ISSC351 discussion response Mobile Device & Network Analysis


Question Description

Need to respond to two student discussions with at least 100 words minimum for each response. Below in the bold are the questions the students are responding to.


  1. Discuss what type of evidence can be collected from and mobile device and the processes used to collect that evidence.
  2. There are many brands of mobile devices. Is there any difference in the way that evidence is collected from them? If so, please discus these difference.
  3. Describe and discuss and end-to-end network forensic analysis.

Student one:


  1. Mobile devices of any kind have some type of operating system that is running the device in any manner. Data or evidence come in the form of call logs, emails, photos, GPS information, and network information (Easttom, 2014). Evidence can be collected by certain products available on the market such as Data Doctor which can recover all Inbox and Outbox data and contact data. Sim Card Data Retrieval Utility is a product that can recover Inbox and sent data messages. Forensic SIM Cloner is a tool used to clone SIM cards which would allow an investigator to work off of a copy versus the original data or evidence (Easttom, 2014).
  2. Evidence collected from a mobile can be in close contrast of how it is collected from a PC. Android mobile device will be close if not identical to the PC. Apple will also be the same. Blackberry has a method of where the mobile device data can be downloaded to a workstation in order to analyze the data that is on the phone (Easttom, 2014)
  3. The end-to-end network forensics analysis can be defined as the capturing, recording, and analysis of network events in order to discover security attacks according to In a manner to break it down for me to understand, I look at toll-by-plate on the highway. The car enters thru a certain part of the expressway that has to be paid. The way that the use of the toll is captured is by the cameras located on the signs (capture). After the picture is taken of the vehicle’s plate it is recorded into the camera’s system database on a server of some type (recorded). Once the tag is found to have a prepaid pass or toll fob to pay for the transaction it charges the account associated with the tag, if not then the toll is sent in the form of an invoice to be paid at a later date (analysis). That process completes the end-to-end forensics analysis.


Easttom, C. System Forensics, Investigation, and Response PDF VitalBook. [VitalSource]. Retrieved from

What is network forensics? - Definition from (n.d.). Retrieved from

Student two:

Similar to investigations involving a computer, digital forensics experts can also collect evidence off of a mobile device. From a cell phone an investigator could gather call history, emails/ texts/ social media, photos, GPS information and network information (Easttom, 2014). To begin collecting evidence from the phone it is important to ensure that there is no new data added to the phone this could be done by simply not following the proper methods when connecting the device to a forensics computer. For example with iPhones there are times when once the device is connected to a computer source it will begin to self-update, this could cause a loss of potential evidence. Once it is safely conducted to a computer, tools such as Encase and Forensic toolkit can be used in order to gather evidence. Additionally, Data Doctor would also be useful when the recovery of all inbox and outbox data is needed (Easttom, 2014).

By having knowledge of the different devices can exponentially help an investigation. Each device has a different process involved in gathering evidence. For instance on an iPhone an investigator can simply open the iTunes account of the given phone and identify iOS version, phone number and serial number. Additionally, the iOS has specific tools (Pwnage. Recover my iPod and wolf) that can aid in the investigation (Easttom, 2014). As for the Blackberry, a program cannot be opened directly from the phone in order to quickly identify pertinent information. A blackberry must be backed up using Desktop Manager to begin the investigation.

Within an end-to-end network analysis it is exactly what it sounds like. This analysis will review all vulnerabilities and results of an attack. All devices and networks are reviewed including security software, routers, firewall and anything else imaginable having to do with a systems network.


Easttom, Chuck (2014). System Forensics, Investigation and Response. Jones and Bartlett (2nd ed) ISBN: 978-1-284-03105-8 ebook - EBook links provided inside the classroom.


Tutor Answer

School: UC Berkeley




Student’s Name
Instructor’s Name
Date of Submission
ISSC351 Discussion Response
Student One
Hello, Eddie
I am hoping that you are having a great week. I must say that I really enjoyed reading your
informative post this week. You pass across great and succinct points which I totally concur
with. To begin with, I could not agree with you more on the fact that in as far as the operating
system that the mobile device is operating on, be in Android or Apple Operating System, for
instance, data or evidence come in the form of cal...

flag Report DMCA

Goes above and beyond expectations !

Brown University

1271 Tutors

California Institute of Technology

2131 Tutors

Carnegie Mellon University

982 Tutors

Columbia University

1256 Tutors

Dartmouth University

2113 Tutors

Emory University

2279 Tutors

Harvard University

599 Tutors

Massachusetts Institute of Technology

2319 Tutors

New York University

1645 Tutors

Notre Dam University

1911 Tutors

Oklahoma University

2122 Tutors

Pennsylvania State University

932 Tutors

Princeton University

1211 Tutors

Stanford University

983 Tutors

University of California

1282 Tutors

Oxford University

123 Tutors

Yale University

2325 Tutors