Analysis of Tools and Technologies for Obtaining Data from Mobile Devices in the Context of Cybercrime Investigations
DOI:
https://doi.org/10.31649/1997-9266-2026-185-2-55-64Keywords:
mobile forensics, cybercrime, digital evidence, data extraction, mobile forensics tools, legal adaptationAbstract
The article presents the analysis of modern technologies for obtaining data from mobile devices in the context of digital forensics and cybercrime investigation. The growing role of mobile devices as key carriers of digital evidence in criminal proceedings related to illegal activities in cyberspace is substantiated. The classification of the main data extraction methods and their technical features is presented, which allows choosing the optimal approaches to their use. The specific features of the application of current technological solutions for mobile forensics in Ukraine are analyzed, taking into account institutional, technical, legal and educational aspects, European integration, martial law, the constant complication of technical challenges related to data protection, and the adaptation of the legal field to the realities of digital evidence. The functional capabilities of leading commercial, open and auxiliary solutions in ensuring the completeness and reliability of digital analysis are investigated. Particular attention is paid to the procedural suitability of digital evidence, as well as the adaptation of tools to the conditions of national legal practice and the specifics of scientific and research work in the field of cybersecurity. The author presents his own experience in integrating university education with national projects that are part of the general cybersecurity ecosystem in Ukraine and combine education and interaction with law enforcement officers. The role of cloud forensics in terms of the possibility of increasing the completeness of the evidence base and compliance with national procedural requirements for access to personal data is noted. The feasibility of an integrated approach to the use of mobile forensics tools to increase the efficiency, reliability and objectivity of investigations in the digital environment is substantiated. Promising directions for the development of methods for obtaining evidence in the context of increased cryptographic protection are identified.
References
Операційна система Apple про яку мало хто знає та Secure Enclave. [Електронний ресурс]. Режим доступу: https://iland.ua/articles/operatsiyna-systema-apple-pro-iaku-malo-khto-znaie-ta-secure-enclave/ . Дата звернення 02.01.2026.
А. Сайко, «Розуміння апаратних модулів безпеки в адмініструванні ключів блокчейну». [Електронний ресурс]. Режим доступу: https://blockchain-development-solutions.com/uk/blog/hardware-security-modules-blockchain-key-management . Дата звернення 02.01.2026.
Digital 2025: Global Overview Report. [Electronic resource]. Available: https://datareportal.com/reports/digital-2025-global-overview-report . Accessed: 02.01.2026.
В. В. Марков, і Р. Р. Савченко, «Принципи належності електронних доказів, отриманих з мобільних пристроїв», Право і безпека, № 1 (52). с. 89-95, 2014.
А. В. Коваленко, «Електронні докази в кримінальному провадженні: сучасний стан та перспективи використання», Вісник Луганського державного університету внутрішніх справ імені Е. О. Дідоренка, вип. 4. с. 237-245, 2018. [Електронний ресурс]. Режим доступу: http://nbuv.gov.ua/UJRN/Vlduvs_2018_4_30 . Дата звернення 05.01.2026.
В. Ю. Шепітько, та ін., Інноваційні методи та цифрові технології в криміналістиці й судовій експертизі. Харків, Україна: Право, 2024. [Електронний ресурс]. Режим доступу: https://ivpz.kh.ua/wp-content/uploads/2025/01/Монографія-Криміналістів-2024.pdf . Дата звернення 10.01.2026.
Mobile Device Forensics in Criminal Investigations: Challenges and Innovations. 2025. [Electronic resource]. Available: https://innefu.com/mobile-device-forensics-in-criminal-investigations-challenges-and-innovations/ . Accessed: 10.01.2026.
NIST Special Publication 800-101 Revision 1. Guidelines on Mobile Device Forensics. National Institute of Standards and Technology, 85 p., 2014. [Electronic resource]. Available: https://csrc.nist.gov/publications/detail/sp/800-101/rev-1/final . Accessed: 10.01.2026.
Cellebrite. Mobile Forensic Extraction Methods Overview, technical documentation, 2023. [Electronic resource]. Available: https://www.cellebrite.com/en/mobile-forensics/ . Accessed: 10.01.2026.
Jason E. James, “Foundations of mobile forensics: an academic approach,” Issues in Information Systems, vol. 25, Iss. 3 pp. 94-108, 2024. https://doi.org/10.48009/3_iis_2024_108 . [Electronic resource]. Available: https://www.iacis.org/iis/2024/3_iis_2024_94-108.pdf . Accessed: 12.01.2026.
Rick Ayers, Sam Brothers, and Wayne Jansen, “Guidelines on Mobile Device Forensics (Draft),” National Institute of Standards and Technology, 88 p., 2014. [Electronic resource]. Available: https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-101r1.pdf . Accessed: 15.01.2026.
ISO/IEC 27037:2012. Information technology – Security techniques – Guidelines for identification, collection, acquisition and preservation of digital evidence. 2012. [Electronic resource]. Available: https://www.iso.org/standard/44381.html . Accessed: 15.01.2026.
