Mobile phone forensics 'hole' reported

Mobile phone forensics 'hole' reported

Summary: Police investigations are being hindered by the use of proprietary mobile phone technologies, say forensics experts

TOPICS: Hardware

Law enforcement is at the mercy of mobile phone manufacturers, according to University of Cambridge researchers.

Unlike PCs, where "deleted" data can still easily be accessed, information wiped from a mobile phone's internal memory can be almost impossible for the police to recover, according to Tyler Moore, a researcher at the University of Cambridge Computer Laboratory. This can hinder police investigations due to a lack of evidence.

"Standard forensics tools don't address the less popular types of phone," warned Moore, speaking at the Workshop on the Economics of Information Security in Cambridge on Monday. "Sixteen percent of phones are not accessible beyond the memory on the SIM card. This is a consequence of using proprietary as opposed to open standards," Moore told ZDNet UK.

When a user tries to delete data on a PC, the information is not actually removed. Instead, the pointers to the data are deleted, but investigators can still recover it. While mobile phone data is typically treated in the same way, the proprietary nature of the mobile phone market means that information is stored and handled in non-standard ways. This makes investigations more expensive and using up valuable resources, according to Moore.

Interface commands of proprietary phone technologies also vary widely, which means it isn't economically viable to make forensics tools for less popular types of phone.

"Developing technologies for extracting proprietary data has a higher fixed cost. Inexpensive data extraction is only possible if common storage formats and procedures are adopted," said Moore.

However, computer security experts did not agree that the police are hindered in their investigations by proprietary phone technologies, since it is also possible to gather evidence about mobile use from the network provider.

"Why bother with examining deleted text messages when you can get data of who is talking to who? With the right warrant, you can also read traffic in real time," said Peter Sommer, who has appeared as an expert forensics witness in several court cases.

"Nearly all crimes also exist in the physical domain — real people with real houses, and real cars [which can be tracked] moving around. Police correlate both real and virtual data in an investigation," Sommer said.

However, Moore argued that most crimes don't occur when a suspect was under surveillance.

"A lot of crimes aren't premeditated," said Moore. "There's a difference between getting a warrant and keeping them under surveillance rather than arresting someone at the scene of a crime when they haven't been under surveillance," Moore said.

Topic: Hardware

Tom Espiner

About Tom Espiner

Tom is a technology reporter for He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


1 comment
Log in or register to join the discussion
  • The only tools I see coming to existence with this "we will not have enough until we have total mind control over everybody" attitude is informational warfare or deliberate misinformation on a mass scale someday. Meaning peer to peer like networks (or botnets) that on purpose place all sorts of randomized incriminating data on zillions of computers, phones, whatever just to make the message clear to decision makers without a clue that Animal Farm and 1980 are supposed to stay entertaining books and not become reality.

    Information control has become a false prophecy just as the false sense of security has dominated the last ten years. Conclusion: hot air sells.