the latter, which is a source of power installed on the inside of the Faraday box. Upon placing the device in the Faraday box, disconnect the device from the network, disable all connectivity (GPS, wifi, etc.), and turn on flight mode to secure the information's integrity.

A Faraday bag is a device that isolates electronic devices from electromagnetic interference ( Kumar, 2021,p.102). The main benefit of a Faraday bag is that it prevents signals on a phone or computer: phone calls, messages and data transfers. In the legal environment in particular, not only must investigators/lawyers protect their cell phones but also all related devices like laptops and tablets."

The goal of this phase is to remove data from the mobile gadget. A locked screen could be opened with the correct credentials, PIN, passwords, pattern, biometrics or trend. According to the Virginia Circuit Court, passwords are secured, but fingerprints aren't. Furthermore, comparable lock capabilities may be present in programs, images, Sms messages, and messengers. On the other hand, encryption provides security that is often difficult to breach at quite a hardware, program, or even both level.

Since the data is movable, managing it on smartphones is difficult. Once documents or texts are sent via a smartphone, management is lost. Even though a wide range of gadgets can store much information, the information may be elsewhere. For instance, data synchronization between programs and devices can occur locally and via the cloud. It is possible to obtain data from mobile device owners who regularly utilize services, including Apple's iCloud or Microsoft's One Onedrive (Kaushik, 2022, p45).

Software and hardware may close any data gap since data is constantly being synchronized. Consider Uber as an illustration; it contains both an application and a working website. All the information obtained through the Uber app on a smartphone can be viewed on the Uber website and through Uber's software suite, downloaded onto a computer and installed.

Irrespective of the phone model, finding the data may be more challenging due to the dispersion of operating systems and item specifications. The open-source Android operating system has numerous releases, and even Apple's iOS may vary from one release to the next. Another challenge for forensic specialists is mobile applications' abundance and ongoing innovation. Make an exhaustive list of all installed programs. Some programs archive and back up their data.

Once the data sources have been determined, the next step is to collect the data properly. There are specific challenges to collecting data in the setting of mobile technologies. Many smartphones could undergo a process known as data acquisition rather than being obtained through image generation. There are numerous methods for collecting data from portable devices because some design constraints might only allow for a specific type of acquisition. To create a replica of a SIM Card's data, the forensic investigator should use a technique known as SIM Card imagining. Like past replicas, the underlying evidence would be kept safe while employing the duplicate image for assessment. All image files must be hashed to ensure the information is accurate and undamaged.

The forensic expert must first determine the type of mobile device(s) involved in any digital investigation involving a mobile device or devices, such as a tablet, smartphone, GPS, etc. There are GSM, CDMA, and TDMA networks accessible. Provider of carrier services (Reverse Lookup)

The investigator may require various forensic tools to get and analyze data saved on the machine. Due to the variety of mobile devices, there is currently no collection of mobile forensic tools that is universally applicable. Therefore, it is advised to use various equipment when performing an assessment. EnCase, Sleuthkit, and AccessData are well-known forensic software programs with analytical capabilities. The optimal tool or tools are chosen based on the type and brand of the device. A timeline plus link assessment, available in so many mobile forensic systems, can link all of the significant events from the viewpoint of a forensic investigator.

Usually, they are longer and more intricate. It is possible that manually removing and imaging the phone's flash memory cards may be the only way to retrieve data from a gadget when it has become completely non-functional due to serious damage. Regardless of whether the apparatus or item is in good condition, the forensic expert may still be required to acquire the details of the chip manually.

A process that outlines extracting data directly from the mobile device's memory chip. Data from the gadget under investigation is recovered using a chip reader or perhaps a different phone after the chip has been taken from the gadget in a manner appropriate for this level. It should be acknowledged that the sheer variety of chip varieties in the phone industry makes this process technically challenging. To de-solder and burn the microchip during the chip-off method, the investigator must purchase specialized apparatus, undergo training, and incur additional costs. Uncoded and uninterpreted, bits and bytes of unprocessed metadata continue to be retrieved from the storage.

