There are many mobile operating systems in use today with two, Apple IOS and Android, dominating the world market.
Some mobile operating systems such as Android are open source and therefore deployed on many different hardware manufacturers’ devices. Due to Android’s open source nature, the operating system may also be customized or extended by the hardware manufacturer and the mobile service provider. By contrast, the Apple iPhone iOS is a closed system with the hardware, operating system, and applications all controlled by Apple and only Apple.
Mobile operating systems’ user interfaces, file structures, implementations, and security vary greatly. The ability for the end user to update the mobile operating system may also vary by operating system and carrier.
What challenges does this present the forensic examiner? Why might a mobile service provider not allow the operating system to be updated? The resources below outline some of the considerations for an investigator, especially the excerpts from NIST Special Publication 800-101, Guidelines on Mobile Device Forensics.
Resources
Excerpts from NIST 800-101:
Further reading: