Already have an account

Upload files (Maximum upload size: 64.00 MB)


Innovative new tools available to LEAs allowing for the rapid retrieval, storage and analysis of mobile phone data.

The goal is to reduce the gap between LEAs and the crime & terror organisations.

Giving them the tools and systems, to work with the latest devices and technology, favoured by criminal groups.



Standard: A result of the project will be a European standard for the forensic investigation of mobile phones.

It is also an aim for the new FORMOBILE standard, to become a European Committee for Standardisation (CEN), Workshop Agreement (CWA).

CWAs are frequently the forerunner of ENs and ISO standards.



To maximise the success of the FORMOBILE project, it is imperative that the LEAs and associated agencies receive the best training possible on the new tools and standard implemented.

A dedicated training team will combine the best aspects of existing training courses available, into a new curriculum.

Combining knowledge of commercial parties, academia and LEAs will enable a set of courses, with the supporting materials, to be developed.

Target groups

The EU is a connected society. Mobile phones are used to continuously share information, files and images. Thankfully much of this is innocent, however - criminals and terrorists use the same channels to communicate. FORMOBILE will tackle this risk and will benefit three key groups.

Security Practitioners

FORMOBILE will make your work easier

Security Practitioners

FORMOBILE will make your work easier

Giving access to leading, innovative tools to fight crime and terror. The common standard and supportive training will make you more efficient in your duty. Cooperating with other specialists across EU will increase security productivity.

Research Groups

Continuing the goal of a united EU

Research Groups

Continuing the goal of a united EU

FORMOBILE is cohering information and knowledge from experts across Europe. The results of the project will pave the way for the next advancement - assisting holistic improvement of EU polices.

EU Citizens

Have confidence, work is being done to keep you safe

EU Citizens

Have confidence, work is being done to keep you safe

Security practitioners work to protect the people of Europe. Citizens can have confidence work is being done to keep them safe and protect their fundamental rights. FORMOBILE will help fight crime in the short term. The overarching goal is to deter criminals and terrorists from using mobile technology.

Timeline of Project Results

May 2019 

Month 1
Project constituted at kick-off meeting 


Month 12
The novel curriculum for mobile forensics trainings is developed.  


Month 18
Acquisition, decoding & analysis techniques working in laboratory, during the development phase.  


Month 24
The CEN Workshop Meetings have been carried out – participants agree the new standard on mobile forensics is appropriate.  

April 2022 

Month 36
Project results are presented at the Final Meeting. All objectives have been reached. The standard has been published, prototypes are ready for exploitation, pilot training was successful. 


Work package WP1 collects the requirements of law enforcement agencies (LEAs) and provides the base of the subsequent WPs. Based on these requirements, the methods to test the standardization agreements, as well as the tools and their applications (WP4 to WP6) will be defined. During this process, the input from the LEAs is essential to ensure that the results of the other work packages are useful in practice.

The work package is broken down into tasks. These include:

Task 1.1 - Specification of end-user requirements (Lead: ZITiS; Participants: HO, ESMIR, KWPP, MPF, PJ, PPHS, LIF) [M01-M06]

Main activities involve-

  • ZITiS is to prepare a reporting template to retrieve LEAs’ requirements on mobile forensics.
  • LEAs are to gather case information and prepare a local report, based on the current status of mobile forensics in their countries – to detail relevant data and known challenges
  • Requirements for hardware and tools to be used in the mobile forensic workflow will be defined.
  • ZITiS will combine all local reports and prepare an overall description of end-user requirements.

Task 1.2 - Evaluation of current status in mobile forensics (Lead: ZITiS; Participants: HO, ESMIR, KWPP, MPF, PJ, NFI) [M07- M13]

Based on the report about end-user requirements, a ring trial will be prepared to evaluate the current status of mobile forensics performed in different countries.

