June 22, 2008
June 22, 2008
June 25, 2008
13.1212.1 - 13.1212.11
WinMoFo: The Development of a Forensics Tool for Windows Mobile Devices
The ubiquity of mobile computing devices (e.g. smartphones), our society's ever increasing use of these devices, and the continual appearance of these devices at crimes scenes has created a need for tools to aid in the acquisition of critical, time-sensitive evidence. The term “mobile forensics” is used to describe the acquisition and analysis of data found on mobile computing devices, as well as the data on the SIM/USIM cards and other memory cards they contain. The retrieved data can then be used in the aid of an investigation or in a court of law. Multiple documented procedures are in place and must be adhered to in the forensics acquisition and analysis of mobile phone data. One of the largest issues surrounding mobile phone forensics is the proprietary methods of storage used by each phone manufacturer.
Many different mobile devices are based on the Windows Mobile operating system from Microsoft. In addition to basic voice capabilities, Windows Mobile devices can be used to store contacts, calendar appointments, emails, text messages, and call histories. Additionally, because these devices frequently include a digital camera, they can store digital photos and video files. Currently, there is just one software tool designed to help law enforcement officers with the acquisition of information contained on Windows Mobile devices. However, this tool is part of a larger forensic software package and its price puts it out of the reach of many potential users.
In this paper we first provide an overview of the trials and tribulations associated with mobile forensics. Secondly, we describe our reasoning for developing our proof of concept software tool which can be used to acquire nearly all data from Windows Mobile devices. Data retrieved from the device can be displayed on a connected laptop computer, saved for later analysis, or printed. Third, we list the technologies used for its development. Finally, we conclude with a demonstration of the software and our future plans for its continued development.
The Ubiquity of Mobile Computing Devices
Following in the steps of PDAs, smartphones are becoming personal oracles of information 1, 2. While early generation cellular telephones were used only for voice communications, modern digital mobile phones have quickly become societal necessities for daily existence. Not only do smartphones support voice communications, these devices provide technologies for Short Message Service (SMS) messaging, Multi-Media Messaging Service (MMS) messaging, Instant Messaging (IM), electronic mail, Web browsing, multimedia capturing and playback, electronic document previewing, basic Personal Information Management (PIM) applications (e.g., contacts, calendar, etc.) and financial transactions.
The use of smartphones by consumers continues to grow. Consider these recent data points: For the July to September 2007 quarter, market research group NPD reported US sales of 4.2 million smartphones, a 180% increase over the same quarter last year3.
Lutes, K., & Mislan, R. (2008, June), The Development Of A Forensics Tool For Windows Mobile Devices Paper presented at 2008 Annual Conference & Exposition, Pittsburgh, Pennsylvania. https://peer.asee.org/4221
ASEE holds the copyright on this document. It may be read by the public free of charge. Authors may archive their work on personal websites or in institutional repositories with the following citation: © 2008 American Society for Engineering Education. Other scholars may excerpt or quote from these materials with the same citation. When excerpting or quoting from Conference Proceedings, authors should, in addition to noting the ASEE copyright, list all the original authors and their institutions and name the host city of the conference. - Last updated April 1, 2015