Police turn forensic skills on handhelds

The report details software tools to aid in the extraction of data from handhelds. NIST, a nonregulatory federal agency, said the purpose of the report is to teach law enforcement, incident response teams and forensic examiners how to acquire information from handhelds using PalmSource's Palm OS, Microsoft's Windows Mobile OS and Linux.

As portable devices with computing and storage capabilities similar to those of notebook PCs, handhelds can be used by criminals for basic activities such as keeping a schedule--or stealing data. However, they are different enough from PCs that they require specialized tools and procedures to extract data a suspect has tried to hide or delete.

Digital information is especially susceptible to theft because of its portable and easily transferable nature. Hard drives have been the medium of choice for data theft because they can store large amounts of data. But increasingly, handheld devices and memory cards have been available in larger capacities. Additionally, hard drives have been shrinking so much that some can be inserted into handhelds.

The report is meant to help investigators better understand what is and is not possible with forensic software tools. Findings in the report assess available software and determine what data can be recovered from seized handhelds.

The study was sponsored by the Department of Homeland Security and was meant to complement tougher tests being developed as part of the Computer Forensics Tool Testing project--a joint effort of NIST, the National Institute for Justice and law enforcement organizations.