  • All Partners to be included, ZITiS will analyse and interpret the data.
    • The focus is to improve the current state of mobile forensics and to evaluate the differences throughout the European Union

Task 1.3 - Developing methodologies to test the project results (Lead: HO; Participants: ESMIR, KWPP, MPF, PJ, NMPS) [M14- M28]

  • LEAs to develop multiple test cases - used for the validation of project results.
  • Test cases will map different forensic scenarios, which can also be used during the training in WP7.
  • Scenarios will be accompanied by the finding of suitable standardized test and evaluation methods. Scenarios and methods may also cover hardware and software tools.

Task 1.4 - Validation of the FORMOBILE results (Lead: ZITiS; Participants: HO, ESMIR, KWPP, MPF, PJ, A.S.I.) [M29- M36]

After the test training program, another ring trial will be prepared to evaluate the tools and methods developed in the FORMOBILE project. The “Best Practices” generated in the CEN workshop will be implemented in the ring trial after they were taught in training by WP7 – All partners to be included.


Is to ensure FORMOBILE action is carried out with respect to applicable ethical and legal rules; and, results produced are elaborated in compliance with criminal procedure.

To safeguard compliance issues arising during or after the implementation of the action, which would hamper the potential exploitation of the tools and results.

Facilitate the implementation of the European legislation in the field of data protection, notably Directive 680/2016, the General Data Protection Regulation where applicable and any other act in the field adopted before the project’s end.

Task 2.1 - Identification of legal and ethical issues (Lead: LIF; Participants: All) [M01-M12]

Identify potential legal issues that may arise in relation to the FORMOBILE implementation.

Legal partner LIF, with the support of time.lex to carry out appropriate research to identify possible issues, predominately relating to GDPR.

Identify the ethical rules applicable to FORMOBILE’s activities and the potential issues that may arise in this regard.

Task 2.2 – Research on the applicable legislation in the field of electronic evidence extracted from mobile phones (Lead: LIF; Participants: All) [M3-M18]

Explore the different legislative approaches regulating electronic evidence extracted from mobile phones in the selected countries.

To include:

  • Elaboration of a tailored questionnaire strictly focused on issues related to extraction and use of electronic evidence from mobile devices.
  • WP2 team to perform desk-based research to identify and analyse the applicable criminal procedure legal framework.
  • The completed questionnaires are to analyse and compare the collected response and juxtapose it with the research findings.
  • The resulting report is to concentrate on the criminal procedure rules and will examine how the tools elaborated during the project could be used and be of help to LEAs and the judiciary.

Task 2.3 - Specification of a regulatory framework (Lead: LIF; Participants: All) [M12-M36] 

Task 2.3 builds on the work done in task 2.1 and task 2.2 to identify ethical and legal issues applicable to the work done in FORMOBILE and the intended results and tools.

  • It specifies the ethical and legal framework that must be respected,
  • To include the pitfalls, challenges and proposed solutions or applicable best practices to prevent compliance issues at the exploitation stage. These may arise in relation to data protection and human rights.

Task 2.4 - Validation of standard and tool (Lead: TLX; Participants: All) [M24-M36]

The final legal reflection to validate, from a legal and ethical point of view, FORMOBILE standard (WP3), tools (WP4 to WP6) and trainings (WP7). Any outstanding issues are described in detail and practical solutions are to be proposed.


Due to the cross-border nature of crimes, it is vital to create EU standards regarding the forensic examination of mobile devices.

The new standard for mobile forensics will become a CEN workshop agreement (CWA), developed in a CEN or workshop. These workshops are open to all European institutions. CWAs are regularly the forerunner of an EN or ISO standard.

Task 3.1 - Identification of existing practices and standards (Lead: A.S.I.; Participants: ZITiS, PPHS, NFI) [M1-M9]

Existing standards and those under development which are within the scope of the project will be identified.

All relevant standards, directives and regulations will be screened. It will be confirmed which standards are currently used by the LEAs and forensics institutes within the European Union.

