Forensic Challenge
School authorities have filed a case to the police department that a student is missing from last 4 days. Police were able to track some of the information from his mobile network provider like last calls, texts & MMS and from the traffic authorities, they were able to give some pictures that they found . They found his mobile phone in his room. As a forensic investigator how you trace out the missing student. The police want to find weather they can find any information like did he get any influenced by something or did any one targeted the student by kidnapping. As an investigator you have to find out what is the information that we can get from the student mobile phone.
Make: Motorola Model: V3 (g8.5/9/18/19)
S/W Version: 0E:40.7CR
IMEI: 354904001234567
SIM: 89302720123456781234
Phone Number: 897-883-3411
What are the evidences to be collected of the missing student?
As a forensic investigator firstly we have to know the details of the student like height, color and which dress he is wearing during the time of missing as his mobile is found in his room. It is easy to trace by checking the details in his mobile.
Every object belonging to him should be suspected as he is using mobile, if we check the mobile phone some of the information can be found by examining his mobile, it is found that the data in the mobile is erased completely. Such that if erased data is retrieved we can get the information regarding his missing.
How can the data be retrieved from the Mobile phone
First take the pictures of the mobile. Check mobile content page by page checking the contact list. If any suspicious names are found note them down and check the images in the mobile and also make a copy of the data from mobile phone to system through USB cable. So that it will be useful in the investigation .As it is seen that all the texts are deleted we have to retrieve the texts to find out what information is there in the texts.
Investigation
The mobile phone sim card is useful in the investigation. It is useful to extract data, it should be removed from the mobile and attached to the forensic workstation's USB port and copy the data from the sim card to find any data is found and also make a copy of it.
Sim card readers such as USB sim card reader is available for download in the internet by using this software we can restore previously deleted contact list with name and numbers. When a file is deleted, the operating system merely deletes the corresponding pointers in the file table and marks the space occupied by the file as free. The reality is that the file is not deleted and the data it contained still remains on the drive.
Mobile Description
Now that the device in question is known to be the suspect's, gathering key information continues. It only takes a few minutes to note the following: Date/Time device was taken from suspect: May 19st, 2015 at 4pm
Make: Motorola Model: V3 (g8.5/9/18/19)
S/W Version: 0E:40.7CR
IMEI: 354904001234567
SIM: 89302720123456781234
Phone Number: 897-883-3411
Information stored in the following databases that would be useful includes the following:
- Contacts
- SMS (Text messages)
- Calendar
- Phone Call Logs
• Phone Hotlist
• Saved Email Messages
- Browser Bookmarks
- Browser URLs
• Pictures
- Quick Contacts
- Map Locations
• Folders (Email messages are sorted into their respective folder)
• Email Settings
Tools which the investigator can use to retrieve data from the mobile phone is
AcessData FTK imager
AcessData FTK imager is used to retrieve data from the mobile phone when the texts or images are deleted and by using AcessData FTK imager the messages are retrieved. It is found that he texted to his friend.
Logical Analysis
We should take back up of the files for that logical analysis can be used with this it is possible to backup all the present data in the mobile without rooting using android debug bridge.
With the help of the above tools the information is retrieved and found that the information like the student left the school as he got less marks, this information was found in the deleted messages from the mobile phone which are retrieved, in that a message was sent to a friend saying that he is coming to his place .This message is helpful to find out the location of the person to which the text was sent with the help of network service providers and can trace out the missing person.