Reconstruction And Analysis Of Forensic Data Gathering Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Cyber stalking is a term used to describe the act of stalking via electronic means. This ranges from using social networking sites in order to collect information on a person and keep check on them for personal means to sending threatening text messages via a phone to the victim. Sometimes cyber bullying is also used to describe cyber stalking. Types of crimes or activities that cyber stalkers like to engage in "false accusations, monitoring, making threats, identity theft, damage to data or equipment, the solicitation of minors for sex, or gathering information in order to harass"

Cyber stalkers often meet their victims through search engines, social networking sites, chat rooms, forums and lots more but they can also be people that a victim may know in real life, normally they are ex-girlfriends, boyfriends, wives, husbands etc… that can't let go after a relationship fails. Who are the victims? "In the United Kingdom, the Malicious Communications Act (1998) classified cyber stalking as a criminal offense". (ADDISON, Neil)

Forensic tools, methods and techniques in Mobile phone/PDA analysis


Due to the complexity of mobile phones including many different formats for files, different operating systems and the way each model works there are many different pieces of software that a forensic investigator might use. Some current software forensic investigators may use are:

Cellebrite UFED


Micro Systemation XRY

Oxygen Forensic Suite 2


Susteen's Secure View 2 with svProbe

THREADS Mobile Forensic Analysis


In the forensic computing world there are many different tools for different uses. This is due to there being a wide market of phones available, with different operating systems which will all need investigating differently. Many types of software is not the only problem as most phones will have their own type of connection port or as the least the manufactures version of the connection port. This leads to there having to be many different types of hardware which is also needed to connect the phones. Other hardware can also have compatibility issues with certain devices. Some of the main areas for evidence are as follows:

Evidence in court

General phone information & SIM card data can be recovered using forensic tools, general phone information can range from the IMEI number which would identify the phone in question to network information. In a case this type of information can be important as the networking information would allow the investigator to see which network the phone is registered on. This allows the investigator to contact the provider in question to receive call logs. The sim can hold many important pieces of information such as the phone number for the phone which would help in the case as it will be matched to the victim's phone logs. Some SMS and phone books entries can be stored on the SIM so its always important to see if they can be extracted to as they could be valuable in the investigator. The importance of these pieces of evidence will be covered later in the report.

The address book is one of the most important pieces of information that can be extracted from the phone. A phone book can contain a lot of personal information on the suspects contacts such as phone number and name. This could be linked to the victim if they are one of the address book contacts. On newer devices such as smart phones the address book can contain many more fields including such things as E-Mail addresses, birthdays, notes on contact and many more. This could all be valuable information in court as it allows the court to see what wealth of information the suspect had on the victim if any.

If any call groups or speed dials have been setup these can be recovered. It could be likely that the victim is set as a speed dial if the suspect had been stalking the victim using phone calls as it would have saved the suspect a lot of time rather than typing in the number or having to go through the phone book options. Another area of information that relates to speed dial and call groups is the call register of incoming and outgoing calls. This could provide evidence that the suspect had called the victim.

Some phone such as the Blackberry store information in the Event log. This could be useful as it holds such information as recently run processes, phone calls and other events. Taking the Blackberry for example, the event log could provide details on who the suspect had been calling. The main difference between this and the call register is that when call logs are deleted form the call register they are not deleted from the event log. This could provide information on if the suspect was trying to cover their tracks while stalking their victim.

Calendar events could allow the investigator to see what the upcoming or past event the suspect had. This could include meetings with the suspect or other meetings that could relate to the case such as planning when they are going to ring, E-Mail etc... This information is likely to have a date and time stamp which could help prove where the suspect was at certain times.

Tasks and notes can be stored on most phones. These could provide information on the suspect if they were creating notes on the victim.

Another large wealth of information that could be useful in court is the Short Message Service (SMS) messages sent and received on the device. These messages could show that the suspect had contact with the victim and also what was said. Even some recently deleted SMS messages are normally recoverable which could also indicate if the suspect was trying to cover their tracks by deleting messages. Other types of media that are related to SMS is Multimedia Messaging Service (MMS). MMS can be used to send pictures and videos to other devices so retrieving this information could provide details on if the suspect sent any picture or videos messages to the victim using MMS. This could include indecent images or images to blackmail the victim for instance. Text can also be sent via MMS so it can provide other messages that would normally be sent as SMS. Other types of messages that can be sent and received from the device are Bluetooth and Infar Red messages and files. These can all be recovered using the correct software although it is unlikely the stalker would use Infar Red due to the close proximity needed in order to transfer and with Bluetooth the device will usually ask the user whether to accept the incoming file/message, which could prevent them from being received.

