I came across an article titled “An analysis of digital forensic examinations: Mobile devices versus hard disk drives utilising ACPO & NIST guidelines” that is quite interesting. The authors [1] had written informative argument on both, mobile devices and hard disk drive analysis perspectives with regard to ACPO & NIST guidelines.
I agree that mobile devices are more challenging than hard disk drives. Why? Because hard disk drives technology is more mature if compared to the latter. Above all, the system configurations of mobile devices are different from one to another. It is customized, proprietary and…etc…etc…etc.
Well, the straight forward approach is to reverse engineering and the innovation part will be when you develop a tool based on the “manual experience” (techniques) when you conduct analysis on these products.
One good book I would like to promote is iPhone Forensics Analysis by Sean Morrissey and Andrew Hoog (I’m not their agent…not getting any commission here). But, these guys are great if you want to succeed in mobile devices forensics.
So, what do you need to do…experiment…experiment…and experiment, coding…coding…and coding.
Guidelines alone are not enough!
[1] P.Owen and P.Thomas. “An analysis of digital forensic examinations: Mobile devices versus hard disk drives utilising ACPO & NIST guidelines”. The Journal of Digital Investigation, vol. 8, pp.135-140, 2011.