There are five steps in all in the process:

Identify the device's memory chip type;

physical removal of a chip (by, for instance, unwelding it);

Utilizing software for reading/programming the chip to interface;

reading and sending information from the microchip to a computer;

reverse engineering is used for data interpretation;

With this method, the entire microchip is manually viewed through the lenses of an electron microscope to examine the data visible therein, particularly the physical circuits on the microchip. Micro reading is a costly, drawn-out process that needs the maximum expertise and is only employed in dire national security situations.

The most famous wife killers in Ireland are the "CSI wife killers," guys whose murder cases captivated the country and whose heinous acts sent shivers down the public's bones.

Joe O'Reilly, Eamonn Lillis, and Brian Kearney are currently being physically assaulted in jail for the murder of the women they spent their days with.

Kearney and O'Reilly are presently on life sentences for homicide, while Lillis was finally judged responsible for the murder of his spouse. Senior gardai built complex cases against all these three criminals, but despite their disparate offences, they had many things in common.

Although to solve these crimes, police had to rely heavily on advances in forensic technology and scientific research. There is little uncertainty that obtaining convictions in such cases just 20 years ago could have been practically impossible for the gardai. Gardai nowadays are adequately equipped to investigate significant crimes thanks to advancements in forensics, Surveillance, and the ability to get evidence from smartphones and email.

Detectives were aware that their investigation into Joe O'Reilly would shed light on a branch of forensic science that could aid criminals in eluding the law. The prosecution considered expert testimony on the locations and times O'Reilly used his cell phone to be crucial to convincing the jury of his guilt (Harkin, 2012).

In a prosecution primarily based on corroborating evidence, the wife-phone murderer could show that he could not be in two locations at once, and it would ultimately be his downfall. O'Reilly's narrative of his actions on the day of the murder conflicted with the whereabouts of his smartphone, according to communications specialists who testified in court.

According to a garda source, professional criminals will never consider using cell devices linked to them or their colleagues. Joe O'Reilly wasn't a convicted felon, and it's obvious that he was unaware that his phone might be used to monitor and locate him near the crime site when he purported to be elsewhere (Harkin, 2012). The trial had, I think, served as a reminder that this kind of tech is available to us. It's not even necessary to utilize a smartphone to indicate where anything is. For instance, a person's phone will register to the nearby mast as they move around a metropolis. Although it cannot pinpoint a specific place, it can disprove a fake alibi.

"Checking mobile records is now standard protocol in so many cases, particularly those involving missing persons and homicide. Joe O'Reilly didn't appear to be aware of it."

The use of cell phone evidence, frequently referred to as the "new fingerprint"—by gardai in high-profile litigation is not new. Probably the most well-known incident is the 1998 explosion of Omagh by the Real IRA, which claimed 29 lives.

Colm Murphy, a father of four, was convicted of planning the crime in January 2002 by the Central Criminal Court. During his 25-day trial, he alleged that he had given the terrorists two phones under credit. At the time of the incident, RUC and gardai followed the travels of the cellphones first from Republic to Omagh, then back with the assistance of cellphone specialists. According to the prosecution's argument, Murphy gave the attackers the phones, knowing they might be misused.

Later, Murphy was successful in their appeal. A trial has indeed been scheduled after his conviction was overturned. His attorneys are currently making the case-dropping argument that he is too unwell to stand trial again. However, the case established a new benchmark for garda investigation.

Among Britain's most renowned killers, cellphone evidence helped to accept responsibility for their crimes. Ian Huntley abducted and killed Holly Wells and Jessica Chapman, both 10-year-old school children from the English village of Soham, in August 2002. According to the investigators, Jessica's cell phone was off when it was within or near Huntley's house. O'Reilly's cell phone could also cause his death because it showed he had lied to his lover, Nikki Pelley. Investigators discovered that 18 talks and SMS were sent between his phone and Ms Pelley's cellphones on the same day he murdered his wife, despite stating the connection had ended in his report to garda authorities (Kaushik, 2022, p45).