Examples of such standards include –

  • ISO17025 which is used in many forensic laboratories
  • ISO/IEC 27037 (Guidelines for identification, collection, acquisition and preservation of digital evidence)
  • NIST Special Publication 800-101 (Guidelines on Mobile Device Forensics)
  • ETSI standards on lawful interception

Task 3.2 - Gap analysis of existing practices and standards (Lead: A.S.I.; Participants: HO, ESMIR, KWPP, MPF, PJ) [M10-M15]

Standards identified in Task 3.1 will be evaluated against the end-user requirements that are collected in WP1.

The aim is to analyse what is missing in existing standards and what needs to be included in standards under development - Findings of this gap analysis will be included in a gap report.

Task 3.3 - Definition of the European mobile forensic standard (Lead: A.S.I.; Participants: HSMW, NFI, MSAB, ZITiS, HO, ESMIR, KWPP, MPF, PJ, NMPS, LIF, PPHS, TLX) [M1-M36]

To define the European standard, a workshop of the European Committee for Standardisation (CEN) will be set up and managed. This involves a series of physical and online meetings for engaging with stakeholder communities.

This is an open, inclusive multi-stakeholder process, where a European Standardisation Deliverable /CEN Workshop Agreement (CWA)/ a publicly available specification, will be produced.


Mobile forensics is mainstream but several technological trends threatening the continuous success of the acquisition of mobile devices.

Three main challenges arise in the field of acquisition:

  1. Acquisition of RAM memory
  2. Acquisition of cloud storage
  3. Acquisition of counterfeit devices.

This work package aims to assist with the acquisition process of challenging mobile data.

Task 4.1 - Acquisition of RAM memory/ Extraction of RAM memory content (Lead: NFI; Participants: TUD) [M1-M36]

An increasing application of strong cryptography demands for new approaches of (mobile) forensics.

To stay successful, focus must widen to include extraction of RAM content, like in traditional PC/laptop oriented digital forensics.

Key focus area will be –

  1. Adapting workflows from crime scene to lab – Reducing RAM contamination.
  2. To extract RAM content of a live phone.

Task 4.2 - Cloud data extraction (Lead: HSMW; Participants: MSAB, KWPP) [M1-M36]

Cloud data sources can serve as great evidence in investigations.

This task will support the improvements to decode even the major cloud computing data export formats in an automated and efficient way - whilst adhering to both national and international laws and the jurisdiction of LEAs.

Task 4.3 - Handling mobile clones (Lead: KSTU; Participants: MSAB, NFI, HSMW) [M1-M36]

With a lack of software information available from the manufacturers of smartphone clones, forensic examinations are very difficult. 

Through the examination of many illegal clones - knowledge, skills and training will be developed and shared between practitioners across Europe.

Task 4.4 - Development of novel import methods (Lead: MSAB; Participants: TUD, NFI, HSMW) [M1M36]

The goal is to create a software extraction tool Dump Importer to further process the additional data, gathered from the work of previous tasks.


Despite the importance of mobile forensics, security measures are hindering forensic examination.

These include-

  • Increasing application of strong cryptography
  • Migration of security techniques into the hardware
  • Development of anti-forensic techniques

The work package aims to assist with the decoding process of mobile data and overcoming security measures like anti-forensic systems.

Task 5.1 - Overcoming security measures hindering forensic examination (Lead: UPat; Participants: NFI) [M1-M36]

The quantity and complexity of the steps required to access modern mobile devices (phones, tablets, car multimedia systems, USB-sticks) are increasing rapidly, due to the increasing application of encryption.

FORMOBILE will explore the known and original possibilities to overcome these security measures.

Task 5.2 - RAM Decoding (Lead: MSAB; Participants: NFI, TUD) [M1-M36]

Traditionally, the focus of mobile forensics has been on non-volatile memory. To stay successful, the focus must widen to include RAM decoding, just like in traditional PC/laptop-oriented digital forensics.

Task 5.3 - Detection and bypassing anti-forensics (Lead: HSMW; Participants: NFI, ZITiS) [M1-M36]

Mobile devices inherently create opportunities to present environments that are conducive to anti-forensic activities.

FORMOBILE will work on a new tool to detect and overcome anti-forensic techniques commonly used in mobile devices. 

