Authors: Keonwoo Kim, Dowon Hong, Kyoil Chung, Jae-Cheol Ryou

Abstract:

Cell phone forensics to acquire and analyze data in the cellular phone is nowadays being used in a national investigation organization and a private company. In order to collect cellular phone flash memory data, we have two methods. Firstly, it is a logical method which acquires files and directories from the file system of the cell phone flash memory. Secondly, we can get all data from bit-by-bit copy of entire physical memory using a low level access method. In this paper, we describe a forensic tool to acquire cell phone flash memory data using a logical level approach. By our tool, we can get EFS file system and peek memory data with an arbitrary region from Korea CDMA cell phone.

Keywords: Forensics, logical method, acquisition, cell phone, flash memory.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1334023

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 4059

References:

[1] NIST, Cell Phone Forensic Tools: An Overview and Analysis. NISTIR 7250, 2005.
[2] NIST, Guidelines on Cell Phone Forensics. Draft Special Publication 800-101.
[3] http://www.guidancesoftware.com/
[4] Marcel B., Martien de J, Coert K, Ronald van der K and Mark R., Forensic Data Recovery from Flash Memory. Small Scale Digital Device Forensics Journal, Vol. 1, No. 1, June 2007.
[5] M. F. Breeuwsma, Forensic imaging of embedded systems using JTAG (boundary-scan). Digital Investigation, Vol. 3, Ed. 1, March 2006.
[6] Eran G. and Sivan T. Algorithms and data structure for flash memories. ACM Computing ACM Computing Surveys, Vol. 37, No. 2, June 2005, pp. File system copied to PC Memory copied as file 138-163.