Mobile Phones

Mobile Phones Forensics

MD5’s highly trained analysts undertake Mobile Phones Forensics are able to interrogate a vast range of devices from older generation feature phones to the latest smart phones.

With the capabilities of modern smart phones constantly increasing, there is a greater opportunity to recover data relating to criminal activities.

MD5 adhere to the Association of Chief Police Officers (ACPO) Guidelines and use the latest mobile phone forensics examination techniques. Our team of experts confirm that the extraction of the data is complete and correct, via a manual verification during each examination.

With over ten years of experience in the field, on a daily basis Mobile Phone Forensics is undertaken.

Our expert investigations include the production of comprehensive reports.

MD5 are capable of extracting the following live and recoverable deleted information from mobile devices:

  • Device information
  • User accounts and Application installation history
  • Contacts
  • Call history
  • Application Chat Messages
  • Emails
  • Multimedia data (Images, Videos and Audio)
  • Calendar events & alarms
  • Internet history & bookmarks
  • Location and Map Data
  • Documents and Application Data
  • Wifi History

Further bespoke information can also be recoverable from devices by request.

Preserving Mobile Evidence

  1. Stop using the Device – Continued use of a mobile phone or tablet means vital data could be overwritten.
  2. Power Off the Device – This will prevent the data coming from the network changing evidence on the phone. It also stops remote activity on the device, this may include remote wiping of the device
  3. Contact MD5.

Advanced Capability

MD5 offer Advanced Data Recovery (ADR) procedures. We apply these procedures when a standard forensic process is ineffective, or if a device requires repair work prior to a forensic examination. MD5 offer the following methods which allows our analyst to extract data from handsets unsupported by forensic software, PIN/Pattern/Password protected phones and damaged or otherwise non-working handsets.

JTAG (Joint Test Action Group) Forensics

JTAG is a procedure that involves partially disassembling the device and connecting directly to ‘test points’ that are on the PCB specifically for JTAG purposes. This procedure works by using specialist software that sends a command to the memory chip through the specialist hardware that in turn sends the device’s data back to acquire an image of the device.

This does not destroy the handset, however, is an extremely delicate procedure and there is a risk that the handset may not function as it originally did following the procedure.

Flash Memory Chip Removal’ Forensics

Flash Memory Chip Removal is also known as ‘chip off’. This procedure involves fully disassembling the device, to remove the flash memory chip on the Printed Circuit Board (PCB). Therefore, using specialist hardware and software enables the analyst to acquire a physical image.

This is a permanent and destructive processes and consequently renders the device un-useable following the procedure.  Consequently,we advise this procedure should only be considered when all other forensic extraction options have been exhausted.

ISP (In System Programming) Forensics

ISP is a procedure that requires a full disassembly of the device. A connection is made to specific locations on a device Printed Circuit Board (PCB); these locations are not part of the device’s PCB’s layout. These locations exploit a direct communication with the reflected pins on the memory chip. Therefore, this procedure uses specialist software and hardware. Hence, allowing the software to exploits the memory chip pins and uses the hardware to acquire a physical image by reading the chip directly.

This does not destroy the handset, however,  it is an extremely delicate procedure and there is a risk that the handset may not function as it originally did following the procedure.

Device Repairs

If a device is not functioning correctly, repairs maybe require before it can be forensically examined, and the repair procedures can be cause issues with the device after.  This is due to taking the handset components apart; thus meaning the device after may not work correctly after. Therefore, any advance repairs will require specific authorisation by customer prior to any implementation.

Cell Site Analysis

Place mobile devices at a specific location at a specific time. Provision of alternative interpretations of existing reports.

Surveys of mobile networks to map out true network coverage.


Experienced in planning and executing proportionate strategies. Transparent pricing models ensures cost predictability and control. Clear quotes, easy to understand.

For further information, please Contact Us now for your free no obligation quotation.

MD5 were able to extract vital contact details from a severely fire damaged phone this proved extremely important in identifying who the phone belonged to.

  • XERA iConect
  • Crown Commercial Service Supplier
  • Cyber Essentials Plus Certified
  • NEWA 2017
  • MSAB Logo
  • Cellbrite Logo
  • Sherlock Oxygen Forensics
  • XRY
  • Guidance Software
Request a Callback
  • This field is for validation purposes and should be left unchanged.
VFC Download Information