Information Technology Reference
In-Depth Information
Mobile forensic tool leveling system
Mobile phone forensic acquisition and analysis involves manual effort and the use of auto-
mated tools. There are a variety of tools that are available for performing mobile forensics.
All the tools have their pros and cons, and it is fundamental that you understand that no
single tool is sufficient for all purposes. So understanding the various types of mobile
forensic tools is important for forensic examiners. When identifying the appropriate tools
for the forensic acquisition and analysis of mobile phones, a mobile device forensic tool
classification system (shown in the following figure) developed by Sam Brothers comes in
handy for the examiners.
Cellular phone tool leveling pyramid (Sam Brothers, 2009)
The objective of the mobile device forensic tool classification system is to enable an exam-
iner to categorize the forensic tools based upon the examination methodology of the tool.
Starting at the bottom of the classification and working upward, the methods and the tools
generally become more technical, complex, and forensically sound, and require longer ana-
lysis times. There are pros and cons of performing an analysis at each layer. The forensic
examiner should be aware of these issues and should only proceed with the level of extrac-
tion that is required. Evidence can be destroyed completely if the given method or tool is
not properly utilized. This risk increases as you move up in the pyramid. Thus, proper
training is required to obtain the highest success rate in data extraction from mobile
devices.
Each existing mobile forensic tool can be classified under one or more of the five levels.
The following sections contain a detailed description of each level.
