CS709 - MASTER OF SCIENCE (MSC)

CYBERSECURITY AND DIGITAL FORENSICS

ITT808 – MOBILE DEVICE AND

CELLULAR NETWORK FORENSICS

ASSIGNMENT 1

PREPARED FOR: SIR MOHAMAD FIRHAM EFENDY BIN MD. SENAN

PREPARED BY:
MOHD IZWAN BIN IBRAHIM (2022148387)

GROUP: CS7091 (202241)

SUBMISSION DATE: 7 NOVEMBER 2022

Mohd Izwan Bin Ibrahim 2022148387

Table Of Contents

NO DESCRIPTION PAGE
1. Table Of Content 2
2. Question 1 3
3. Question 2 6
4. Question 3 9
5. References 15

ITT808 - Mobile Device And Cellular Network Forensics 2

Mohd Izwan Bin Ibrahim 2022148387

Question 1

What are the challenges for the mobile forensics analysis and how do you relate those
challenges with the new technology being introduced to the market.

Mobile phones come with a wide range of software, new technologies, and operating
systems. In mobile device forensics, analyst have to deal with different hardware and
software standards, which makes it nearly impossible to make a universal standard tool. With
more and more new phone models coming out and new companies entering the market with
their own software, it has become even harder to solve the problem when a mobile device is
involved in a crime. Mobile devices are made to be portable, so they are always connected to
the outside world. In order to keep data from getting messed up, it is crucial to process
evidence well.

Cell phones, for example, can be told from far away to delete all of their data. Investigators
of mobile devices could lose everything if the phone is connected to wireless signals. Because
it is hard to keep up with the constant stream of new phones and the technology that comes
with them, there is no one-size-fits-all strategy for getting mobile phone data. The fact that
information can be accessed, saved, and synced across multiple devices is one of the most
critical forensic challenges of the mobile platform. Since the data is constantly changing and
can be easily changed or taken from a distance, keeping it safe takes longer. Some of the
challenges are:

Hardware Disparities: There are a lot of different cell phone models on the market from many
companies. Depending on the phone's size, hardware, features, and operating system,
forensic investigators may have to look at various mobile phones. Also, new models often
come out because the product development cycle is short. As the mobile environment grows,
investigators must be able to adapt to new challenges and stay up to date on mobile device
forensic techniques. Take the example of the iPhone, which comes out with a new model
every year.

ITT808 - Mobile Device And Cellular Network Forensics 3

Mohd Izwan Bin Ibrahim 2022148387

Different Network Services: Identifying the phone is the first step in any mobile phone
investigation. Even the best forensic experts cannot tell who is the telco that provides the
services of a phone just by looking at it. This is because there are a lot of different network
providers. Many carrier names could be used for a subset of features from the same hardware
vendor.

Security for Mobile Platforms: Modern mobile platforms have security systems to protect
user data and privacy. These things get in the way of collecting and analysing forensic
evidence. Modern mobile devices, for example, have built-in encryption methods, from the
hardware to the software. The forensics analyst may have to break through different
encryption methods for the examiner to get the data from the devices.

Limited Resources: Forensic experts will need more resources as the number of mobile
devices overgrows. Forensic acquisition equipment, like power cords, chargers, and adapters
for different cell phones, must be kept on hand to get these devices. Let us take a look at
iPhone models that come out each year; over the last fifteen years, Apple has created four
charging cables to charge up their 38 different models.

Power and Connectors: Investigators also have to worry about making sure the phone stays
charged. A phone's battery will eventually die if left unplugged for a long time. Many cell
phones store data on RAM discs, which means that if the power goes out, the data and, by
extension, crucial evidence could be lost. Because of this, it is best to keep a phone charged.
Unfortunately, there needs to be a standard for how much power a cell phone needs.

Data Formats: Like the other parts of a modern cell phone, most information an investigator
wants to find has a different format or place. There are many places where data files can be
kept. Some SIM cards can store information in the phone's memory. RAM can be either
volatile (needs an electrical charge to keep information) or non-volatile (does not require an
electrical charge to maintain information) and in hardware for cell phones (retains
information without an electrical charge). All these types of memory may hold vital
information that investigators and people who make forensic software need to know about.