Task 5.4 - Development of novel decoding tools (Lead: MSAB; Participants: NMPS) [M1-M36]

The data dumps that will be acquired with the methods developed in WP4 need to be decoded. The aim of Task 5.4 is to develop new methods of decoding. This includes especially the decoding of file systems and file formats.


Mobile devices store more and more data, causing challenges for forensic analysis. This includes the sheer mass of short messages and the rise of mobile malware. This work package aims to assist with the analysis process of mobile data and overcoming problems that arise with mass data. 

Task 6.1 - Evaluation of big data by semantic analysis (Lead: HSMW; Participants: UPat) [M1-M36]

The contents analysis of mobile data covers the analysis and evaluation of multiple artefacts, for example:

  • SMS/Chat
  • E-mails
  • Calls/Contacts
  • Location Data
  • Images/Videos

The goal is to develop new methods to analyse each data type and integrate all retrieved information into one complete knowledge map.

Task 6.2 - Malware analysis (Lead: ZITiS; Participants: HSMW) [M1-M36]

Today, mobile devices are the main target for cyber criminals. In particular, there is a broad range of malware for mobile platforms. The analysis of the malicious code is an important challenge for the law enforcing agencies and developers of antivirus suites.

To overcome this issue, a new platform for the automatic analysis of mobile malicious code will be developed.

Task 6.3 - Visualization of enriched data (Lead: MSAB; Participants: HSMW, KWPP) [M1-M36]

One problem of the analysis of big data is to find value in the mass amount of data. Visualisation is the main tool to overcome this problem, therefore, new tools to visualise the result of the big data analysis will be created.

Task 6.4 - Development of novel analysis tools/ Tools to enrich the extracted data with the results from the big data analysis (Lead: MSAB; Participants: HSMW, KWPP) [M1-M36]

Data acquired with the methods developed in WP5 need to be analysed, this is the aim of Task 6.4. This especially includes the ability to enrich the extracted data with the results from the analysis.


The FORMOBILE target user groups must be trained to use the tool and the novel mobile forensic standard. Users should be able to verify results from the tool and have in-depth knowledge of the standard defined by the project.

We aim for a new novel mobile forensics training curriculum that is developed by commercial players together with academia and LEAs. The curriculum will define a recommended set of courses to become a forensic expert in mobile forensics. Course material will be developed, and a test training of LEAs will be performed.

Task 7.1 - Design of a novel curriculum for LEAs training (Lead: NMPS; Participants: FORTH) [M1-M12]

Today, there are few, mostly commercial, courses in mobile forensics. FORMOBILE will start evaluating existing curricula and courses in the domain of mobile forensics and will perform a gap analysis.

Based on the findings we will develop an innovative novel curriculum, consisting of a set of consecutive modules that will train on tools and standards.

Task 7.2 - Development of training material for LEA training and joint exercises training (Lead: FORTH; Participants: NMPS, MSAB) [M13-M30] 

In Task 7.2 we will develop course material based on the novel curriculum, created for physical classrooms, online webinars and tutorials.

To ensure that the scenarios are relevant for the law enforcement agencies we will include the results task 1.4.

Task 7.3 - Proof of concept FORMOBILE forensic training / Train the trainers training (Lead: NMPS; Participants: All except TLX and SI) [M30-M36]

To prove the effectiveness of the novel curriculum and the training material, we will perform three proof of concept trainings with LEAs. A ‘train the trainers’ concept will be used to help disseminate the knowledge of the tool and the standard much faster.


WP8 aims to plan, develop and coordinate all FORMOBILE activities related to communication, dissemination and exploitation, to reach a wide audience and relevant stakeholders and to create strong awareness of the FORMOBILE outcomes (tools, standard and trainings) at the national, European and global level.

Task 8.1 - FORMOBILE Communication and Dissemination plan (Leader: PPHS; Participants: All) [M1-36]

To define all project communication and dissemination activities carried out throughout the lifetime of the project a strategic document the Communication and Dissemination plan (C&D) will be developed.

