Miat-wm5: Forensic Acquisition for Windows Mobile Pocketpc

A PocketPC equipped with phone capabilities could be seen as an advanced smartphone, providing more computational power and available resources. Even though several technologies have emerged for PDAs and Smartphones forensic acquisition and analysis, only few technologies and products are capable of performing forensic acquisition on PocketPC platform; moreover they rely on proprietary protocols, proprietary cable-jack and proprietary operating systems. This paper presents the Mobile Internal Acquisition Tool for PocketPC devices. The approach we propose in this paper focuses on acquiring data from a mobile device’s internal storage memory, copying data to an external removable memory (like SD, mini SD, etc.). Such task is performed without the need of connecting the device to PC. Thanks to this, forensic operators could avoid to travel with luggage plenty of one-on-one tools for every single mobile device. Finally, we will show some experimental results, comparing this methodology with standard products on real world devices.