Investigating Mobile Forensics

why mobile forensics?

Digital forensic investigations pertain to all computers and digital devices, which means that wearable technology, laptops, mobile phones and other smart devices must be taken into consideration. Each device has its own importance, but arguably the most important piece of technology today is the mobile device due to consumer popularity. Thus, mobile forensics is especially significant. According to, there are currently 1.8 billion unique mobile device users compared to only 1.7 billion desktop computers in service.

A mobile device most commonly refers to smartphones; however, mobile devices also include GPS systems, tablets, laptop computers, portable media players, and wearable technology such as smartwatches and some digital cameras. A mobile device essentially any portable technology with computing and external communication capabilities.

Mobile forensics is a subsection of digital forensics that focuses specifically on finding data generated by devices such as mobile phones and tablets. Mobile forensics is becoming an important aspect of digital forensics because of the rapidly growing popularity of the technology. According to the Cisco® Global Mobile Data Traffic Forecast, 563 new million mobile devices were created in the year 2015 alone, bringing the global total to 7.9 billion.

With the recent rise of mobile device technology, the ability to access and recover data from mobile devices has become more relevant than ever. This data, commonly referred to as artifacts, is left on a device’s file system when performing actions such as using applications or sending and receiving phone calls, text messages, and emails. These artifacts can be crucial evidence in any legal, civil or corporate case.

what are the methods?

Many manual investigation methods and forensic tools can examine artifacts from mobile devices: popular utilities include Internet Evidence Finder (IEF), Cellebrite, and Android Debug Bridge (ADB). The list continues to grow as new commercial and open-source software is unveiled. All tools have their own strengths and weaknesses – however, the challenge of retrieving mobile device artifacts is still largely a test of an investigator’s individual skills.

As the mobile market continues to grow, so too will the methodology of digital forensics; technology and knowledge are constantly changing and developing. There is a constant battle for digital forensic teams to stay one step ahead of cybercriminals as they escalate the volume and intelligence of their attacks. It is increasingly important for digital forensic experts to stay up to date with modern technology standards and understand how information is stored, both locally on devices and remotely in the cloud.

Mobile forensic investigators are not only concerned with attacks; the devices themselves can pose a threat to analysts. With each new iteration of mobile technology, potential security issues must be addressed. Mobile forensic analysts are constantly researching and understanding how to infiltrate mobile platforms to acquire the data they contain.

Digital forensic investigators are held to a high standard regardless of the level of their current case. It is their job to be able to acquire and extract artifacts in order to analyze the information. Staying up-to-date with the latest technologies, software, and knowledge is important for this ever-growing field. Due to this volatile atmosphere, mobile forensic experts are in increasingly high demand and will only continue to become more sought after as the need for innovation grows.

Article written by LCDI team members Nicholas Micallef, Kayla Williford, and Joseph Cozzi. If you have any more questions or comments, feel free to reach out to us at or through our Facebook and Twitter accounts. 

More Research Projects
The Leahy Center Inventory Project
Social Media Footprint Awareness
My Experience on The VPN Comparison Team