OverviewCarrying out digital forensics is critical in acquiring evidence in a case where digital devices such as a computers or mobile phones are found involved in the case. The target of a digital forensics is to derive useful data that may be useful in developing the evidence for the case. Different digital devices call for different techniques of evidence extraction. In this case, a cell phone and a personal digital assistant (PDA). The forensic analysis of these two devices has some similarities as well as differences.
Digital evidence acquisition
Evidence acquisition techniques are largely similar for both the PDAs and cell phones. The data acquisition process involves the use of software and hardware tools. The common tools used for PDA evidence acquisition include Palm DD, Pose, PDA seizure, and Encase (Farjamfar, Abdullah, Mahmod, & Udzir, 2014). Some of these tools such as Encase are also used for cellphone forensics. Sleuth Kit (TSK) is a collection of tools that are commonly used for cellphone evidence acquisition during forensic analysis. Joint Test Action Group (JTAG) is a universal tool that can be used for both PDA and cellphone forensics.
There are five main techniques used for evidence acquisition from PDAs and cellphones during forensic analysis. These techniques are manual acquisition, logical acquisition, file system acquisition, physical acquisition, and brute force acquisition (Farjamfar, Abdullah, Mahmod, & Udzir, 2014). The different techniques are applied in different scenarios depending in the complexity of data being derived or type of device being examined.
Similarities and differences between PDA and cell phone analysis
PDA and cellphone analysis have similarities and differences in terms of the tools used to derive the data. Both are digital devices where both software and hardware tools are used to ‘mine’ data.
There are numerous sources of evidence in a PDA and cellphone. These areas are classified into three main categories which are internal memory, external memory, and service provider logs. The internal memory stores critical data of the operating systems of these digital devices. NAND and NOR memory types are used in the fabrication of the internal memory of the PDA and cellphone internal memory. External memory devices which are investigated for cellphones include SIM cards and SD cards. For the case of PDAs, the external memory devices include MMC cards, CompactFlash (CF), and Springboard. The external memory is often used to store multimedia data such as images and videos which are key evidences in forensic analysis. Service provider logs are very key components that are analyzed in cellphones. The service provider logs include calls, SMS messages, and internet service. The PDAs also depend on service providers for internet connectivity. Internet browsing history is normally studied to establish evidence (Rajendran & Gopalan, 2016).
Several evidences can be retrieved from PDAs and cellphones. Call logs and messages (SMS) are normally the primary evidences retrieved from mobile phones. Multimedia data such as images and videos are also key evidences derived from PDAs and cellphones. The other evidences include fingerprints or blood samples derived on the surface of these devices. These two are non-digital evidences but are also very important.
Laws and regulations that govern data acquisition
The law protects the privacy of some data during forensic analysis of cellphones and PDAs. The law treats all personal information contained in cellphones and PDAs as private data. Such data can only be accessed through a court warrant. There are numerous laws which protect the privacy of personal data contained in the digital devices. These laws include the Federal Trade Commission Act (FTC Act), Electronic Communications Privacy Act, and the Computer Fraud and Abuse Act.
These laws often make it difficult to collect evidence effectively. A forensics officer is restricted by these laws on which data her/she can access. In some cases, the victims use the courts to restrict access to information, an aspect that really slows down the investigations.
- Farjamfar, A., Abdullah, M. T., Mahmod, R., & Udzir, N. I. (2014). A review on mobile device’s digital forensic process models. Res. J. Appl. Sci. Eng. Technol, 8, 358-366.
- Rajendran, S., & Gopalan, N. P. (2016). Mobile Forensic Investigation (MFI) life cycle process for digital data discovery (DDD). In Proceedings of the International Conference on Soft Computing Systems (pp. 393-403). New York: Springer.