ITT808 - Mobile Device And Cellular Network Forensics 4

Mohd Izwan Bin Ibrahim 2022148387

Updating Software on a Mobile Device: It is possible to move program data, rename files,
and change both the device's operating system and the manufacturer's operating system. In
this case, the suspect's skills and experience should be considered.

Maintaining Information: During a smartphone investigation, stopping the device from

getting more data or voice calls is crucial. SMS messages are kept in a "First In, First Out"
order, meaning new messages may overwrite older ones. Incoming calls can also delete all
call history logs, and if a device is not protected from incoming calls, all of its data can be
deleted remotely. Because of this, when these phones are first bought, they will need to be
kept in a wireless storage container. There are many ways to do this, and each has a different
success level. Some tools used to protect wireless devices from radio waves are three layers
of regular aluminium foil, a nickel, silver, and copper tri-weave mesh shield, and an anodized
aluminium shielded enclosure.

ITT808 - Mobile Device And Cellular Network Forensics 5

Mohd Izwan Bin Ibrahim 2022148387

Question 2

As a digital forensics analyst, what is the mindset and preparation needed in order to
conduct digital forensics analysis.

Digital forensics is a branch of forensic science that is becoming increasingly popular because
it offers many lucrative opportunities for career advancement in many different fields. Digital
forensics is a field of study that helps find hackers, get back data stolen, find out why
something happened, and provide digital evidence. Here are the ways of thinking and things
that need to accomplish to do digital forensics analysis.

Self-Motivation/Desire to Learn: Computer forensics is not a typical 9-to-5 job. Digital

forensics analyst need to learn so much that they do not have enough time to do it during
normal working hours. An excellent forensic investigator will have to spend time researching
to keep up with changes in technology and methods.

Investigator’s Mindset: One of the hardest things for digital forensics analyst is how to have
the investigator’s mindset. An digital forensics analyst must be someone who does not mind
asking questions and is determined to find answers. They would never know where an
investigation will lead when the time they start it. The investigator must be able to work both
alone and with a group. The person doing the investigation has to decide what information is
important, what questions to ask, and when to stop.

Communication Skills: Good communication skills are critical and should be taken seriously.
The digital forensics analyst needs to be able to take evidence that could be hard to
understand and present it in a way that non-technical people can understand. Good reporting
skills are vital. A big part of a forensic investigator's job is to testify in court as an expert
witness. So, the investigator needs to be well-prepared and able to give clear, concise answers
to questions even when stressed.

Analytical Talents: A profession in digital forensics requires highly developed analytical

abilities for analysing evidence, recognizing cybercrime patterns and cyberattacks, and

ITT808 - Mobile Device And Cellular Network Forensics 6

Mohd Izwan Bin Ibrahim 2022148387

interpreting cyber data to solve the case. One needs to think analytically and quickly combine
this with keen observational skills to organize, uncover, and examine digital data. Such
analytical prowess is often acquired and evaluated at the highest echelons of the military and
the cyber intelligence community.

Technical Skills: Digital forensics is a technical field, so the digital forensics analyst should
have a solid technical background. An investigator should have a broad range of general
technical skills. An ideal investigator will also have additional skills in a specialized area. For
example, digital forensics analyst may be interested in the forensic examination of Apple or
Microsoft devices, network forensics or malware analysis. The technical skills that a digital
forensic investigator should learn are as follows:

(a) Digital comprehension

A digital forensics analyst versatility in working with different types of digital hardware is an
essential skill for any cyber-forensics practitioner. Cybercrime investigations may necessitate
interacting with various endpoints, including mobile phones, printers, Internet of Things
devices, USB drives, external hard drives, iPads, notepads, digital cameras, and projectors.
Therefore, familiarity with digital gadgets and endpoint equipment is necessary for gaining
entry on their terms.

