Mobile Forensics, Complex Tracking Methods for More Detailed Evidence
Based on data from statista.com, the number of mobile phone users in the world in 2021 will reach 7 billion users and is predicted to increase to 7.26 billion in 2022. With a world population of around 7.7 billion people, it can be assumed that almost every person in the world owns a cell phone.
Data from datareportal.com shows that as of April 2022, internet users accessed via cell phones reached 5.32 billion people. This means that one-third of the world’s population performs digital activities through their mobile phones.
This data implies that almost all human activities today are inseparable from cell phones and the internet. With all their features and conveniences, mobile phones are devices that can facilitate human life through various channels, ranging from communication, entertainment, and business activities, to the role of interconnection with other internet-of-things-based devices.
Because it has become part of a civilization, on the one hand, mobile phones can be considered “witnesses” of almost all activities and interactions of users. Lots of evidence, history, and user behavior are recorded in it.
From computer forensics to mobile forensics
Due to the highly monitored nature of the digital world, specifically in the usage of cell phones, the need for mobile forensics emerges. This method is part of a large framework of digital forensics for which the object of investigation focuses solely on evidence contained in mobile phones.
Digital forensics methods have become an integral part of all criminal investigations. Approximately 85% of digital evidence is used in every criminal investigation.
However, there is a shift in digital forensics, namely from computer/desktop forensics to mobile forensics. A source states that currently, the era of computer-based forensics is over and has been replaced with mobile phones.
The term mobile forensics refers to investigative methods to retrieve, acquire, and prove information from mobile devices used by the perpetrator or object of investigation. The main goal is to provide strong evidence in court.
The complexity of mobile forensics
In general, there is no essential difference between computer forensics and mobile forensics. The difference lies mostly in the methods and objects that are tracked.
The level of difficulty is also different. Mobile technology is now so sophisticated that it is necessary to enhance the knowledge and skills of practicing investigators.
In mobile forensics, investigators also present many variants of mobile phones with different characteristics. It requires the introduction of new Privacy-Enhanced Technology (PET), such as passcodes, biometric access, boot security, and encryption.
Knowledge and cellular upgrades are needed because security systems continue to develop rapidly, even faster than computer systems. For instance, the Secure Enclave technology on iOS or Trust Zone on Android increases the security of mobile systems to prevent hacking.
At the same time, messenger apps such as WhatsApp, Signal, or Telegram are much more concerned with the privacy of customer data. In fact, in the future, multi-level encryption for mobile phone systems will become the main security standard.
This ever-evolving mobile security and privacy system is the main reason for investigators who carry out mobile forensics to develop their capabilities. One of the platforms being used in mobile forensics is the Mobile Device Forensic Tools (MDFT) platform.
However, there are still other challenges that stand in the way, namely with regard to the integrity of the evidence. It is a principle that forensic activities should not alter or taint existing evidence and requires the consent of the owner of the evidence.
The same is true in mobile forensics. This etiquette is difficult to practice when investigating a user’s cell phone, which incidentally is a user’s personal belonging.
There are several methods commonly used in mobile forensics. The first is by taking the phone’s memory chip by unsoldering the PCB. The second is by duplicating existing data. The third is by conducting a jailbreak process on the cell phone.
The three “extraction” methods risk contaminating evidence and violating existing forensic ethics, especially the first method. The third method is the most accommodating. However, evidence of contamination may still occur.
Nevertheless, this challenge comes with a benefit because cell phones provide more detailed and complete evidence regarding the behavior of their users. Accompanied by a strong legal umbrella, digital evidence accessed from mobile phones will be strong evidence in court, maybe even primary evidence.
Combination of legal foundation
As complete and clear as any digital evidence presented at the court table, it is futile if there is no legal basis stating that the evidence is valid and appropriate to be used as evidence in court.
Court authorities can easily deny its validity and end up disregarding the evidence. Therefore, the existence of a legal basis as a combination of digital evidence in court is necessary.
Currently, several countries already have a legal basis that guarantees the validity of digital forensic evidence, including mobile forensics. In the United States, for example, Congress has approved several laws as a legal basis to support the usage of digital evidence in trials.
These laws include the Wiretap Act (18 U.S.C. 2510 et seq.); the Pen Registers and Trap and Trace, Device Statute (18 U.S.C. 3121 et seq.); the Electronic Communications Privacy Act (ECPA) (18 U.S.C. 2701 et seq.); and the Privacy Protection Act (PPA) (42 U.S.C. 2000aa et seq.).
In Indonesia, Law Number 11 of 2008 concerning Electronic Information and Transactions (ITE) provides a legal basis for the legal force of electronic evidence. The law also stipulates the formal and material requirements for electronic evidence so that it can be accepted at trials.
The legal basis is the right combination for mobile forensic-based investigative methods. Considering the need for a thorough, complete, and detailed investigation, access to investigations on personal mobile devices is very necessary.
With more than 20 years of experience, Integrity Asia puts a large portion of digital forensic methods, including mobile forensics, into the grand scheme of comprehensive investigations. Mobile forensics can stand alone as an independent investigation method or as support for other investigative methods.