Forensics Journal - Stevenson University 2010 | Page 10

STEVENSON UNIVERSITY tion, Cellbrite, Susteen, and LogiCube focus their efforts on popular cell phone models to obtain the highest return on their investments. Some tools may be very successful in processing call logs on a particular phone, but not perform as well when recovering text messages. Some tools acquire address books successfully, while others may miss a list of contacts completely. Because of the vast number of cell phones in use, each forensic tool has various degrees of success from cell phone to cell phone. Different operating systems, hardware, and cables are concerns that are addressed by forensic tool developers. As a result, tools have different degrees of success when it comes to processing the different types of data stored on the phones (Jansen and Ayers, 2007). In order to compensate for this disadvantage, examiners need to do three things to increase the likelihood of conducting a successful examination. First, they must seize both phones and peripherals, such as cables, batteries, and memory cards. Second, they must be comfortable using a number of tools to process a device. As noted above, it is not sufficient to use only one tool. Finally, examiners must constantly update their toolkits with new releases provided by the forensic tool developers. evidence on the phone by working through a port on the phone and interacting with the phone’s operating system; thus, modem commands are sent to a cell phone through a USB cable, infrared port, or Bluetooth connection in order to retrieve data (Nelson, B., Phillips, A., Enfinger, F., and Steuart, C., 2008). If the cell phone is not powered “on,” it will not be able to receive the commands to retrieve the data. These requirements for power have considerable implications for processing a cell phone. There are risks associated with examining a phone while it is powered “on.” When a cell phone is seized, the examiner must ensure that the cell phone has sufficient power to be transported to the forensic lab and undergo an examination. This is so because if a cell phone is turned off, data could be lost and security features, such as encryption or a password, might be re-enabled on start-up. A power adapter or battery charg \