Experienced employee of the DigiFirm Investigation Company.
You are an experienced employee of the DigiFirm Investigation Company. DigiFirm is conducting an employee training activity in which employees describe the process of how they would look for evidence on their own mobile devices.
For this assignment, write a report that:
Details the properties of one of your own mobile devices
Outlines the steps you would take to seize evidence from your device, including device storage, system data, and so on
Describes a few legal issues related to mobile device forensic activities in general
Lists the general information that your device reveals about your life
Sample Solution
Mobile Device Evidence Seizure: A Personal Example
Introduction:
I am a senior investigator at DigiFirm and participating in the employee training on mobile device evidence seizure. For this training, I'll outline the process of acquiring evidence from my personal mobile device, a Pixel 4a running Android 12.
Device Properties:
- Model: Google Pixel 4a
- Operating System: Android 12
- Storage: 128GB internal storage (expandable via microSD card - not used)
- Security Features: Fingerprint unlock, PIN backup
Full Answer Section
Steps for Evidence Seizure:- Device Acquisition:
- Power Down:The device should be powered down to prevent further data modification.
- Physical Possession:Secure the device in a tamper-evident bag to maintain chain of custody.
- Data Acquisition:
- Logical Acquisition:This method uses software to extract a logical copy of the device's data, preserving file structure and user data. It requires specialized forensic tools and may require the phone to be powered on.
- Physical Acquisition:This method involves creating a bit-for-bit copy of the device's storage, including deleted data and system files. This is a more complex process requiring specialized hardware and typically done in a controlled forensic lab environment.
- Forensic Software:Connect the device to a forensic workstation using a write-blocker to prevent accidental data modification. Specialized mobile forensic software will be used to extract data.
- Data Extraction:The software will extract user data like call logs, text messages, photos, videos, emails, browsing history, app data, and potentially some system data.
- Data Analysis:
- Extracted data will be analyzed using forensic tools to identify relevant evidence. This may involve keyword searches, data carving (recovering deleted data), and timeline analysis.
- Warrant Requirements:Obtaining a warrant may be necessary to legally seize and analyze mobile device data, depending on the jurisdiction and circumstances.
- Chain of Custody:Maintaining a documented chain of custody is crucial to ensure the integrity of the evidence in court.
- Data Privacy Laws:Data privacy laws may restrict access to certain types of data on mobile devices.
- Personal Information:Contacts, call logs, text messages, emails, calendar entries, location data (through GPS), browsing history, social media activity, photos, and videos.
- Professional Information:Work emails, documents, access to company resources, and communication with colleagues.
- App Usage:The types of apps installed and used can reveal interests, habits, and activities.
- Location Data:GPS data can track movements and places visited.