Nearly all smart devices or mobile phones have a built in camera in order to take pictures or create videos. These can all be recovered from the phone and also previously deleted images and videos. Images and videos can be used in court to tell if the suspect was taking pictures of the victim or taking for example indecent pictures or videos for the victim using their phone. Voice clips can also be recorded using the microphone. These voice clips could provide evidence if case related.

Some smart devices and mobile phone have Global Positioning System (GPS) chips which allow the phone to be tracked or pin pointed using satellites. Some images can contain a GPS location of where the picture was taken. This could provide evidence on where the suspect was when taking photos, such as if there are photos of the victim on the phone then the investigator could tell if it was their phone being used when they were taken and also where they were when taking them. Other applications such as Google maps could provide the last location that the suspect used to create maps or find out where they was. This could be used as evidence to prove where the suspect was at certain times or if they planned journey related to the victim in some way such as a route to work.

The internet is available on most devices these days including mobile phones, be it WAP, EDGE, 3G or a Wi-Fi network. When surfing the internet with an internet browser generally lots of information on what the user is doing or has done is being stored. This ranges from download, website history to cookies containing user names and passwords to sites they visit. Due to the internet browser recording all this information it can be easily recovered. This generally includes even if the history etc… is deleted (not securely). This evidence can be used in court if the suspect had been accessing the victims information on the internet or even using websites in order to communicate with the victim.

Third party applications can also record a great deal of information on a users tracks. An example of a third party app is "Grindr" which is a popular application for gay and bisexual people to meet other gay and bisexual people locally. This type of app uses the GPS chip in the device in order to locate the user and then pair them up with local people who have also been located. This application is likely to store this information and therefore is logged. This could be used as evidence if extracted from the phone as it could prove where the suspect was at the time the app was run.

Cyber stalking law

Cyber stalking is classified under the Section 1 of the Malicious Communications Act 1998. Under this act it an offence to send another person a letter, electronic communication or article of any description which conveys a message which is indecent or grossly offensive, a threat or information which is false and known or believed to be false by the sender or any article or electronic communication which is, in whole or part, of an indecent or grossly offensive nature. Electronic communication in this act is any communication how ever sent that is in electronic form. Offenders are liable to imprisonment for a term not exceeding six months or to a fine that not exceeding level 5 on the standard scale or to both (Malicious Communications Act 1988, Section 1).


There was a high profile case in America in which Liam Youens cyber stalked Amy Boyer for years. Over these years Liam created a website dedicated to her and detailed what he had been doing, his feelings and what he wanted to do to her, including killing her. One day he carried out his desires by pulling up in a car next to hers shouting her name and then shooting her and then committing suicide minutes later. This case highlighted many problems including the laws that applied to cyber stalking across state lines in American. There was also frustration that there had been a website create and online for many years detailing what was going to happen yet no one had reported it. Liam used the internet to discover where Boyer worked and commit his crime. This case was so high profile there was even a documentary created on it. (RE-WRITE)

Means by which a person can be stalked via the internet

Cyber stalking can be carried out in many different ways. These include using social networking sites, chat rooms, forums, E-Mail, mobile phone texting/ringing and many more as communication become easier through the use of electronic means.

Social Networking sites

Stalking via social networking sites is very common as people tend to release lots of information about themselves. Although limited normally to just friends and family, most people will have different views on what is a "friend" sometimes just talking to someone online for brief period of time or meeting someone for an hour or too while out socialising can get people classed as friends and quickly added to there facebook, myspace or beebo etc friend list which grants them access to a whole host of person information. Taking facebook as an example due to its popularity, stalking via facebook is so common its got its own name, Facebook stalking. It is so common that its normally even joked about by friends and there seemed to be a joke stigma attached to it when it can in some cases get out of control and people can come to physical or physiological harm. A New feature on facebook is called "places", this allows the user to "Easily share where you are, what you're doing and the friends you're with right from your mobile" (Facebook Places). Although this can be a fun feature to use to tell legitimate friends where the user is, it can very easily be abused . Posting to all their supposed friends on facebook where they are could lead to a whole load of problems including robbery like in the case of ( where all twitter messages of people leaving there houses were posted so people could view who wasn't at their house. Also for stalkers this allows them to bring there stalking to a whole new level by following and trying to meet up with the victim.

Family's Facebook stalker was girl aged 12

Email Stalking

Unsolicited email is one of the most common forms of harassment according to halt's research (WHOA, 2009) which has it as the top ranked way of cyberstalking with "24%". Cyberstalking or harassment by E-Mail can be done in different ways. The usual way E-Mail can be used for harassment is simple, E-Mail messages with harassing content such as hateful messages to the victim in order to intimidate or constant unwanted communication which can be considered harassment.

