Book Image

Mastering Mobile Forensics

By : Soufiane Tahiri
Book Image

Mastering Mobile Forensics

By: Soufiane Tahiri

Overview of this book

Mobile forensics presents a real challenge to the forensic community due to the fast and unstoppable changes in technology. This book aims to provide the forensic community an in-depth insight into mobile forensic techniques when it comes to deal with recent smartphones operating systems Starting with a brief overview of forensic strategies and investigation procedures, you will understand the concepts of file carving, GPS analysis, and string analyzing. You will also see the difference between encryption, encoding, and hashing methods and get to grips with the fundamentals of reverse code engineering. Next, the book will walk you through the iOS, Android and Windows Phone architectures and filesystem, followed by showing you various forensic approaches and data gathering techniques. You will also explore advanced forensic techniques and find out how to deal with third-applications using case studies. The book will help you master data acquisition on Windows Phone 8. By the end of this book, you will be acquainted with best practices and the different models used in mobile forensics.
Table of Contents (14 chapters)
Mastering Mobile Forensics
About the Author
About the Reviewer
Preparing a Mobile Forensic Workstation

Why mobile forensics?

The promptly evolving mobile phone industry has reached an unimaginable peak and smartphones will definitely replace computers, since a lot of those tiny devices are becoming as powerful as personal computers.

On a daily use basis, each smartphone is a huge repository of sensitive data related to its owner. Nowadays, smartphones are used to perform almost any task that we need to do, starting from the "traditional" tasks involving sending and receiving of calls, short text messages, and e-mails to more complex ones, such as geolocation, balance checking, making bank transactions, and managing tasks and reminders. Given the pace at which development is progressing, the need for forensic examination is as well. Data contained within modern devices is continuously becoming richer and more relevant, which is partly due to the exploding growth and the use of mobile applications and social networks. In addition to this, all mobile phones are now capable of storing all kinds of personal information and usually even unintentionally.

According to ABI research (, which is a technology market intelligence company, at the time of writing this book there are more than 1.4 billion smartphones that are in use; more than 798 million of them are running on Android, more than 294 million are running Apple's iOS, and more than 45 million are running Windows Phone, which represents a growth rate of 44% for 2013 according to the same source.

In its report, Cisco states ( that an average smartphone user will make five video calls and download 15 applications each month.

If we refer to data given by Nielsen Informate Mobile Insights, ( in the US, Android and iPhone users spent 30 hours and 15 minutes using apps on their smartphones in Q4 2013, and this amount of time is not decreasing, as shown in the following chart:

In the Q4 2013, users used 28.8 applications and spent 30 hours, 15 minutes on them.

All this advancement has a lot of benefits for sure, but without any doubt it represents new challenges to law enforcement as cybercrime and digital complaints continue to grow. This issue was raised by the Federal Bureau of Investigation (FBI) and the Internet Crime Complain Center ( In 2014, the total number of complaints received is 269,244 and all statistics are huge, as shown here:

Total digital complaints and digital complaints loss as given by the FBI Internet Crime Complaint Center

So, why is mobile forensics important? Simply because acquiring a smartphone means acquiring a person's everyday life in terms of data. Some proactive acquisition approaches are gaining place in a criminal context not only after a crime, but also when people violate regulations and laws, such as preventing terrorist attempts, crimes against states, and pedophilia.

Today's smartphones contain all kinds of evidence stored as heterogeneous data generated from the hardware and the software constituting the device. Categorizing this data is quite important; in order to produce some kind of evidence classification, only a well-driven mobile forensic approach can help us make the correct correlation between data, data type, and evidence type. (refer to Chapter 6, Mobile Forensics – Best Practices, for more details)

The importance of mobile forensics is established and cannot be denied in this age of information where every single byte matters.