Skip to content
Step by Step Internet 🌐 Guides for learning to surf the Net
Apple

Mobile forensics How can analysts access files on your mobile that were deleted?

UPDATED ✅ Do you want to know how analysts access data deleted from a mobile? ⭐ ENTER HERE ⭐ and Learn Everything FROM ZERO!

Read moreHow to turn Outlook notifications on and off on any device? Step by step guide

mobile forensics have become one of the main tools for analysts to be able to access the mobile files that were deleted from said device, this for the purpose of collect legal evidence that they can be valuable to determine the study of a specific case.

In order to carry out these types of studies, it is necessary to have a necessary equipmentnot only to be able To investigate thoroughly but to be able protect the physical integrity of the device to be analyzed. So these procedures They are carried out with devices designed exclusively for the extraction of data from mobile devices.

Read moreHow to use Skype on my SmartTV to make video calls on the big screen? Step by step guide

It should be mentioned that this type of activity is also carried out at any device that has internal memory and communication capabilities. Therefore, taking into account the importance of all this mainly at the judicial level, here we are going to teach you how analysts can access these files that have already been removed from a technology devicefor this, follow in detail everything that we will teach you below.

What is the forensic data of my mobile and what information is found in it?

What is the forensic data of my mobile and what information is found in it?

This type of forensic analysis has become a branch of digital forensics, which is directly related to the recovery of evidence and digital data extracted from a mobile device, tablet or computer, so this analysis type can be done at any Technological device that has a internal memory and have one communication capabilities, including GPS devices and PDAs.

Therefore, it can be said that despite being called mobile forensicsis not only dedicated to study of deleted files on mobile devices, but in all those that allow the communication between two or more people. Thanks to this kind of studies the authorities have been able to discover many important information at the time of carrying out a judicial forensic analysis.

And it is completely proven that smartphones are a very valuable source of information for most investigations, these being one of the most used technological devices in the world. This is how in these types of devices the judges have managed to find a large number of evidence, clues and important traces when analyzing each of the activities stored in them.

In these cases the expert analysts They are responsible for studying each of the necessary details such as when contacts were included, their date of creation, how often they communicated with each other, what were the last numbers you called, email retrieval, text messages, VoIP data, GPS, Internet history, IM conversationsall data identified in a terminal will be fully analyzed.

Can you really get the deleted data from a smartphone?

Can you really get the deleted data from a smartphone?

Although there are many users who still do not know this type of techniques used to collect evidence and forensic information by authorities in many countries, The truth is that being able to carry out this type of analysis is entirely possible thanks to different measures used by expert analysts in these areas.

One way to do this is through Flash memory, this memory also known as removable memory It is currently used by most smart mobile phonesas well as by digital cameras, tablets, among others.

So that you can understand this a little more, here we explain how flash memory works in this type of case:

Flash memory How does it work?

Flash memory is a nand-chip which usually has a low price in the market and it is small in sizeis currently used by a large number of users worldwidewhose function is to help you store data to userswhether they are files, photos, videos, text message, logs, install apps, among others. But what many users do not know is that it is a very useful tool for what it is data recovery.

Because you are storage cards contain very valuable information, the flash data recovery technologies have grown and are becoming more important, although it should be mentioned that the data recovery process on them is quite complicated. Nevertheless, expert forensic analysts They have the necessary tools to carry out this data extraction even though they are already deleted.

These flash data retrieval are also used by many people to achieve extract the information contained in them when they deteriorate, mostly they are usually deteriorate controller. Keep in mind that they are made up of a memory and controllerBeing the controller in charge of reading data from memory with a special order known as DATA Mix.

What type of information can be recovered with data forensics?

What type of information can be recovered with data forensics?

Thanks to all this technique mobile forensics currently possible recover virtually any type of data that has been deleted from mobile devices or any other device that has an internal memory. All this has allowed The authorities can clarify many cases related to some criminal events without culprits.

In accordance with all this, here we show you the different types of information that can be extracted from a technological device through a forensic analysis even though they have already been eliminated:

  • Text messages, IM chat, Telegram, WhatsApp, Skype, Viber, among others.
  • Call histories deleted, incoming, outgoing and losses.
  • gps locations, GEO tagging of imagesPhotos, sent, received
  • Deleted, outgoing, incoming and draft emails.
  • Registration of social networks and applications of the mobileactivity time, logins, frequency of use.
  • Wifi data, SSID, MAC, IP.
  • Internet history, last visited pagesentered keywords, searches, history, cache.
  • Bluetooth, timestamp, paired devices.
  • Deleted media filesphotos videos, audio notes, sent and incoming.

Learn about the methods used by analysts to obtain deleted files from your mobile

Learn about the methods used by analysts to obtain deleted files from your mobile

It should be mentioned that these Scans to get files deleted from your smartphone are performed through different methods used by analysts, so it is very important to be able know what each of them are and thus be able to understand all this much better.

To do this, follow each of the methods that we will explain below:

physical acquisition

This is currently the most widely used method. forensic analystsit must be done very carefully, for this it is necessary create a copy of the originalthis You will avoid risks of damage or loss of evidence.. When making a exact copy of the original allows them to be save each of the potential evidence.

One of the main advantages of physical acquisition is that it allows being able to obtain evidence of all the information that has already been deleted from the mobile. However, it requires a lot of difficulty in its applicationso it is considered the more complex and difficult methodwhich can take a long time to do correctly.

logical acquisition

This method consists mainly of run a copy of the files stored on the device to be analyzed, this is done through the manufacturer’s own instructions, that is, through the mechanisms used for the synchronization of the smartphone with a desktop or laptop computer.

