Case Study $4(30\%)$

You may choose either Mobile device forensic or Memory Forensics scenario for this case study

$$

Mobile Device Forensics $-$ You are a digital forensics analyst tasked with investigating a stolen smartphone. The device was recovered from a suspect, and you need to extract and analyze the digital evidence to potentially identify the rightful owner and any criminal activity.

Task:

Research:

Research common mobile device forensic tools and techniques. Explore the file systems used in Android and iOS devices. Understand the importance of data acquisition and preservation.

Data Acquisition:

Simulate a mobile device seizure scenario. Use a mobile forensic tool $($e$.$g$.,$ Cellebrite, Oxygen Forensic Analyzer$)$ to acquire a complete forensic image of the device.

Data Analysis:

Analyze the acquired image to identify the following:

Device information $($make$,$ model, serial number, IMEI$)$ User information $($name$,$ contacts, call logs$,$ messages$)$ Location data $($GPS coordinates, cell tower information$)$ Browser history and bookmarks Social media activity Downloaded files and applications Deleted data recovery $($if possible$)$

Report Writing:

Write a detailed forensic report summarizing your findings. Include the following:

Case overview Methodology used Key findings and evidence Conclusions and recommendations

Additional Considerations:

Ethical Considerations: Discuss the ethical implications of digital forensics and the importance of privacy and data protection.

Legal Considerations: Explore the legal frameworks governing digital evidence collection and analysis.

Challenges and Limitations: Identify potential challenges and limitations in mobile device forensics, such as encryption, data volatility, and vendor$-$specific obstacles.

Possible Answer $($Example$)$:

Forensic Report

Case Overview: A smartphone was recovered from a suspect in a theft case. The device was analyzed to identify the rightful owner and potential criminal activity.

Methodology:

Device Acquisition: A forensic image of the device was acquired using Cellebrite UFED.

Data Extraction: The image was analyzed using Cellebrite UFED to extract relevant data.

Data Analysis: The extracted data was examined to identify device information, user data, location data, browsing history, social media activity, and deleted data.

Key Findings:

Device Information: The device was an iPhone $13$ Pro Max.

User Information: The primary user was identified as $[$Victim$\text{'}$s Name$].$

Location Data: The device's location history indicated that it was in the vicinity of the theft location at the time of the incident.

Social Media Activity: The device was actively used for social media, particularly $[$Social Media Platform$].$

Deleted Data: Deleted messages and photos were recovered, which may provide additional clues.

Conclusions and Recommendations:

The analysis of the recovered smartphone provides strong evidence linking the suspect to the theft. The device should be returned to the rightful owner. Further investigation may be necessary to determine if any other criminal activity is associated with the device.

Note: This is a simplified example. Real$-$world digital forensic investigations can be more complex and involve a variety of advanced techniques.