Mobile Forensics, i.e. forensic study of mobile devices, is one of the fields of computer forensics relating to recovery of digital evidence from mobile devices. Mobile forensic tools are now used in the majority of investigations, mainly due to the fact that mobile phones are widely used as key data carriers. It should be emphasized, though, that a forensic study of mobile devices is not limited to mobile phones, but can also relate to any digital device that has both internal memory and communication interface, including tablet computers, GPS devices or PDA devices.
The information which may be recovered through a forensic study of a mobile device depends on the device model, hence its structure and management software. In practice, there are three methods of data extraction: physical acquisition (enabling recovery of deleted data), file system acquisition (enabling partial recovery of deleted data) or logical acquisition (deleted data may not be recovered).
As the mobile device market is much less standardized that of PCs, the type of the acquisition process and the ability to recover deleted data will always depend on the device. For instance, while a complete physical acquisition process may be carried out for iPhone 4, iPhone 4s supports file system acquisition only.
Modern smartphones, commonly used today by the business, can store much more information than their older counterparts. By using appropriate tools one may retrieve not only text or MMS messages, contacts or call lists but also additional information (e.g. e-mails, photos, localization data, application data such as the history of Facebook conversations or the list of Wi-Fi networks used by the device) on the basis of which the hypotheses put forward by forensic experts may be confirmed. What is interesting, the Wi-Fi information may be used to confirm that a user visited certain places making Wi-Fi signal available, such as restaurants, hotels or offices, at certain times.
An analysis of the links between several collected telephones may also be a source of information invaluable for the investigation. For instance, it may serve as the basis for identification of additional people involved in the fraud.
A number of tools which can be used in mobile forensics is available on the market. At present, the leading forensics software developers offer additional packages supporting data acquisition from mobile devices. However, greater effectiveness may be achieved using tools dedicated specifically to mobile forensics.