Mobile Phone Forensics
Recently our labs received a smashed mobile phone, it was an iPhone, the client required a digital forensic report to backup their case in a commercial matter.
The iPhone was completely smashed and had suffered from liquid damage, consequently the device was completely dead and not functional, our first step was to photograph the phone in its current condition, next the engineer stripped the phone down to clean & repair the phone temporally to allow forensic equipment to connect to the device & capture the phone contents in a forensically sound manner.
APCO rules state that the process must be carried out by qualified staff, who adhere to certain standards to allow the preservation & subsequent presentation of sound data, this process must contain a working and evidence copy of data & must be repeatable by the other party, the data must also contain an MD5 digest & utilize write blocking.
If this procedure is not followed correctly then it is possible that any evidence you gather will be in admissible or struck out in court, so it is vital that you consider your steps wisely and what course of action you may or may not undertake as to possible legal or court routes.
A full report is then generated, typically in pdf format, this report will show all comms from the phone such as SMS, email, & Skype communications, further it should show all current and deleted data, and very importantly the date, for proof of location of a phone during certain time periods or messages, a cell site analysis is also generated, although not absolutely a pin point geographical position can be determined it can show zone data, which may be of use in certain cases.