Effectiveness of the factory reset on a mobile device

Abstract

All mobile phones use internal flash memory to store information. The flash memory contains personal user data that can be extracted with the use of forensics tools. This information could be used to profile a user's daily activity. However, all smartphones provide a tool to erase (factory reset) the information from the flash memory. Twenty-one smartphones were used to evaluate the effectiveness of the factory-reset feature. A set of forensics tools from Cellebrite was used for the extraction and analysis process. The factory-reset feature was found to leave significant amounts of user-generated content after operation. The amount of user-generated content varied by vendor and model number. Extracted data are presented as evidence to show the ineffectiveness of the reset. User data such as photographs, audio files, text files, login information and geolocation data were left on the phone. The data analysis uncovered the unreliable nature of a factory reset and how the user is not properly protected.