Information Technology Reference
In-Depth Information
•
Dynamic nature of evidence
: Digital evidence may be easily altered either inten-
tionally or unintentionally. For example, browsing an application on the phone
might alter the data stored by that application on the device.
•
Accidental reset
: Mobile phones provide features to reset everything. Resetting
the device accidentally while examining may result in the loss of data.
•
Device alteration
: The possible ways to alter devices may range from moving
application data, renaming files, and modifying the manufacturer's operating sys-
tem. In this case, the expertise of the suspect should be taken into account.
•
Passcode recovery
: If the device is protected with a passcode, the forensic exam-
iner needs to gain access to the device without damaging the data on the device.
•
Communication shielding
: Mobile devices communicate over cellular networks,
Wi-Fi networks, Bluetooth, and Infrared. As device communication might alter
the device data, the possibility of further communication should be eliminated
after seizing the device.
•
Lack of availability of tools
: There is a wide range of mobile devices. A single
tool may not support all the devices or perform all the necessary functions, so a
combination of tools needs to be used. Choosing the right tool for a particular
phone might be difficult.
•
Malicious programs
: The device might contain malicious software or malware,
such as a virus or a Trojan. Such malicious programs may attempt to spread over
other devices over either a wired interface or a wireless one.
•
Legal issues
: Mobile devices might be involved in crimes, which can cross geo-
graphical boundaries. In order to tackle these multijurisdictional issues, the
forensic examiner should be aware of the nature of the crime and the regional
laws.
