Mobile Platform

The term platform refers to any hardware or software that hosts a service or application. In mobile forensics, the device and its components are the hardware, and the mobile operating system coordinates instruction sets and programs. Compared to desktop operating systems, there is a greater variety of mobile systems, including Android, Blackberry OS, iOS, Windows Mobile, Java, Symbian, and Palm OS (see chart).

graph depicting the top six mobile operating systems for years 2011 through 2016
Top Six Mobile Operating Systems 2011-2016

Source: StatCounter GlobalStats

While mobile operating systems offer the same basic functions, they are unique in two key areas: 1) how they store files and data, and 2) their settings, including security. The programs that run on mobile devices can be platform-specific; developed to run on one platform, cross-platform; developed to run on more than one platform, or platform-agnostic; or developed to run on any blend of processor and operating system architecture.

One of the first steps for a forensic examiner to take when viewing a mobile phone is to assess the make and model, which in turn will identify possible operating systems. The operating system will narrow the options for data acquisition tools that can be used. It is important to remember that there is no single forensics tool that can extract all of the data from a mobile phone; a comprehensive analysis and acquisition will employ multiple tools.

Mobile digital media investigation needs to encompass diverse media sources, formats, and communication flows. An examiner will typically categorize data extraction from a mobile device as either physical or logical. Physical extraction can retrieve the entire contents of the phone memory, requires hardware, and can only access low-level data. The issue can be encryption, since a "raw" image is typically encrypted. Logical extraction uses communication protocols and can access data at a higher level, providing data in a readable form.

The downside of logical extraction is that the amount of data acquired may be much less than what can be gathered using physical means, as the phone application program interface (API) is acting as a modem and actively syncs data with a desktop computer.

Licenses and Attributions

Top Six Mobile Operating Systems, 2011-2016 by StatCounter Global Stats is available under a Creative Commons Attribution-ShareAlike 3.0 Unported license. UMGC has modified this work and it is available under the original license.