Question

you are a Digital Forensic investigator who has been hired by the attorney for the convicted party. The attorney tells you that the case is under appeal based on the argument that the 'con artist' was coerced to confess. The attorney also gives you a cellphone belonging to his party and asks you to run a thorough examination of the mobile device to extract any data that may be important to this case.
Detail the steps you would take in your investigation, starting with taking possession of the mobile device.

Answer 1

Digital forensic application of computer science and investigative procedures for a legal purpose involving the analysis of digital evidence after proper search authority,chain of custody, validation with mathematics,use of validated tools, repeatablity, reporting and expert presentation.

People store a wealth of information on cell phones.people don't think about securing their phones.

Items stored on cell phones i.e, incoming,outgoing and missed calls,multimedia message service(MMS; text message) and short message service(SMS) messages,E-mails accounts, instant-messaging (IM)logs,web pages, pictures, video and music files.

Investigating cell phones and mobile device is one of the more challenging tasks in digital forensic. No signals standard exists for how and where phones store messages. New phones come out aout every six months and they are rarely compatible with previous models.

Mobile phone technology has advanced rapidly. By the end of 2008, mobile phones had gone through three generation i.e, analog, digital personal communications service(PCS), third generation(3G), fourth gentration was introduced in 2009. several digital networks are used in the mobile phone industry.

1 - Interested in providing reports done in the past.

2 - determines the attack, analyses it and then prepares a report.

3 - Examines volatile components.

4 - Learns & upgrades its immunity for future attacks.

process of digital forensics

collection--examination--analysis---reporting

media ------data ----------information--evidence

importance of digital forensic

1. Concerned with not only "detective work" but also scrambles information.

Encryption

stegonograpgy

2. Also provides

D ---- Data corruption prevention

C ----- Confidential data handling

M ----- Maintainence of regulation/guidlines

F ------ Follows rules for integrity & correctness.