The article explores the peculiarities and challenges of detecting and recording digital traces during the inspection of mobile communication devices. Digital traces left in the course of crimes involving mobile communications consist of information recorded in digital format and stored on various devices used for the creation, processing, storage, and transmission of that information. These traces are causally linked to the criminal event and can help establish both the circumstances of the crime and the identity of the perpetrator. In forensic science, such evidence is referred to as digital traces. These traces may be stored both on the servers of telecommunications operators and providers, as well as directly on the mobile device (e.g., smartphone). Any actions performed by the offender, victim, or other individuals using mobile communication services are typically recorded on the operator's servers. This process of collecting, analyzing, and organizing communication data is known as billing. Through billing records, an investigator can obtain the following information: 1) the SIM card number of the subscriber; 2) the IMEI number of the mobile device; 3) the date, time, and duration of each call; 4) the number of the calling subscriber; 5) the number of the called subscriber; 6) the name of the subscriber associated with the number (if verified); 7) the cost of the call; 8) the ID of the base station at the beginning of the call; 9) the ID of the base station at the end of the call. The article also outlines recommended procedures for investigators conducting direct inspections of mobile communication devices and proposes specific steps for properly recording any digital traces discovered during such operations. At the same time, it highlights several challenges associated with the use of forensic software and hardware systems. A significant issue lies in the constant evolution of smartphone security features. When manufacturers release updated security protocols for iOS or Android and apply them to devices, it becomes increasingly difficult - if not impossible - for forensic tools to unlock the device or decrypt the data. This limits the effectiveness of current mobile forensic technologies.
O.V. Kurman (Sun,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: