Document Type

Journal Article


Longwood University


Faculty of Computing, Health and Science


School of Computer and Information Science / Centre for Security Research




Jones, A. , Valli, C. , & Sutherland, I. (2008). Analysis of Information Remaining on Hand Held Devices for Sale on the Second Hand Market. Journal of Digital Forensics, Security and Law, 3(2), 55-70. Available here


The ownership and use of mobile phones, Personal Digital Assistants and other hand held devices is now ubiquitous both for home and business use. The majority of these devices have a high initial cost, a relatively short period before they become obsolescent and a relatively low second hand value. As a result of this, when the devices are replaced, there are indications that they tend to be discarded. As technology has continued to develop, it has led to an increasing diversity in the number and type of devices that are available, and the processing power and the storage capacity of the digital storage in the device. All organisations, whether in the public or private sector increasingly use hand held devices that contain digital media for the storage of information relating to their business, their employees or their customers. Similarly, individual private users increasingly use hand held devices containing digital media for the storage of information relating to their private lives. The research revealed that a significant number of organisations and private users are ignorant or misinformed about the volume and type of information that is stored on the hand held devices and the media on which it is stored. It is apparent that they have either not considered, or are unaware of, the potential impact of this information becoming available to their competitors or those with criminal intent. This main purpose of this study was to gain an understanding of the volume and type of information that may remain on hand held devices that are offered for sale on the second hand market. A second aim of the research was to determine the level of damage that could, potentially be caused, if the information that remains on the devices fell into the wrong hands. The study examined a number of hand held devices that had been obtained from sources in the UK and Australia that ranged from internet auction sites, to private sales and commercial resellers. The study was carried out by the security research team at the BT IT Futures Centre in conjunction with Edith Cowan University in Australia and the University of Glamorgan in the UK. The basis of the research was to acquire a number of second hand hand held devices from a diverse range of sources and then determine whether they still contained information relating to a previous owner or whether the information had been effectively removed. The devices that were obtained for the research were supplied blind to the researchers through a third party. The ‘blind’ supply of the devices meant that the people undertaking the research were provided with no information about the device and that the source of the devices and any external markings were hidden from them. This process was put in place to ensure that any findings of the research were based solely on the information that could be recovered from the digital storage media that was contained within the device. The underlying methodology that was used in the research was based on the forensic imaging of the devices. A forensic image of a device is a copy of the digital media that has been created in a scientifically sound manner to a standard that is acceptable to the courts. This procedure was implemented to ensure that the evidential integrity of the devices was maintained, with the devices also then being stored in a secure manner. All subsequent research was then conducted on the image of the device. This was considered to be a sensible precaution against the possibility that information discovered on a device might indicate criminal activity and require the involvement of law enforcement. Following the forensic imaging of the devices, the images that were created were then analysed to determine whether any information remained and whether it could be easily recovered using commonly available tools and techniques that anyone who had purchased the device could acquire.



Creative Commons License

Creative Commons Attribution-Noncommercial 4.0 License
This work is licensed under a Creative Commons Attribution-Noncommercial 4.0 License



Link to publisher version (DOI)