Chapter 3

Triaging Mobile Evidence

Abstract

This chapter briefly covers important aspects of mobile forensics for those investigators who have little to no experience, or have dealt only with computer forensics. It explains both mobile network operators and virtual network operators and how to determine your target number. It also discusses typical evidential areas located within the SIM file system and how to triage both powered “on” and “off” mobile evidence. The chapter concludes with explaining some of the manual tools and utilities that can be used for mobile forensic exams.

Keywords

Cell phone evidence; Faraday; Logical exams; Manual exams; MNO; Mobile data extraction; Mobile extraction steps; MVNO; SIM artifacts

In defining a logical and physical ...

Get Hiding Behind the Keyboard now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Hiding Behind the Keyboard by Brett Shavers, John Bair

Triaging Mobile Evidence

Abstract

Keywords

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly