Steps of Mobile Forensic Process – User information may be digitalized nowadays; therefore, people may get other information by hacking mobile devices. The mobile devices may also be misused to spread hoax or exchange illegal information. Even people may plan a crime through mobile devices. Therefore, mobile forensic is essential.
The mobile forensic activity aims to recover the data footprint or retrieve any relevant information about a particular topic. To do the mobile forensic examination, the mobile devices, like those we use to access online games, but this time is used for crime, should be seized, isolated, stored for analysis, and kept so the evidence will not be corrupted. There are some steps in doing this mobile forensic.
• Seize the Mobile Devices
As any forensic method, the evidence should be seized. The mobile devices and any RAM or memory in it should be preserved in a specific box and the investigators should have permission from the court to take and analyze the mobile devices. Keeping the devices on may also be an essential thing to do since getting the devices shut down may alter the evidence.
The standard tools to conduct mobile forensics are the external power supply and Faraday bag/box. Investigators should have at least these two tools to jam the mobile devices. The Faraday bag or box is used to isolate the mobile devices from any communications network and to help the transportation of the evidence to the laboratory. The external power supply is needed to keep the devices on. Before putting the mobile devices inside the Faraday bag or box, don’t forget to disable network connections and also enable the aeroplane mode.
• Identification and Extraction
One important thing is that not only the device is mobile but also the data. Once files are sent to another device, the control of the data is lost. The footprint of the data may be still in the device, but the real data may be in another device. It is worsened by the existence of cloud that can synchronize data to and from other devices and at the same time organize the data from one particular device. This fact also makes the investigators find some difficulties in collecting information properly. Not only that, there may be too many protocols that investigators should follow to collect or retrieve the data. The solution for this problem is by making the SIM card replica to be used in the analysis process while the original one remains intact in the mobile devices. After that, the investigators can move to the process of examination and analysis by using any devices that they have.
The process of mobile forensic may look easy but there are many steps and protocols that investigators should follow since it is also a piece of evidence from a crime scene. Let’s hope that this kind of study will be developed well so that the criminal cases can be solved quickly.