Forensics & IR
Mobile Forensics
Also known as: Smartphone forensics, Cellphone forensics
Definition
The forensic acquisition and analysis of smartphones, tablets, and wearables to extract communications, app data, location, and other artefacts.
Examples
- Performing a Full File System extraction of an iPhone with Cellebrite to recover deleted messages.
- Decoding an Android device's WhatsApp database to reconstruct chat history.
Related terms
Digital Forensics
The scientific discipline of identifying, preserving, analysing, and reporting on digital evidence from computers, networks, and devices in a legally defensible way.
Evidence Acquisition
Evidence Acquisition — definition coming soon.
Cloud Forensics
Forensic investigation of cloud-hosted infrastructure, applications, and SaaS services, working with provider APIs, audit logs, and ephemeral resources.
Chain of Custody
The chronological, documented trail showing every person, location, and action affecting a piece of evidence from seizure through final disposition.
Artifact Analysis
Artifact Analysis — definition coming soon.
DFIR (Digital Forensics and Incident Response)
A combined discipline that fuses digital forensic investigation with incident response to detect, contain, eradicate, and learn from cyber incidents.