The range of information that can be obtained from mobile phones is detailed in this section. Data on a mobile phone can be found in a number of locations: SIM card, external storage card, and phone memory. In addition, the service provider also stores communication-related information. The book primarily focuses on data acquired from the phone memory. Mobile device data extraction tools recover data from the phone's memory. Even though data recovered during a forensic acquisition depends on the mobile model, in general, the following data is common across all models and useful as evidence. Note that most of the following artifacts contain date and timestamps:
Address Book: This stores contact names, numbers, e-mail addresses, and so on
Call History: This contains dialed, received, missed calls, and call durations
SMS: This contains sent and received text messages
MMS: This contains media files such as sent and received photos and videos
E-mail: This contains sent, drafted, and received e-mail messages
Web browser history: This contains the history of websites that were visited
Photos: This contains pictures that are captured using the mobile phone camera, those downloaded from the Internet, and the ones transferred from other devices
Videos: This contains videos that are captured using the mobile camera, those downloaded from the Internet, and the ones transferred from other devices
Music: This contains music files downloaded from the Internet and those transferred from other devices
Documents: This contains documents created using the device's applications, those downloaded from the Internet, and the ones transferred from other devices
Calendar: This contains calendar entries and appointments
Network communication: This contains GPS locations
Maps: This contains looked-up directions, and searched and downloaded maps
Social networking data: This contains data stored by applications, such as Facebook, Twitter, LinkedIn, Google+, and WhatsApp
Deleted data: This contains information deleted from the phone