Overview of methods for obtaining data used in mobile forensics

Data mining techniques in mobile forensics are key to investigations because mobile devices contain vast amounts of personal information such as messages, calls, geolocation, and app data. The main data mining techniques in mobile forensics include the following:

1. Logical extraction

This is the most common method where data is copied from the device through standard operating system interfaces such as USB. This method allows access to files, call logs, contacts, messages and many other data that is available to the user of the device.
Pros:
Simple and fast.
Does not compromise data integrity.
Does not require special tools or in-depth knowledge.
Minuses:
Cannot retrieve deleted data or information hidden at the system level.
Cannot retrieve deleted messages or files.

2. Physical extraction

This method involves completely copying the entire contents of the device memory, including hidden or deleted data. It allows you to retrieve data even if it has been deleted by the user.
Pros:
Complete memory extraction, including deleted data.
Ability to recover corrupted or hidden files.
Minuses:
Requires special tools and skills.
May have difficulty with new devices and encryption.
May compromise device integrity if not properly prepared.

3. chip-off (Chip-off)

This method involves physically removing the memory chip from the device for further analysis. The process involves soldering and extracting data directly from the device's microchip.
Pros:
Access to data even if the device is damaged.
Allows data extraction from encrypted devices if the keys are stored on the microchip.
Minuses:
Very complex and expensive process.
Requires highly skilled technicians and equipment.
Can damage the device or chip if handled incorrectly.

4. Memory Dump (JTAG)

This method involves obtaining data through the device's debug ports (JTAG). Through these ports, technicians can access the memory and copy its contents.
Pros:
Works with damaged devices.
Does not require chip removal.
Minuses:
Requires specialized equipment and skills.
Not supported by all devices.

5. Retrieving data from the cloud

Many mobile devices synchronize data with cloud storage such as Google Drive or iCloud. This method is to access this data using the user's credentials or with a court order.
Pros:
Access to many types of data such as photos, messages, app backups.
Ability to retrieve data even from lost or damaged devices.
Minuses:
Requires access to credentials or official permissions.
Not all data can be saved in the cloud.

6. File system and application analysis

This method involves examining the device's file system as well as the data stored by applications. Specialists can extract data from individual applications such as messengers, social media, etc.
Pros:
Allows retrieval of data that is not visible on the surface.
Deleted files and messages can be recovered.
Minuses:
Not all apps store data locally on the device.
Apps may use encryption to protect data.

7. Extraction via exploits

Some techniques involve exploiting vulnerabilities in mobile operating systems to gain access to the device and extract data. This can include various techniques such as cracking passwords, installing exploits, and removing locks.
Pros:
Can gain access to a device even with encryption and locking enabled.
Minuses:
Requires in-depth technical knowledge.
Can be unethical or illegal without official authorization.
Conclusion
Each method has its advantages and limitations, and the choice of a particular method depends on the goals of the investigation, the condition of the device, and the data to be extracted.