Forensics Journal - Stevenson University 2015 | Page 7

FORENSICS JOURNAL

capture and analyze the contents of RAM in a running computer to
gather running processes, passwords, and other volatile data, network
traffic captured by firewalls, routers, and intrusion detection systems,
mobile phones, and system backups. Provided the procedure to
capture and analyze this data is appropriately documented and meets
certain industry standards, these techniques are forensically sound.
WHAT IS THE DISTINCTION BETWEEN A
“SMART” PHONE AND A “DUMB” PHONE?
“Smart phone” is the term used for mobile phones which can do more
than just make phone calls and send text messages. They have more
memory, better screens, more robust processors, have the ability to
surf the web, download/run apps, and establish VPN connections.
They function like computers, which can make phone calls. Android
and Apple phones fall into this class.
Dumb phones can perform only basic functions, such as making calls
and sending text messages. A few of them have some built-in apps
such as alarm clocks and calculators. These phones are smaller, have
low-end processors, typically cannot surf the Internet, and do not
allow the user to download/run third-party apps. Example: the cheap
$10 phone you can buy at the grocery store.
The terms “smart phone” and “feature phone” are real terms and are
actually used in the industry. However, the industry has moved away
from using the term “dumb” phone and went to “feature” phone.
WILL HAVING A PASSWORD ON MY MOBILE PHONE
PROTECT IT FROM HAVING THE DATA ACCESSED?
Many people use passwords to lock the keyboard and screen on
dumb phones. Dumb phones allow a user to lock their phones
to avoid the so-called “butt dialing” or to prevent a stranger from
picking up the phone and scrolling through it. The passcode typically
does not lock the data port on the phone. Therefore, in many, but not
all situations, a mobile device forensic tool can be used to conduct
an acquisition of the locked phone, which will recover the user data
from the phone. On smart phones, the password may or may not
protect the phone and its data from being accessed. Popular mobile
device forensic tools have been configured to access many, but not
all locked phones. It will vary on a case-by-case basis. Locked iPhones
(4S and newer) and BlackBerries typically enable encryption to
prevent unauthorized access to the phone. For Android phones,
“USB debugging” should be disabled, when it is not in use to
ensure data is not accessed through the micro-USB port.

5