How to optimize every step of your mobile forensic investigation

In this post we want to give a brief overview about how a typical mobile forensic investigation process is structured. We will also be focussing each part of the process (seizure, extraction, analysis, and reporting) in sperate and more detailed posts in the coming weeks, describing the process and giving some useful tips and tricks.

Leave us a follow at LinkedIn or continuously check our news page at http://www.t3k-forensics.com/news/ to stay informed about the latest developments.

The field of mobile forensics and smartphones is growing extremely fast, therefore producing a variety of complexities and individual challenges. (We tried to summarize the main challenges in another post, check out: http://www.t3k-forensics.com/allgemein/10-challenges-in-mobile-forensics/ )

Defining a standard model of forensic investigation can be helpful in order to keep track of an investigation. Many law enforcement agencies began modelling standard processes for the investigation of digital evidence. You can find a lot of these models online. But with the constantly increasing number of different models, it is hard to focus on what is really important.

So how do we structure a typical mobile forensic investigation process?

1. Seizure, 2. Extraction, 3.Analysis, 4. Reporting

For us, there are 4 main parts of a forensic investigation: the seizure of the mobile device, the subsequent extraction with a mobile forensic toolkit, followed by the analysis and interpretation of the extracted data, and last but not least, – and often a little bit underestimated – the transformation of the analysed evidence to an easily understandable, well-structured report.

“In my opinion, it is not enough to only extract the data. It is often more important to process the data in a way that the case workers, or other persons concerned, can work with it effectively.”

– Mag. Felix Klier, CEO of T3K-Forensics

It is important to keep in mind that every step of this process model has to be executed carefully, as making mistakes in a single step may compromise your chain of custody or lead to incomplete evidence collection and will therefore increase the risk of the found evidence being rejected in court.

With the following 4 posts about the individual steps of a mobile forensic investigation, T3K-Forensics wants to give mobile forensics examiners a model workflow and some information about possibilities presenting themselves in certain cases.

Follow us on LinkedIn or add our news page http://www.t3k-forensics.com/news/ to your favourites!

T3K-Forensics offers trainings in the field of mobile forensics. Details about the execution of the mentioned steps (seizure, extraction, analysis and reporting) are taught in our L1 – Mobile Phone Extraction & Analysis Training. Check out http://www.t3k-trainings.com/trainings/mobile-phone-extractions-and-analysis-training/ for more information.

Forschungs- und Förderungspartner: