Prior Publisher

The Association of Digital Forensics, Security and Law (ADFSL)


The ownership and use of mobile phones, Personal Digital Assistants and other hand held devices is now ubiquitous both for home and business use. The majority of these devices have a high initial cost, a relatively short period before they become obsolescent and a relatively low second hand value. As a result of this, when the devices are replaced, there are indications that they tend to be discarded. As technology has continued to develop, it has led to an increasing diversity in the number and type of devices that are available, and the processing power and the storage capacity of the digital storage in the device. All organisations, whether in the public or private sector increasingly use hand held devices that contain digital media for the storage of information relating to their business, their employees or their customers. Similarly, individual private users increasingly use hand held devices containing digital media for the storage of information relating to their private lives. The research revealed that a significant number of organisations and private users are ignorant or misinformed about the volume and type of information that is stored on the hand held devices and the media on which it is stored. It is apparent that they have either not considered, or are unaware of, the potential impact of this information becoming available to their competitors or those with criminal intent. This main purpose of this study was to gain an understanding of the volume and type of information that may remain on hand held devices that are offered for sale on the second hand market. A second aim of the research was to determine the level of damage that could, potentially be caused, if the information that remains on the devices fell into the wrong hands. The study examined a number of hand held devices that had been obtained from sources in the UK and Australia that ranged from internet auction sites, to private sales and commercial resellers. The study was carried out by the security research team at the BT IT Futures Centre in conjunction with Edith Cowan University in Australia and the University of Glamorgan in the UK. The basis of the research was to acquire a number of second hand hand held devices from a diverse range of sources and then determine whether they still contained information relating to a previous owner or whether the information had been effectively removed. The devices that were obtained for the research were supplied blind to the researchers through a third party. The ‘blind’ supply of the devices meant that the people undertaking the research were provided with no information about the device and that the source of the devices and any external markings were hidden from them. This process was put in place to ensure that any findings of the research were based solely on the information that could be recovered from the digital storage media that was contained within the device. The underlying methodology that was used in the research was based on the forensic imaging of the devices. A forensic image of a device is a copy of the digital media that has been created in a scientifically sound manner to a standard that is acceptable to the courts. This procedure was implemented to ensure that the evidential integrity of the devices was maintained, with the devices also then being stored in a secure manner. All subsequent research was then conducted on the image of the device. This was considered to be a sensible precaution against the possibility that information discovered on a device might indicate criminal activity and require the involvement of law enforcement. Following the forensic imaging of the devices, the images that were created were then analysed to determine whether any information remained and whether it could be easily recovered using commonly available tools and techniques that anyone who had purchased the device could acquire.


1. Jones, A., Mee, V., Meyler, C., and Gooch, J,(2005), Analysis of Data Recovered From Computer Hand held devices released for sale by organisations, Journal of Information Warfare, (2005) 4 (2), 45-53.

2. Jones A., Valli C., Sutherland I.,Thomas P., The 2006 Analysis of Information Remaining on Disks Offered for Sale on the Second Hand Market, Journal of Digital Forensics, Security and Law, Volume 1, Issue 3, 2006.

3. Jones A., Valli C., Dardick G., Sutherland I., The 2007 Analysis of Information Remaining on Disks Offered for Sale on the Second Hand Market, Journal of Digital Forensics, Security and Law, 2008.

4. Young, T., HMRC breach warning to all departments, says watchdog, Computing, 21 Nov 2007.

5. Young, T., M&S breached Data Protection Act, Computing, 25 Jan 2008.

6. Choudhury, A. R., Local firms worried by data loss from mobile devices, The Business Times, 12 Nov 2007, http://www.asiaone.com/Business/News/SME+Central/Story/A1Story2007 1115-36895.html.

7. Ticehurst, J, Corporate data loss explodes on mobile devices, Information World Review,25 Nov 1999 http://www.iwr.co.uk/vnunet/news/2110216/corporate-loss-explodesmobile-devices.

8. The WARP website, http://www.warp.gov.uk/ (accessed 20 May 2008).

9. ITSafe Website, http://www.itsafe.gov.uk/.

10. Cauley, L., Cellphone users complain about 'function fatigue', USA TODAY, 13 Feb 2007.

11. Wireless Recycler Website, http://www.recellular.com/recycling/data_eraser/default.asp.

12. HM Stationary office: Mobile phone theft, plastic card and identity fraud: Findings from the 2005/06 British Crime Survey (Supplementary Volume 2 to Crime in England and Wales 2005/06), Edited by John Flatley, 15 May 2007.

13. Free Mobiles 2U: Mobile Phone Safety Information, http://www.freemobiles2u.co.uk/mobile_phone_safety_information.htm.

14. FTC totals cost of identity theft: $53 billion, 27 million victims, USA Today, 3 Sept 2003.

15. Home Office Identity Theft Steering Committee,2002 Cabinet Office Study,http://www.identity-theft.org.uk/faqs.html.

16. Editorial Team, The office - a hub for ID theft:15.3 million office workers in the UK may become victims of identity theft by over-trusting their colleagues, Insidemoneytalk, 10 Apr 2008, http://www.insidemoneytalk.com/news/she/she108.html.



To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.