This plan will define actions with specific timelines, responsibilities and measurable results, tools (channels) and methods that will be used by the consortium, to ensure that the project is effectively promoted and FORMOBILE results meet the appropriate audience.

Task 8.2 - Communication and dissemination channels (Leader: PPHS; Participants: All) [M1-36]

To facilitate appropriate communication, a set of channels will be used to engage a variety of users. These will include:

  • Project website
  • Social media presence
    • LinkedIn, Twitter, YouTube
  • Newsletter

Task 8.3 - Dissemination materials and visibility (Leader: PPHS; Participants: All) [M1-36]

To support the dissemination and communication activities, promotional materials (electronic and printed versions) will be produced. Moreover, it is planned to publish scientific articles with project results in scientific journals and magazines.

To coordinate dissemination activities, a GDPR compliant stakeholder database, shall be developed and filled up.

Task 8.4 - Dissemination FORMOBILE events (Leader: PPHS; Participants: All) [M1-36]

To disseminate the project results to an extended audience across Europe, a series of events will be created.

It is planned to organise different kinds of events, depending on the aim and the target group. These will include–

  • Kick-off meeting (M1), Mid-term meeting (M18) and the Final-review meeting combined with a public event (M36)
  • Executive meetings for the WP Leaders
  • The standardization workshops (CEN workshop meetings

All events will be combined with public thematic conferences.

Furthermore, all consortium members agreed to contribute to project dissemination when participating in public events like conferences or fairs.

Task 8.5- FORMOBILE exploitation Strategy (Leader: SI; Participants: MSAB, NFI, HSMW) [M1-36]

The FORMOBILE Exploitation Board consisting of the partners (SI, MSAB, NFI and HSMW) will monitor the progress of project results and decide about the related exploitation route and ensure that appropriate measures for IP protection are implemented.

For the tools (developed in WP4-6), exploitation will take place directly by MSAB and NFI respectively. For other specific results, the potential to create start-ups to exploit side results for civil applications will be investigated.

All exploitation will be in total compliance with the Consortium Agreement and the Grant Agreement. One result of the task will be the project exploitation plan. This document will address IPR issues, commercialisation and exploitation aspects. It will ensure the best, maximised impact and full use of all results and outputs of the project.

Task 8.6 - Data Management (Leader: SI; Participants: All) [M1-36]

A Data Management Plan will be developed detailing what data the project will generate (including metadata), whether and how it will be shared or made accessible for verification and re-use, and how it will be curated and preserved.

Task 8.7 - Management of Security Issues (Leader: MSAB) [M1-M36]

The security officer of the FORMOBILE project will oversee all security issues that arise within the project. This includes the risk of misuse of research results and all problems that arise from dual-use. FORMOBILE is committed to the ethics of the Wassenaar Arrangement and will take care that sensitive technologies will propagate freely.


Aims to provide effective and efficient management and communications environment of the FORMOBILE. This will cover the timely delivery of all obligations under the terms of the Grant and Consortium Agreement. Furthermore, the monitoring and managing the work packages, milestones and deliverables will be managed and maintained.

Task 9.1 - Internal Project Communication / Administrative and Financial Project Management. (Leader: HSMW) [M1-36] 

This task will take care of the overall coordination and day-to-day management for the FORMOBILE project concerning internal communication, administrative and financial issues.

A close relationship with the finance departments of each partner will be established, to make sure all budget-related actions are performed correctly. Especially the EU financial contribution will be administrated and distributed within the consortium.

To summarize all these activities a FORMOBILE Project Management Handbook will be created. The project management team will set up and maintain adequate communications with the Commission’s project officers on the project progression and other relevant issues.

Task 9.2 - Technical Organisation, Coordination and Scientific Management of the Project (Leader: HSMW) [M1-36]

The project coordinator, HSMW, with its project management office is responsible for technical coordination and quality assurance throughout the project. This task involves coordination and synchronisation of the interfaces between the work package activities, monitoring of progress, tracking deliverables and milestones, coordinating input/output flows between the various work packages and tasks.