(b) Networking
As a forensic investigator, computer networking, LAN, and server knowledge are critical. As
an investigator, networking concepts and connectivity knowledge should be of concern as the
investigation will not be limited to the individual system. Every system connected to the LAN
has to be examined. Hence, digital forensics analyst should be competent to access the server
and the entire LAN with less dependence on IT professionals. Cloud computing and databases
are other recent areas that a forensic investigator should explore.

(c) Operating system knowledge

When digital forensics analyst are investigating cybercrime, they cannot escape from the
operating system of the computer on investigation. Windows, Linux, and Unix are a few
operating systems that they should be comfortable working on. Most of the servers or

ITT808 - Mobile Device And Cellular Network Forensics 7

Mohd Izwan Bin Ibrahim 2022148387

databases are based on Linux operating system, and as a forensic investigator, they should
know how to access them. Being a forensic investigator, they may also have to conduct
investigation on smartphones and other endpoint devices. Android and Windows are the
common operating systems in smartphones, whereas other endpoint devices may work on
different OS, which investigator should be able to work upon.

Comprehension of Cybersecurity – Digital forensics is all about cybercrime. In order to solve

any case, forensic analyst will need to have a better knowledge of the latest breaches, threats,
and vulnerabilities. When training to become a digital forensics investigator, they must
ensure that it has strong in-depth components of cybersecurity or information security.
Without learning cybersecurity concepts, it is impossible to guard systems and investigate the
crime at hand.

Knowledge of Law and Investigation – Digital forensics analyst deals with cybercrimes and
the knowledge of criminal law and investigation will be an added advantage. The job role
doesn’t demand a law qualification, but the procedure of crime investigations can be gained
through other channels such as online reading and group discussions. A good understanding
of white-collar crime, criminal law, and investigation will be an added advantage.

Willingness to Learn – Cybersecurity is constantly evolving and so is digital forensics. Anyone

taking up this profession should constantly upgrade to the latest trends and technologies to
assure a better job prospect. Continuous learning and self-education, both on and off the
clock, are essential traits of the digital forensic industry.

ITT808 - Mobile Device And Cellular Network Forensics 8

Mohd Izwan Bin Ibrahim 2022148387

Question 3

Briefly explain on how to do a backup from iOS devices (iPhone/iPad)

Different platforms have different methods for backing up an iPhone. iOS device backup can
be in iTunes or iCloud for Windows users (and previous macOS versions). To access the Finder
on macOS Catalina and later, the user must first install the application. Using iCloud, users
can avoid using their PCs at all costs to back up their mobile devices. Backups of specific
iPhone data, such as contacts, calendar events, and images, are available to subscribers of
the Google One (Opens in a new window) cloud storage service. Follow these guidelines back
up to iCloud and other platforms to restore the data to your computer.

How to back up your iPhone or iPad with iCloud

If you back up your iPhone or iPad, you'll have a copy of your information to use in case your
device is ever replaced, lost or damaged.
1. Connect your device to a Wi-Fi network.
2. Go to Settings > [your name], and tap iCloud.

ITT808 - Mobile Device And Cellular Network Forensics 9

Mohd Izwan Bin Ibrahim 2022148387

3. Tap iCloud Backup.

4. Tap Back Up Now. Stay connected to your Wi-Fi network until the process has finished.
Under Back Up Now, you'll see the date and time of your last backup. If you receive an
alert that states you don't have enough iCloud storage space to complete the backup,
follow the onscreen steps to upgrade your iCloud storage.

Back up automatically with iCloud Backup

1. Make sure iCloud Backup is turned on in Settings > [your name] > iCloud > iCloud Backup.
2. Connect your device to a power source.
3. Connect your device to a Wi-Fi network.
4. Make sure your device's screen is locked.
5. If you receive an alert that states you don't have enough iCloud storage space to complete
the backup, follow the onscreen steps to buy more storage.

Back up with the Finder

1. On a Mac with macOS Catalina or later, open a Finder window.
2. Connect your device to your computer with a USB cable.

