Cell phones and other handheld devices incorporating cell phone capabilities (e.g., Personal Digital Assistant (PDA) phones) are ubiquitous. Rather than just placing calls, certain phones allow users to perform additional tasks such as SMS (Short Message Service) messaging, Multi-Media Messaging Service (MMS) messaging, IM (Instant Messaging), electronic mail, Web browsing, and basic PIM (Personal Information Management) applications (e.g., phone and date book). PDA phones, often referred to as smart phones, provide users with the combined capabilities of both a cell phone and a PDA. In addition to network services and basic PIM applications, one can manage more extensive appointment and contact information, review electronic documents, give a presentation, and perform other tasks. All but the most basic phones provide individuals with some ability to load additional applications, store and process personal and sensitive information independently of a desktop or notebook computer, and optionally synchronize the results at some later time. As digital technology evolves, the capabilities of these devices continue to improve rapidly. When cell phones or other cellular devices are involved in a crime or other incident, forensic examiners require tools that allow the proper retrieval and speedy examination of information present on the device. This report provides an overview on current tools (that have undergone significant updates or were not examined in NISTIR 7250: Cell Phone Forensic Tools: An Overview and Analysis) designed for acquisition, examination, and reporting of data discovered on cellular handheld devices, and an understanding of their capabilities and limitations.
NIST Interagency/Internal Report (NISTIR) - 7387
cell phones, computer forensics, handheld devices, mobile devices