Mobile phone forensic data recovery...

Our client required a full mobile phone forensic investigation on a Nokia E71 mobile device. They were looking for all possible information to be retrieved from the device including information such as contacts, SMS/MMS messages, dialed/received calls, e-mails, and any other information available. The client also had one specific request, in that they wanted to see all information related to specific phone numbers and key words.

We used a number of forensic tools, but in particular Oxygen Mobile forensics suite. Oxygen Forensic Suite 2011 is a mobile forensic suite that goes beyond standard logical analysis of cell phones, smart-phones and PDAs. Using advanced proprietary protocols permits, Oxygen Forensic Suite 2011 extracts much more data than usually extracted by logical forensic tools, especially for smart-phones. We also needed to use Access Data Forensic Toolkit FTK for signature searches of keywords and phone numbers. FTK is recognized around the world as the standard in computer forensic investigation technology and is a court-validated platform that delivers cutting edge analysis, decryption and password cracking whilst providing an intuitive interface that the user can customise to suit their needs.

The investigation of the evidence was performed whilst following the ACPO guidelines for investigation of mobile evidence, whilst taking care to maintain the integrity of the evidence. The Oxygen mobile forensic suite was used to investigate the phone’s internal memory and memory card. A SIM card reader was used following investigation of the phone memory to attempt to discover any information that may have been stored on the phones SIM card. A forensic Image of the memory card from within the phone was created using access data’s FTK imager, the image was the analysed using access data’s FTK in order to determine if it contained any important data.

The investigation was successful, with 15 contacts, 1 calendar entry, 107 text messages and recent call history recovered. Unfortunately there was not a great deal of data recovered that related to specified phone numbers. This was mainly due to the volatility of data that is stored on a mobile phone’s internal memory chip. However what we did recover was sufficient to force a settlement without the need for further proceedings.