IT IS ESTIMATED that there are now more active mobile telephones in the UK than there are people.
The worldwide mobile telephone subscriber count is over three billion, which accounts for half the population of the planet.
Modern mobile telephones are able to store massive amounts of data: hundreds of contact details, along with the times and sometimes the durations of calls – both incoming and outgoing – may be stored. Recent technology has enabled internet browsing and email correspondence, as well as instant chat (such as Yahoo chat or Windows Live Messenger). Embedded cameras and microphones now allow telephones to capture events and even to ‘geotag’ them using co-ordinates generated by onboard GPS systems.
The scope for what these devices may do is potentially limitless as technology advances.
A treasure trove of evidence
From an evidential perspective there is, therefore, a wealth of information to examine. A person’s contacts will be stored within the memory and we can determine who was contacted, when and for how long. With emails or SMS we can even determine precisely what was said. From the camera we can identify what they’ve seen and sometimes where and when they saw it!
Careful analysis of call logs and SMS correspondence is always warranted when investigating any issue, provided that the access to this information is legal. Techniques and tools to recover and analyse the data from mobile telephones are emerging and evolving daily.
Unfortunately, closed systems put in place by manufacturers to protect their own intellectual property cause problems in recovering data.
Methods to recover deleted data from the memory of handsets are currently being explored. However, these techniques are still in their infancy and the results require careful interpretation, but frequently the extra effort involved proves worthwhile.
Passwords are a hurdle
Manufacturers have placed security measures on the devices to prevent their unauthorised use.
Often a password, or PIN, has to be input before the device may be used or its contents viewed. For the forensic investigator this access control is a potential hurdle: steps must be taken to obtain the password from the user, or from the manufacturer or service provider if permissible.
Synchronisation benefits and risks
Most high-end devices, such as the BlackberryTM or iPhone, realise their full potential only when paired and synchronised with a desktop computer. Bear in mind that when they are plugged in they are also able to act as a removable storage device to transfer files to and from a laptop or computer workstation.
Organisations should be aware of the potential security risk to their IT infrastructure from these devices. Is the ‘harmless’ phone that the user plugs into their workstation actually being misused to misappropriate sensitive data?
Evolve and adapt
Investigators, their tools and techniques need to evolve, adapt and keep pace as this technology advances. Evidence and intelligence from mobile telephones and handheld devices has proved indispensable and often pivotal to investigations and court cases – and this evidential source is far too valuable to ignore.