Top 10 Digital Forensic Tools Every Investigator Must Know. [Electronic resource]. Available: https://www.cyberforensicacademy.com/blog/top-10-digital-forensic-tools-every-investigator-must-know . Accessed: 05.01.2026.
А. С. Колодіна, і Т. С. Федорова, «Цифрова криміналістика: проблеми теорії і практики, » Київський часопис права, № 1. с. 176-180, 2022. https://doi.org/10.32782/klj/2022.1.27 . Дата звернення 10.01.2026.
Cellebrite. UFED Ultimate – Mobile Forensic Extraction and Analysis. [Electronic resource]. Available: https://www.cellebrite.com/en/ufed . Accessed: 15.01.2026.
Magnet Forensics. Magnet AXIOM – Digital Investigation Platform. [Electronic resource]. Available: https://www.magnetforensics.com/products/magnet-axiom/ . Accessed: 15.01.2026.
MSAB. XRY – Mobile Forensics Software. [Electronic resource]. Available: https://www.msab.com/products/xry/ . Accessed: 15.01.2026.
Oxygen Forensics. Oxygen Forensic Detective. [Electronic resource]. Available: https://www.oxygen-forensic.com/en/products/oxygen-forensic-detective . Accessed: 15.01.2026.
National Institute of Standards and Technology. Digital Forensics Guidelines. [Electronic resource]. Available: https://www.nist.gov/itl/ssd/software-quality-group/digital-forensics . Accessed: 15.01.2026.
SWGDE Best Practices for Mobile Phone Forensics. [Electronic resource]. Available: https://www.swgde.org/documents/published-complete-listing/12-f-002-swgde-best-practices-for-mobile-phone-forensics/ . Accessed: 15.01.2026.
E. Casey, “Digital Evidence and Computer Crime,” 3rd ed. London: Academic Press, p. 840, 2011. [Electronic resource]. Available: https://rishikeshpansare.wordpress.com/wp-content/uploads/2016/02/digital-evidence-and-computer-crime-third-edition.pdf . Accessed: 15.01.2026.
J. Lessard, and G. Kessler, “Android forensics: Simplifying cell phone examinations” Small Scale Digital Device Forensics Journal, vol. 4, no. 1, pp. 1-12, 2010. [Electronic resource]. Available: https://www.researchgate.net/publication/254591932_Android_Forensics_Simplifying_Cell_Phone_Examinations . Accessed: 15.01.2026.
A. Hoog, iPhone and iOS Forensics, Burlington: Syngress, pp. 464, 2011. https://doi.org/10.1016/C2010-0-68895-X . Accessed: 15.01.2026.
N. R. Roy, A. K. Khanna, and L. Aneja, “Android phone forensic: Tools and techniques,” 2016 International Conference on Computing, Communication and Automation (ICCCA), Greater Noida, India, pp. 605-610, 2016, https://doi.org/10.1109/CCAA.2016.7813792 . Accessed: 15.01.2026.
Open Source Digital Forensics, [Electronic resource]. Available: https://www.sleuthkit.org/autopsy . Accessed: 15.01.2026.
NIST SP 800-101 Rev. 1. Guidelines on Mobile Device Forensics. [Electronic resource]. Available: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-101r1.pdf . Accessed: 15.01.2026.
NIST Computer Forensics Tool Testing (CFTT). [Electronic resource]. Available: https://www.nist.gov/itl/ssd/software-quality-group/computer-forensics-tool-testing-program-cftt . Accessed: 12.01.2026.
ENFSI Best Practice Manuals for Digital Evidence. [Electronic resource]. Available: https://enfsi.eu/documents/ . Accessed: 12.01.2026.
Union Advisory Mission for Civilian Security Sector Reform Ukraine (EUAM Ukraine). [Electronic resource]. Available: https://www.euam-ukraine.eu . Accessed: 12.01.2026.
В. С. Макаров, «Особливості судово-медичної експертизи мобільних пристроїв, що працюють на операційній системі Android», Вісник Харківського національного університету внутрішніх справ. № 111(4), с. 378-384, 2025. https://doi.org/10.32631/v.2025.4.30 . Дата звернення 20.02.2026.
А. Я. Пенчарський, «Месенджери як засоби вчинення кримінальних правопорушень: окремі аспекти досудового розслідування та міжнародно-правове регулювання», Науково-інформаційний вісник Івано-Франківського університету права імені Короля Данила Галицького: Журнал. Серія Право, вип. 19 (31), с. 388-1395, 2025. https://doi.org/10.33098/2078-6670.2025.19.31.388-395 . Дата звернення 20.02.2026.
Практична підготовка студентів у співпраці з кіберполіцією. [Електронний ресурс]. Режим доступу: https://biotechuniv.edu.ua/novyny-fakultety-menedzhmentu-administruvannya-ta-prava/kaf-it-news/praktychna-pidgotovka-studentiv-u-spivpratsi-z-kiberpolitsiyeyu/ . Дата звернення 22.02.2026.
Downloads
-
pdf (Українська)
Downloads: 0
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
