NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage

mobile forensics

Forensic Tools

Forensic examination of mobile devices, such as Personal Digital Assistants (PDAs) and cell phones, is a growing subject area in computer forensics. Consequently, mobile device forensic tools are a relatively recent development and in the early stages of maturity. When mobile devices are involved in a crime or other incident, forensic specialists require tools that allow the proper retrieval and speedy examination of information present on the device. A number of existing commercial off-the-shelf (COTS) and open-source products provide forensics specialists with such capabilities.

In order to assess the capabilities of assorted forensic tools, generic scenarios can be devised to mirror situations that often arise during a forensic examination of a mobile device and associated media. The scenarios serve as a baseline for determining a tool's capability to acquire and examine various types of known data, allowing a broad and probing perspective on the state of the art of present-day forensic tools to be made.

Forensic Guidelines

Forensic examiners, law enforcement, and incident response teams rely heavily on proper procedures and techniques, as well as appropriate tools, to preserve and process digital evidence. Guidance in the area of mobile forensics is generally lacking. Procedures and techniques developed from a classical computer forensics cannot be used directly, because they do not account for the differing characteristics of mobile devices. Guidelines on mobile device forensics are needed to inform readers of the various technologies involved and the potential ways to approach theses device from a forensically sound perspective. The objective is twofold: to help organizations evolve appropriate policies and procedures for dealing with mobile devices, and to prepare forensic specialists to deal with new situations when they are encountered.