Data Acquisition from Cell Phone using Logical Approach

Abstract — Cell phone forensics to acquire and analyze data in the cellular phone is nowadays being used in a national investigation organization and a private company. In order to collect cellular phone flash memory data, we have two methods. Firstly, it is a logical method which acquires files and direct ories from the file system of the cell phone flash memory. Secondly, we can get all data from bit-by-bit copy of entire physical memory using a low level access method. In this paper, we describe a forensic tool to acquire cell phone flash memory data using a logical level approach. By our tool, we can get EFS file system and peek memory data with an arbitrary region from Korea CDMA cell phone. Keywords — Forensics, logical method, acquisition, cell phone, flash memory.I. I NTRODUCTION S digital evidence that kept in the various electronic media such as a computer and a mobile device in the digital crime is recently increasing, digital forensic technology to prove the crime is being more and more important. Especially, if the critical evidence is stored in the mobile devices, mobile forensic technology is demanded to find out the evidence without damage of the evidence. Mobile devices include small scale digital devices, embedded system, portable storage devices, and obscure devices. And, as to the small scale digital devices, there are various types of cell phones, USIM, PDA, navigation system, game player, and so on. In this paper, we are focusing in acquiring and analyzing data in the cell phone. User data such as phonebook, call history, SMS, and photo and hardware-related data such as IMSI, MIN, and ESN are mainly stored in the NAND flash memory and the NOR flash memory of the cell phone. In case of Korea, most of