Follow Us:
Monday, June 14, 2021

Explained: Can data deleted from your phone be recovered using forensic cloning?

Some investigating agencies and forensic science laboratories carry out “imaging” or forensic cloning of a mobile phone or any digital device if they believe it would aid investigation or help prove a case against someone in a court of law.

Written by Mohamed Thaver , Edited by Explained Desk | Mumbai |
Updated: September 27, 2020 12:17:36 pm

The case registered against actor Rhea Chakraborty, her brother Showik and four others by the Narcotics Control Bureau (NCB) is based on chats that the Enforcement Directorate (ED) retrieved from the “clones” of the two mobile phones of Rhea which allegedly contain evidence of her discussing narcotics.

What exactly is mobile phone forensic cloning?

It forms a part of mobile device forensics and is basically a bit-for-bit copy of an entire mobile device. Some investigating agencies and forensic science laboratories carry out “imaging” or forensic cloning of a mobile phone or any digital device if they believe it would aid investigation or help prove a case against someone in a court of law.

How is mobile phone cloning different from copy pasting the entire data from a mobile device or laptop?

In the traditional copy-pasting of data, only the active files — or the files currently present on the device — are copied. It would not include files that have been deleted or overwritten by the user. In crime investigations, where there is probability of incriminating data being deleted, using the imaging technique, which is also known as physical acquisition, becomes important.

The physical acquisition of mobile phone data is a bit-for-bit copying of the data on to a physical storage. This also includes all deleted data. In other methods, only the folders are copied, and not the deleted files.

Can the data or allegedly incriminating chats etc found using imaging be used as evidence in a court of law?

Yes. As per Special IG Brijesh Singh who formerly headed the Maharashtra cyber police, if the information found on a particular device is accompanied by a 65 (B) Information Technology Act certificate – which gives the condition for handling the electronic devices in a particular manner for it to be admissible, such as it not being tampered – it can be used in a court of law against an individual.

So apart from it being used as an investigation tool, it also carries evidentiary value in a court of law.

📣 Express Explained is now on Telegram. Click here to join our channel (@ieexplained) and stay updated with the latest

What are some of the cases where mobile forensic cloning has helped investigators?

Apart from several terror-related cases, one of the best uses of forensic cloning of a mobile phone was seen in the Payal Tadvi case, the second-year resident doctor at Nair Hospital in Mumbai who was allegedly driven to suicide on May 22, 2019.

Her parents had alleged that she was harassed by three doctors, and the Maharashtra Forensic Science Laboratory (FSL) managed to retrieve the photograph of a suicide note she had written from the forensic clone of her phone.

As per police, the three doctors, who were later charged with abetment to suicide, had allegedly deleted the suicide note from her phone. However, once the note was found, it was used as crucial evidence against the three doctors.

Can all data you delete from your phone or laptop be recovered? Are data on your phone/laptop that you sell or give for repairs, vulnerable?

To an extent, this depends upon the device. Generally, data that are deleted from the device can be recovered using software. However, in some devices made by Apple and Blackberry, the data recovery process is difficult and even a factory reset could make it difficult to recover data on these phones.

However, it is recommended that in order to protect data on a device that you sell, from being recovered and then possibly misused for extortion, you should encrypt files on your device and then do a factory reset before selling it.

Encrypting data on phones is an option that most android phones provide in settings. You then put a password or PIN to it.

Is encryption enough to save data?

In spite of encryption, the security of your data would depend upon how advanced the encryption is. There is a method called ‘brute force acquisition’ using which a password or PIN is extracted by trial and error. Several law enforcement agencies procure such software for crime investigations, especially cases related to terrorism.

📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines

For all the latest Explained News, download Indian Express App.

  • The Indian Express website has been rated GREEN for its credibility and trustworthiness by Newsguard, a global service that rates news sources for their journalistic standards.
0 Comment(s) *
* The moderation of comments is automated and not cleared manually by