Cell Phone Forensics

View Research Poster

Problem

Forensic analysis of mobile phones is a rapidly-evolving field with many forensics analysis tools emerging. The number of different kinds of phones and the variations in their connectors, operating systems, functions, and stored data mean that currently no tool supports all aspects of analysis on all phones. Furthermore, some aspects of some phones have no support in the currently available tools. Consequently law enforcement is faced with a difficult problem in determining what cell phone analysis tools to acquire, and which of their tools to use when they must investigate a specific phone.

Solution

This project has established criteria and procedures to test forensic analysis tools for cell phones. These criteria include support for analysis of phone logs, calendars, text messages, photographs, videos, and applications, among others. We are applying the testing procedure by using each of the most prominent cell phone analysis tools, including Cellebrite's UFED Ultimate, Paraben Corporation's Device Seizure, Susteen's Secure View, and Access Data's Mobile Phone Examiner, on hundreds of the most popular phones. The project will produce:

  • Reports to be published by the National Institute of Justice (NIJ) Electronic Crime Technology Center of Excellence (ECTCoE) describing the capabilities of each cell phone analysis tool.
  • A "Gap Analysis Report" indicating aspects of cell phone analysis that no tool adequately supports.
  • A searchable database of which tools work well for analyzing specific aspects of specific phones.

Support

This work was supported by a subcontract from the Electronic Crime Technology Center of Excellence through a grant from the National Institute of Justice.