NCJ Number
241153
Date Published
February 2013
Length
139 pages
Annotation
This NIJ Special Report presents the results from testing Mobile Device Acquisition Tool: Device Seizure v5.0 build 4582.15907 and reports the results from testing against the Smart Phone Tool Test Assertions and Test Plan.
Abstract
This NIJ report presents the results from testing Mobile Device Acquisition Tool: Device Seizure v5.0 build 4582.15907 conducted through the Computer Forensics Tool Testing (CFTT) program. The testing covered several areas about the tool: device connectivity, subscriber and equipment related information, personal information management (PIM) data, call logs, acquisition of SMS messages, acquisition of MMS messages, acquisition of stand-alone files, application-related data, Internet-related data, and non-ASCII characters. The tool was tested for its ability to obtain active and deleted data from the internal memory of mobile devices and subscriber identity modules (SIMs). The testing revealed that, for the most part, the tool was able to acquire all supported data objects completely and accurately from the internal memory of the devices tested. A list of devices tested is included in the report. A few anomalies did occur with the data acquisition, however they were specific to certain devices. Some of these anomalies included inability to establish connectivity to the mobile device (Noki 6350) and connectivity ending in errors (HTC Thunderbolt); subscriber information not reported (iPhone4 GSM, Palm Pre2); calendar and address book entries not reported (Palm Pre2); call log data not acquired (Palm Pre2); unread test messages not assigned a status (iPhone4); MMS messages not reported (Palm Pre2) and MMS attachments not reported (BlackBerry Torch); and audio, video, and graphic files not reported (BlackBerry Torch, HTC Thunderbolt, Palm Pre2). The information in this report is divided into five sections: 1) a summary of the results from the test runs; 2) justification for the selection of test cases from the set of possible cases defined in the test plan; 3) detailed description of the anomalies found during testing; 4) lists of hardware and software used to run the test cases; and 5) a description of each test case run, including the test assertions used in the case, the expected results, and the actual results. Tables
Date Published: February 1, 2013