Another use of E-Mail for stalking/harassment benefits is spamming. This can be abused by using programs such as mass mailers which will flood a person's inbox with fake E-Mails to cause problems for the victim in gaining access to E-Mails that are of actual importance. Another example of this mass mailing is to send a hateful message out to a number of participants that belong to a group or organization. In 1996 there was a case of this were a student in California sent an email to predominantly Asian students with a message that he would "personally…" "find and kill everyone of you" signed "Asian Hater". (WRITER, Staff, 1998).

Jilted lover jailed for email stalking

Mobile Phones / Smart Devices

Mobile phones can play a big part in cyber stalking, mobile phone numbers are often generously given out making a person's mobile number easier to get, this can also be linked to social networking as many people put their number on their profile. Once the cyber stalker has the number they can use it to send harassing text messages and to ring the victim.

On more advanced phones which are generally called smart phones there may also be applications (apps) that can be exploited by the cyber stalker. One such app in development is called "Recognizr" which will scan the faces of someone in the room using the on board camera (REPORTER, Daily Mail, 2010). This data is then matched to social networking sites and other databases in order to find information about the person. This is open to abuse due to it allowing anyone to find information out on total strangers. It has been noted that there is likely to be some kind of restraints on the app to stop this although in today's world its probably a matter of time before someone creates their own version be it by scratch or by using the source code.

Stalking I phone app.

Means by which a person can reduce the possibility of them being stalked

Being cyber stalked is an awful thing but it can be prevented or at least lesson the likeliness of being cyber stalked. The best way to go about preventing cyber stalking is not to use the internet or communication devices at all. This though is not an option for most people today as more and more jobs, hobbies and communications rely on the internet and electronic devices. The main way to reduce cyber stalking is to give out as little information as possible, especially on the internet. Such social networking sites as Facebook can contain a whole wealth of information on a person such as personal details like date of birth and family members. Using Facebook as an example although most if not all social networking sites have these options, privacy settings. Privacy setting allows users to minimise information leaking to the wrong people. These settings allow users to restrict what certain people see for example they can create categories that contain people who they do not wish to share any information with and others that they want to information with such as trusted friends and family. When using other websites such as forums the user should use a username that is made up and does not disclose the users real name, this makes it harder for people to find out who someone is. Profiles on such sites as forums should also contain very little information about the user.

Most ISP's give out email addresses that relate to the user such as using their full name. Making these E-Mail addresses available on untrusted sites is not a good idea and can help people track people down. Secondary email addresses are a good idea to prevent this. The best way is to choose something that is not related to the user and entirely made up.

If a user has already put some information on the internet through social networking sites a good way of seeing what is currently available about them is using a search engine, such as Google for example to search their full name should bring back all the easily accessible information about them, although they will need to go through all the other people in the world with the same name as themselves. Using this technique they could attempt to remove information they do not wish to share or tighten privacy settings to reduce how much information can be obtained this way. Sites like offer an in depth search on a full name searching for specific things such as online phone directories, electoral register and social networking sites.

If a user is an active member of certain forums, chat rooms etc. try to avoid heated debates and insulting people as this can lead to aggression and

Do not create an online biography of yourself, personal websites are fun and great to share to friends and family but they can reveal a lot of information about a user and people close to them. If its available through the internet just by typing in a URL then anyone can access this information and use it against them.

Hacking can also be linked to cyber stalking such as E-Mail, forum, game accounts being hacked. Using these accounts the stalker can cause lots of damage by pretending to be them. Passwords should be changed regularly and should contain capital, normal, numerical and special characters. Using words from the dictionary or personal information such as the name of the users mum is also a bad idea as this information can sometimes be easily obtained.

The user should be aware of their own behaviour and that of those around them. Broadcasting their views may be controversial and offensive to certain people which could cause aggression from others towards them. They should also be aware of other people's behaviour and if someone they are talking with does anything which they find inappropriate they should block them immediately in order to prevent any kind of confrontation which could lead to cyber stalking.


ABUSE), WHOA (Working to Halt Online. 2009. 2009 Cyberstalking Statistics. [online]. [Accessed 23 Nov 2010]. Available from World Wide Web: <>

ADDISON, Neil. [online]. [Accessed 21 Nov 2010]. Available from World Wide Web: <>

BOCIJ, Paul. 2004. Cyberstalking: Harassment in the Internet Age and How to Protect Your Family. Praeger.

Cyberstalking & Harassment. [online]. [Accessed 21 Nov 2010]. Available from World Wide Web: <>

Facebook Places. [online]. [Accessed 21 Nov 2010]. Available from World Wide Web: <>

REPORTER, Daily Mail. 2010. Facial recognition phone application described as a 'stalker's dream'. [online]. [Accessed 23 Nov 2010]. Available from World Wide Web: <>


Spamming - To send unsolicited bulk E-Mails to a recipient