Digital forensics is a branch of forensic science, focusing on the recovery and investigation of raw data residing in electronic or digital devices. Mobile forensics is a branch of digital forensics related to the recovery of digital evidence from mobile devices.
Forensically sound is a term used extensively in the digital forensics community to qualify and justify the use of particular forensic technology or methodology. The main principle for a sound forensic examination of digital evidence is that the original evidence must not be modified. This is extremely difficult with mobile devices. Some forensic tools require a communication vector with the mobile device, thus standard write protection will not work during forensic acquisition. Other forensic acquisition methods may involve removing a chip or installing a bootloader on the mobile device prior to extracting data for forensic examination. In cases where the examination or data acquisition is not possible without changing the configuration of the device, the procedure and the changes must be tested, validated, and documented. Following proper methodology and guidelines is crucial in examining mobile devices as it yields the most valuable data. As with any evidence gathering, not following the proper procedure during the examination can result in loss or damage of evidence or render it inadmissible in court.The mobile forensics process is broken into three main categories: seizure, acquisition, and examination/analysis.
Forensic examiners face some challenges while seizing the mobile device as a source of evidence. At the crime scene, if the mobile device is found switched off, the examiner should place the device in a faraday bag to prevent changes should the device automatically power on. Faraday bags are specifically designed to isolate the phone from the network. If the phone is found switched on, switching it off has a lot of concerns attached to it. If the phone is locked by a PIN or password or encrypted, the examiner will be required to bypass the lock or determine the PIN to access the device. Mobile phones are networked devices and can send and receive data through different sources, such as telecommunication systems, Wi-Fi access points, and Bluetooth. So if the phone is in a running state, a criminal can securely erase the data stored on the phone by executing a remote wipe command. When a phone is switched on, it should be placed in a faraday bag. If possible, prior to placing the mobile device in the faraday bag, disconnect it from the network to protect the evidence by enabling the flight mode and disabling all network connections (Wi-Fi, GPS, Hotspots, and so on). This will also preserve the battery, which will drain while in a faraday bag and protect against leaks in the faraday bag. Once the mobile device is seized properly, the examiner may need several forensic tools to acquire and analyze the data stored on the phone.Mobile device forensic acquisition can be performed using multiple methods, which are defined later. Each of these methods affects the amount of analysis required. Should one method fail, another must be attempted. Multiple attempts and tools may be necessary in order to acquire the most data from the mobile device.Mobile phones are dynamic systems that present a lot of challenges to the examiner in extracting and analyzing digital evidence.
The rapid increase in the number of different kinds of mobile phones from different manufacturers makes it difficult to develop a single process or tool to examine all types of devices. Mobile phones are continuously evolving as existing technologies progress and new technologies are introduced. Furthermore, each mobile is designed with a variety of embedded operating systems. Hence, special knowledge and skills are required from forensic experts to acquire and analyze the devices.Learn the techniques and practices for gathering and analyzing evidence used to solve crimes involving computers. While other texts offer more of an overview of the field, this hands-on learning text provides clear instruction on the tools and techniques of the trade, introducing readers to every step of the computer forensics investigation-from lab set-up to testifying in court. It also details step-by-step guidance on how to use current forensics software and provides free demo downloads of popular tools like FTK Imager for use with Case Projects and Hands-On Projects-giving readers the opportunity to put their new skills into action.
Computer Forensics Investigator
Computer forensics investigators, also known as computer forensics specialists, computer forensics examiners, or computer forensics analysts, are charged with uncovering and describing the information contained on, or the state or existence of, a digital artifact. Digital artifacts include computer systems, hard drives, CDs, and other storage devices, as well as electronic documents and files like emails and JPEG images. The fast-growing field of computer forensics includes several branches related to firewalls, networks, databases, and mobile devices. Digital forensics technicians can find work with many types of organizations: government (local, state, and federal), accounting firms, law firms, banks, and software development companies. Essentially, any organization that has a computer system may have a need for a digital forensics specialist. Some digital forensics specialists opt to start their own businesses, giving them an opportunity to work with a variety of clients.
Career Description, Duties, and Common Tasks
Computer forensics investigators provide many services based on gathering digital information, from investigating computer systems and data in order to present information for legal cases to determining how an unauthorized user hacked into a system. A digital forensics examiner does many things in the course of these tasks – protects the computer system, recovers files (including those that were deleted or encrypted), analyzes data found on various disks, and provides reports, feedback, and even testimony, when required. A computer forensics degree can help you develop the skills necessary for a successful career in this field.
Possible Job Titles for This Career
- Computer Forensics Analyst
- Computer Forensics Investigator
- Computer Forensics Specialist
- Computer Forensics Technician
- Digital Forensics Specialist
- Forensic Computer Examiner
A Forensic Computer Analyst earns an average salary of $68,967 per year. A skill in Computer Security is associated with high pay for this job. Experience has a moderate effect on income for this job. Most people with this job move on to other positions after 20 years in this career.