Mobile Phone Digital Forensics

Mobile Phone Digital Forensics

I was a aware of Law enforcement capabilities to access to Mobile Phone Digital Forensics, but, did’t put much thought into it, until, I started to watch a late night documentary, called, Forensics: The Real CSI Season 1, Episode 3 . In this Episode, it shows a real live example of capturing evidence against a criminal. Here is some research on the same..

You can watch the documentary here;

The software in use, looks like Cellebrite or elcomsoft, checking the website, it shows the following support;

  • Devices iOS
    • .devices iPhone of extraction system file full a perform and locks Determine
    • .(on kept be must device (iPhones locked to access) AFU (Unlock-First-After Gain•
    • .passcode device the knowing without extraction) BFU (Unlock-First-Before Perform•
    • ,attachments email and emails downloaded, conversations chat, data app party 3rd decode and Access•
    • .more and content deleted
  • Devices Android
    • system file full a or) Encryption Disk Full (extraction physical a perform and locks determine or Bypass•
    • .market the on devices Android most on) Encryption Based-File (extraction
    • Based-File with protected devices Android locked to access) AFU (Unlock-First-After Gain•
    • .(FBE (Encryption
    • .(FDE (Encryption Disk Full with devices Android locked for passcodes Startup Secure Determine•
    • Xiaomi and, PrivateSpace Huawei, Folder Secure Samsung like containers secure in stored data Access•
    • .Space Second
    • Unlock latest the devices from ZTE, Xiaomi, Sony, Samsung, OnePlus, Nokia, Motorola, LG, Huawei .
  • Secure Enclave

Securing iPhone

Not to get into a Android vs iPhone augment, but if are using Android phone, good luck with Security;

  1. Maintain the latest OS updates.
  2. Use Apple Configurator to restrict pairing to only the host running Configurator. This will prevent pairing the device to another host, even when it is unlocked.
  3. On the iOS device, tapping “Erase All Content and Settings” is the only way to clear all of its pairings (in addition to all of the other data stored on the device).
  4. For a less destructive way to clear pairings, backup the device through iTunes (encrypt backup with a strong passphrase), “Erase All Content and Settings” on the iOS device, and then restore device settings and data using iTunes
  5. Update Locked Downed Records
    1. https://support.apple.com/en-us/HT202778
    2. Pairing relationships established with devices running iOS 7 or earlier never expire and survive reboots and factory resets. Once such devices get updated to iOS 8 or newer, all existing trust relationships are revoked and must be re-established under new rules.
    3. Since iOS 8, all pairing relationships remain unavailable after the device restarts or powers on until the device is unlocked (at least once) with a passcode.

Research