All this allows you to get all the information contained in the terminal operating system. The advantage of logical acquisition is that it is simple apply and quite effective even though it doesn’t allow extract those data that were already deleted.

Acquisition of file systems

You can finally find what it is the acquisition of file systems, it allows analysts to be able to extract all the files that are visible during the file system, just like the above method doesn’t work for those hidden or deleted databut only for everything be visible. But without a doubt this process is very effectivealthough it will also depend a lot on the type of research being conducted.

File system acquisition is the easiest of the three methods to execute.. To be able to execute it, the analysts take advantage of the mechanisms of the operating system to make the respective copies of the files. An example of this would be a forensic analysis to an android smartphonefor this we will use Android Device Bridge (ADB) in order to recover certain information that was previously Was eliminated.

This is because this type of SO like the iOS OS they are part of a structure that uses a SQlite database to store almost all the information in them. This is one of the main reason why the deleted files are not marked but only those that appear as visible in the overwrite. However, all of them will remain temporarily available, so they can be retrievable.

How to know which of the three methods is the most suitable for analyzing a smartphone?

Being able to select one of these methods is not an easy task, and what do we owe this for identify which of them is the most precise in order to discover the information that is being sought. For these cases it is necessary evaluate various aspects that will help the selection of one of them three as it is the level of precision required, the time available to run the analysis, the type of information of interest, what information is at risk of being lost, data deleted, applications deletedamong others.

Therefore, in order to select the most appropriate of them, it will also be important to keep in mind the following guidelines that will help you know what type of decision you should make in these cases:

  • If the device to evaluate if find on.
  • The usb debugging is active.
  • If the terminal is found blockedin the event that it is so and it is not possible unlock no way it is recommended to use the physical acquisition method.
  • In case it is needed authorize the computer for data extraction, then you must put the terminal in airplane mode and use the method of logical acquisition.

In order to carry out this procedure forensic analysis it is very important to be able to tell with various tools and details as they are: The level of difficulty of the procedure, the time and the risk of losing the evidence contained therein.

How can forensic data analysis help solve crimes?

How can forensic data analysis help solve crimes?

forensic analysts They aim to carry out a data collection as part of a investigation of a criminal act or kidnapping in order to help clarify what happened there. These forensic investigations are executed when it is considered that smartphone data is crucial to the casesince there you can find the tests necessary to discover the whole truth.

An example of this was what happened in the year 2014 in Minnesota when two girls were missingthanks to results of the forensic analysis the authorities were able to find the kidnapper. Like this, many other cases have been discovered thanks to all the data collected on the phone of either the aggressor or the victim.

In order to help solve the crimes these analysts they just need to have convincing proof, how can it be a text message, a picture, call log, geolocation, use of applications, among other. Simply with data like these, you can start an exact follow-up against the people involved in the act.

Any type of information obtained in these cases can help the authorities to solve a crimeTaking into account that smartphones store too much information the citizens. When these are done forensic analysis many people close to the victim are questioned and analyzed without being the main suspect, where the phones of said persons are also investigated.

Like victims’ phonesany close friend’s smartphone or even family could help find the whereabouts of the person if they are missing. Therefore, this kind of investigations are crucial for the authorities to find a correct response to any criminal event.

Risks for users Why should you correctly delete your mobile data when selling or disposing of it?

Risks for users Why should you correctly delete your mobile data when selling or disposing of it?

Surely after discovering what it is forensic analysis of smartphones you may be wondering if all your mobile data is at riskespecially at the time of selling them, scrapping it, or even losing it. Keep in mind that when you sell your terminal, a factory reset is usually performed in order to completely eliminate all the data on it.

But as can be seen when performing a mobile forensics No there are guarantees that your data will remain private. And the truth of all this is that there is no way to be able to protect your mobile data completely against a committed and intelligent investigator, since they all have The necessary tools For try revive all data deleted by the user.

However, all is not lost for users in terms of their Data Protectionthat is how Currently and thanks to the constant technological evolution tools can be found today Data Protection that will help you avoid this type of Data extractionthough for this to work against one of forensic analysts you have to be very lucky.

A way to try to keep all this out of danger whatever the situation is keeping all encrypted datafor this you must use secure passwords and above all do absolutely nothing that requires your smartphone to be analyzed by these experts.

According to all this, Are the authorities fully capable of recovering images, text messages, calls and other files deleted from the mobile? The answer to all this is Yes, the only way to power protect your data before this is encrypting thembut none of this can ensure that the data remains private even though it has been deleted.

How they do it and the danger to your privacy by disposing of your phone without properly deleting your data

It should be mentioned that recovering these data and files deleted from a mobile device are not easy to recoversince it is about an extremely complicated process where only one expert analyst can recover them. Some of Forensic analysis programs do not support the YAFFS2 file system.

It is because of that forensic experts On many occasions you can meet programs that are not capable of recovering any type of information from the mobile device. As mentioned earlier in the post, Data recovery is usually done through three methodsthe expert must choose which of them is the most convenient and where it has a smaller margin of error.

Therefore, it can be said that recovering all these erased data is very difficult to achieve at least one does expert person in the area. This does not mean that your private mobile data is not in danger even after have deleted them. But while your smartphone does not fall into the hands of a forensic analystthen hardly these Deleted data and files can be released again,.

Especially if they were encrypted at the time of deletion. The easiest way to keep all your secure mobile data is avoiding that your terminal has to be manipulated by one of these analysts, in case this happen possibly your privacy is at risk since they could know all those that you have wanted hide by deleting such information.

Privacy