ITT808 - Mobile Device And Cellular Network Forensics 10

Mohd Izwan Bin Ibrahim 2022148387

3. If asked for your device passcode or to Trust This Computer, follow the onscreen steps.
Get help if you forgot your passcode.
4. Select your device on your computer. Find out what to do if your device doesn’t appear on
your computer.
5. If you want to save Health and Activity data from your device or Apple Watch, you need to
encrypt your backup. Select the “Encrypt local backup” checkbox and create a memorable
password.
***Save your password somewhere safe, because there’s no way to recover your backups
without this password.

ITT808 - Mobile Device And Cellular Network Forensics 11

Mohd Izwan Bin Ibrahim 2022148387

6. Click Back Up Now.

7. When the process ends, you can see if the backup finished successfully. You’ll see the date
and time of your last backup.

Back up with iTunes

1. On a Mac with macOS Mojave or earlier, open iTunes.
2. Connect your device to your computer with a USB cable.
3. If asked for your device passcode or to Trust This Computer, follow the onscreen steps.
Get help if you forgot your passcode.
4. Select your device on your computer. Find out what to do if your device doesn’t appear on
your computer.
5. If you want to save Health and Activity data from your device or Apple Watch, you need to
encrypt your backup. Select the “Encrypt [device] backup” checkbox and create a
memorable password.
***Save your password somewhere safe, because there’s no way to recover your backups
without this password.

ITT808 - Mobile Device And Cellular Network Forensics 12

Mohd Izwan Bin Ibrahim 2022148387

6. Click Back Up Now.

7. When the process ends, you can see if the backup finished successfully. You’ll see the date
and time of your last backup.

How to back up your iPhone, iPad or iPod touch with iTunes on your PC
If you back up your iPhone, iPad or iPod touch, you’ll have a copy of your information to use
in case your device is ever replaced, lost or damaged.
1. On your Windows PC, open iTunes. If you don't have it on your PC, download iTunes.
2. Connect your device to your computer with a USB cable.
3. If asked for your device passcode or to Trust This Computer, follow the onscreen steps.
Get help if you forgot your passcode.
4. Select your device in iTunes. Find out what to do if your device doesn’t appear on your
computer.

5. Click Summary.
6. If you want to save Health and Activity data from your device or Apple Watch, you need to
encrypt your backup. Select the “Encrypt local backup” checkbox and create a memorable
password.
***Write down your password and store it somewhere safe, because there’s no way to
recover your iTunes backups without this password.

ITT808 - Mobile Device And Cellular Network Forensics 13

Mohd Izwan Bin Ibrahim 2022148387

7. Click Back Up Now.

8. When the process ends, you can see if the backup finished successfully. You’ll see the date
and time of your last backup.

ITT808 - Mobile Device And Cellular Network Forensics 14

Mohd Izwan Bin Ibrahim 2022148387

References

Mislan, R. (2021, October 5). Challenges in Mobile Phone Forensics.

https://www.academia.edu/55771052/Challenges_in_Mobile_Phone_Forensics

Sharma, B. K., Yadav, V., Purba, M. K., Sharma, Y., Kumar, V., Ishant, & Mehta, P. (2021).

Challenges, Tools, and Future of Mobile Phone Forensics. Journal of Positive School

Psychology, 6(4), 4463–4474.

https://www.researchgate.net/publication/360355132_Challenges_Tools_and_Futu

re_of_Mobile_Phone_Forensics

Forensic computer analyst job profile | Prospects.ac.uk. (n.d.). Prospects. Retrieved

November 4, 2022, from https://www.prospects.ac.uk/job-profiles/forensic-

computer-analyst

N. B. (2020, May 29). 6 SKILLS REQUIRED FOR A CAREER IN DIGITAL FORENSICS.

https://www.linkedin.com/pulse/6-skills-required-career-digital-forensics-nikhil-

bhujbal/?trk=public_profile_article_view

Apple. (2021, July 7). How to back up your iPhone, iPad, and iPod touch. Apple Support.

https://support.apple.com/en-my/HT203977

ITT808 - Mobile Device And Cellular Network Forensics 15