Computer Forensics vs. Phone Forensics
What is Computer Forensics?
Computer forensics is a branch of digital forensic science pertaining to evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a sound manner with the aim of identifying, preserving, recovering, analyzing, and presenting facts and opinions about the digital information.
Since the early 1980's, computers have been used for criminal and civil investigations including fraud, cyberstalking, child pornography, murder, and rape. Computer forensic has its own guidelines and practices designed to create a legal audit trail. Many high-profile cases have led to computer forensics being widely accepted as reliable within U.S. and European court systems.
Forensic techniques and expert knowledge are used to explain the current state of digital artifacts such as computer operating systems, storage mediums, or electronic files. The scope of forensic analysis can vary from simple information retrieval to reconstructing a series of events. The more domain knowledge of the examiner, the more flexibility revolves around the forensic methodology which can be described more as a discipline of art rather than science at times. This being said, law enforcement forensics are usually rather rigid and lack the flexibility unlike the civilian examiners.
What is Phone Forensics?
Mobile device forensics is the recovery of digital evidence or data from a mobile device under forensically sound conditions. The phrase mobile device usually refers to mobile phones but can also relate to any digital device with internal memory and communication ability, including Personal Digital Assistants (PDAs), GPS devices, and tablet computers.
Since the consumer market for smartphones exploded in the early 2000's, smartphones have become ingrained as part of our daily lives, enabling and sometimes recording our every move. As a result, the need for the technical forensics evidence has dramatically increased as well. Unlike computer forensics with a limited number of operating systems (OS), such as Windows, Mac OS, and Linux; mobile forensics' OS are frequently changed significantly and require vigilance to stay up to date. Furthermore, mobile devices are designed to roam and are constantly communicating with the outside world/cell towers. As a result, proper evidence handling is extremely important to prevent the contamination of data. Forensic examiners must ensure that the phone is isolated to the extent possible to avoid the possibility of a phone being wiped remotely or data being changed by applications running in the background. The information obtained from a smart phone is often used by investigative agencies and law enforcement to create a timeline of a subject's locations and actions.