±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36779
New Yesterday: 2 Visitors: 111

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

old days - forensics of phones

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

johnR
Member
 

old days - forensics of phones

Post Posted: May 31, 09 03:17

Hey guys,

I recently went to an interview and one of the tests was note taking, each of us was given a mobile device and was told to 'conduct an investigation'. We couldn't use software so therefore had to examine it the old way.

I did the following:
1. Wrote down the condition of the phone,
2. Took the battery out and wrote down serial numbers
3. Put the battery back in
4. Turned on the phone

I'm guessing I shouldn't of done step 2 before step 4 been completed? Why - well when I turned the phone back on it had forgotten its date and time. I left these values has default 1997 ... and noted what had happend.

Am I right doing it the way I did? I'd like to know for future tests.  
 
  

kovar
Senior Member
 

Re: old days - forensics of phones

Post Posted: May 31, 09 03:26

Greetings,

This sounds similar to the initial steps I perform when acquiring an image of a computer system.

1) Document the system in words and photographs.
2) Note any external serial numbers.
3) Boot the system into the BIOS to get date, time and configuration information. Document in writing and in photographs.
4) Remove the battery.
5) Pull the hard drive and document it as I did the system.

With a phone, if you "boot into BIOS" you're also connecting to the cell network and thus allowing the phone to change, so you might want to add as step #1 "Isolate the phone from the network."

The people who do this sort of exam every day will have better input than mine.

-David
_________________
CISSP, CCE, EnCE, Licensed Private Investigator (CA) 
 
  

johnR
Member
 

Re: old days - forensics of phones

Post Posted: May 31, 09 03:28

I think it was more of a 'note taking' exercise. No methods were given has to disabling the phone from contacting the cell network. Having asked them about it, I was told in the 'old days' that you would video the 'turning on part of the phone' and that would provide sufficient evidence in court. Nowadays though its completely different. Or so my course has taught me.  
 

Page 1 of 1