These tasks have been deduced from the deliverables of WP10 by the PMO

Task 10.1 - H - Requirement No. 2 (Leader: HSMW, Participants: All) [M1]

The procedures and criteria that will be used to identify/recruit research participants will be determined.

Task 10.2 - H - Requirement No. 3 (Leader: HSMW, Participants: All) [M1]

Copies of opinions/approvals by ethics committees and/or competent authorities for the research with humans have to be collected.

Task 10.3 - H - Requirement No. 4 (Leader: HSMW, Participants: All) [M1]

Informed consent procedures that will be implemented for the participation of humans will be defined. Templates of the informed consent forms and information sheets (in language and terms intelligible to the participants) will be created.

Task 10.4 - POPD - Requirement No. 6 (Leader: HSMW, Participants: All) [M1]

The host institution confirms that it has appointed a Data Protection Officer (DPO) and the contact details of the DPO are available to all data subjects involved in the research. For host institutions not required to appoint a DPO under the GDPR a detailed data protection policy for the project must be defined.

Task 10.5 - POPD - Requirement No. 7 (Leader: HSMW, Participants: All) [M1]

A description of the security measures that will be implemented to prevent unauthorised access to personal data or the equipment used for processing must be defined.

Task 10.6 - POPD - Requirement No. 8 (Leader: HSMW, Participants: All) [M1]

In case of further processing of previously collected personal data, an explicit confirmation that the beneficiary has a lawful basis for the data processing and that the appropriate technical and organisational measures are in place to safeguard the rights of the data subjects has to be defined.

Task 10.7 - POPD - Requirement No. 9 (Leader: HSMW, Participants: All) [M1]

Detailed information on the informed consent procedures with data processing will be defined. Templates of the informed consent forms and information sheets with data processing (in language and terms intelligible to the participants) will be created.

Task 10.8 - POPD - Requirement No. 10 (Leader: HSMW, Participants: All) [M3]

All beneficiaries must explain how all of the data they intend to process is relevant and limited to the purposes of the research project (in accordance with the 'data minimisation' principle).

Task 10.9 - POPD - Requirement No. 11 (Leader: HSMW, Participants: All) [M3]

All beneficiaries must evaluate the ethics risks related to the data processing activities of the project. This includes also an opinion if data protection impact assessment should be conducted under art.35 General Data Protection Regulation 2016/679 or art. 27 of the Directive 2016/680.

Task 10.10 - M - Requirement No. 12 (Leader: HSMW, Participants: All) [M12]

Risk assessment and details on measures to prevent misuse of research findings must be defined.

Task 10.11 - DU - Requirement No. 13 (Leader: HSMW, Participants: All) [M12]

Details on potential dual-use implications of the project and risk-mitigation strategies have to be described.

Task 10.12 - GEN - Requirement No. 14 (Leader: HSMW, Participants: Ethics Advisory Board members) [M1]

Due to the severity of the ethics issues raised by the proposed research, the Ethical Advisory Board which includes relevant independent expertise must be established to monitor the ethics issues in this project and how they are handled. The Board must be consulted at least on the following points: processing of data extracted from mobile devices (who can access the data, potential anonymisation procedures and potential for misuse) and data security (multiple types of personal data, potentially including sensitive data is extracted from mobile devices and stored and processed).

Task 10.13 - GEN - Requirement No. 15 (Leader: HSMW, Participants: Ethics Advisory Board members) [M5]

A report by the Ethics Advisory Board must be submitted as a deliverable at month 5.

Task 10.14 - GEN - Requirement No. 16 (Leader: HSMW, Participants: Ethics Advisory Board members) [M19]

A report by the Ethics Advisory Board must be submitted as a deliverable at month 19.

When you visit this website, cookies are placed on your device. These cookies allow the website to function and enable us to collect statistical information regarding this website, which we need to further optimize its functioning and your user experience. By your use of this website and by clicking on “ok”, you indicate that you have read all information concerning our use of cookies and the processing of your personal data and you consent to this use and processing as contained in our cookie policy, which can be found here Cookie Policy

I have read and agree to the processing of my data