The Challenges of IM applications in a Mobile Forensic Investigation

Posted: 12-Aug-2015 08:46:00
Author: Jason Coyne

Mobile_phone_forensicsIn the last 10 years the mobile communications market has changed dramatically. Smartphone and tablet devices have become part of everyday life and it is now easier than ever to browse the web, send emails and use social media from a mobile device.

New applications are developed everyday and have the potential to become popular very quickly. The advent of these new technologies means that criminals have a number of different outlets to commission their crimes. 

This makes it increasingly difficult for those tasked with mobile forensic examinations as evidence can exist across multiple applications and retrieving all this data can be very time consuming. 

The Impact on Mobile Forensic Investigations

Instant messaging applications, such as Skype and Whatsapp enable users to communicate in the same way as standard phone calls and text messages, only over the internet and in real-time. 

Attempting to recover and analyse data contained within thousands of widely-used applications is daunting, not to mention the fact that new ones emerge all the time. If the investigator is not up to speed with the latest apps, it is probable that vital digital evidence might be missed because they simply don’t know where to look.

Another challenge is that all of these apps store their information in different manners and no two apps will have the same database design, rendering knowledge learnt from historical investigations, outdated.

Common mistakes are made by examiners in the determination of date and time stamps of messages which have been sent and received. It is often the case that the date and time stamp is stored in some form of epoch (the number of seconds since a fixed date). The problem arises in determining the correct epoch date 1st January 1904, 1970, 2000 or 2001? Choose the wrong epoch and the date and time stamp data will not be accurate.

It is imperative that those tasked with mobile phone forensic analysis are able to adapt quickly. There are a number of sources of evidence in the digital world that mobile forensic investigators do not want to miss.

