What we will do for you...

Disklabs Computer Forensic Experts will examine the prosecution’s evidence and exhibits.  Produce reports in clear and concise terms, guide the defence teams on possible areas of question within the prosecutions case and attend court to deliver expert opinion.                                                                                              Call Us Now on 01827 50000

 

Mobile Phone Forensics

Disklabs are able to assist the case preparation of either the prosecution or defence for either criminal or civil proceedings by the evaluation of the Phone / SIM. Our experts are able to forensically acquire saved and deleted data through the use of approved methods of the Association of Chief Police Officers (ACPO). Evidence can be gathered from mobile phones, SIM and memory cards. Mobile phone forensics is a relatively new science and our experts are at the forefront of this technology. Disklabs is the only company able to recover and analyse data from physically damaged handsets. There is a wealth of information contained on a SIM that include when collected and evaluated in the appropriate manner will yield:

• Stored telephone numbers / contacts,
• Listings of ‘Last Dialled Numbers’,
• Text messages received, sent, drafted or deleted,
• General location information from last use,
• References to overseas network providers that have been used.

At Disklabs our Experts utilise technically advanced hardware and software tools combined with over a decade of experience dating back to the companies’ foundation in 1997 to effectively recover mobile phone evidence.

Mobile Phone Forensics – A brief overview of Logical and Physical Data Acquisitions:

Mobile phone forensics involves the acquisition of stored data within SIM / USIM cards, Mobile Phones and associated peripherals such as expandable memory cards.It is essential to examine each component as a separate entity utilising the best method available (dependant on the circumstances of the investigation and the material sought). There are a number of approved hardware and software applications readily available to conduct such examinations.

There are currently two methods of data acquisition, a logical and physical examination.

Logical Examination

Most of the currently available phone forensic tools perform what is referred to as a logical examination of a handset. A logical examination involves communication between the forensic tool (via the PC) and the handset.
Essentially data is requested by the forensic tool using a variety of protocols, the phone then responds with the requested data where available. The actual data which can be retrieved using a logical examination will depend upon the particular make and model of handset but could include: SMS, MMS, call registers, contacts, pictures, videos, audio, calendar / tasks etc.

Physical Examination

A physical examination requires specialist hardware and software applications and techniques.

A physical examination involves acquiring an image of the entire memory of the handset (exclusive of the expandable memory card if applicable).

There are three processes available to the examiner in the recovery of data from the handset memory:

• The primary is to isolate (physically remove from printed circuit board) the memory chip and acquire data directly.

• The secondary is to utilise (if available) the JTAG test points found within the printed circuit board.

• The third approach is the use of “Unlocking/Reprogramming boxes”.

Regardless of the technique / method(s) applied a binary file is obtained (PM file – permanent memory) which then requires translation to ensure the data recovered is tangible and true. This process not only recovers the viewable logical data but all available stored data inclusive of deleted content. In some cases the protected storage area content is also recoverable but not necessarily readable.

Expandable memory cards are always examined utilising computer forensic tools and techniques of which the process is always one of physical image acquisition.