Data Acquisition from Cell Phone using Logical Approach
Cell phone forensics to acquire and analyze data in the
cellular phone is nowadays being used in a national investigation
organization and a private company. In order to collect cellular phone
flash memory data, we have two methods. Firstly, it is a logical
method which acquires files and directories from the file system of the
cell phone flash memory. Secondly, we can get all data from bit-by-bit
copy of entire physical memory using a low level access method. In
this paper, we describe a forensic tool to acquire cell phone flash
memory data using a logical level approach. By our tool, we can get
EFS file system and peek memory data with an arbitrary region from
Korea CDMA cell phone.
[1] NIST, Cell Phone Forensic Tools: An Overview and Analysis. NISTIR
7250, 2005.
[2] NIST, Guidelines on Cell Phone Forensics. Draft Special Publication
800-101.
[3] http://www.guidancesoftware.com/
[4] Marcel B., Martien de J, Coert K, Ronald van der K and Mark R., Forensic
Data Recovery from Flash Memory. Small Scale Digital Device Forensics
Journal, Vol. 1, No. 1, June 2007.
[5] M. F. Breeuwsma, Forensic imaging of embedded systems using JTAG
(boundary-scan). Digital Investigation, Vol. 3, Ed. 1, March 2006.
[6] Eran G. and Sivan T. Algorithms and data structure for flash memories.
ACM Computing ACM Computing Surveys, Vol. 37, No. 2, June 2005,
pp. File system copied to PC Memory copied as file 138-163.
[1] NIST, Cell Phone Forensic Tools: An Overview and Analysis. NISTIR
7250, 2005.
[2] NIST, Guidelines on Cell Phone Forensics. Draft Special Publication
800-101.
[3] http://www.guidancesoftware.com/
[4] Marcel B., Martien de J, Coert K, Ronald van der K and Mark R., Forensic
Data Recovery from Flash Memory. Small Scale Digital Device Forensics
Journal, Vol. 1, No. 1, June 2007.
[5] M. F. Breeuwsma, Forensic imaging of embedded systems using JTAG
(boundary-scan). Digital Investigation, Vol. 3, Ed. 1, March 2006.
[6] Eran G. and Sivan T. Algorithms and data structure for flash memories.
ACM Computing ACM Computing Surveys, Vol. 37, No. 2, June 2005,
pp. File system copied to PC Memory copied as file 138-163.
@article{"International Journal of Electrical, Electronic and Communication Sciences:56642", author = "Keonwoo Kim and Dowon Hong and Kyoil Chung and Jae-Cheol Ryou", title = "Data Acquisition from Cell Phone using Logical Approach", abstract = "Cell phone forensics to acquire and analyze data in the
cellular phone is nowadays being used in a national investigation
organization and a private company. In order to collect cellular phone
flash memory data, we have two methods. Firstly, it is a logical
method which acquires files and directories from the file system of the
cell phone flash memory. Secondly, we can get all data from bit-by-bit
copy of entire physical memory using a low level access method. In
this paper, we describe a forensic tool to acquire cell phone flash
memory data using a logical level approach. By our tool, we can get
EFS file system and peek memory data with an arbitrary region from
Korea CDMA cell phone.", keywords = "Forensics, logical method, acquisition, cell phone,flash memory.", volume = "1", number = "8", pages = "1129-4", }