Mobile Device Forensics Framework: A Toolbox to Support and Enhance This Process

Bruno M. V. Bernardo, Henrique S. Mamede, João M. P. Barroso, Vítor M. P. D. dos Santos

Abstract


Cybercrime is growing rapidly, and it is increasingly important to use advanced tools to combat it and support investigations. One of the battlefronts is the forensic investigation of mobile devices to analyze their misuse and recover information. Mobile devices present numerous challenges, including a rapidly changing environment, increasing diversity, and integration with the cloud/IoT. Therefore, it is essential to have a secure and reliable toolbox that allows an investigator to thwart, discover, and solve all problems related to mobile forensics while deciphering investigations, whether criminal, civil, corporate, or other. In this work, we propose an original and innovative instantiation of a structure in a forensic toolbox for mobile devices, corresponding to a set of different applications, methods, and best practice information aimed at improving and perfecting the investigative process of a digital investigator. To ensure scientific support for the construction of the toolbox, the Design Science Research (DSR) methodology was applied, which seeks to create new and unique artifacts, drawing on the strength and knowledge of science and context. The toolbox will help the forensic investigator overcome some of the challenges related to mobile devices, namely the lack of guidance, documentation, knowledge, and the ability to keep up with the fast-paced environment that characterizes the mobile industry and market.

 

Doi: 10.28991/ESJ-2024-08-03-011

Full Text: PDF


Keywords


Digital Archaeology; Digital Evidence; Digital Forensics; Mobile Device Forensics; Data Governance.

References


Fukami, A., Stoykova, R., & Geradts, Z. (2021). A new model for forensic data extraction from encrypted mobile devices. Forensic Science International: Digital Investigation, 38, 301169. doi:10.1016/j.fsidi.2021.301169.

Vella, M., & Colombo, C. (2022). D-Cloud-Collector: Admissible Forensic Evidence from Mobile Cloud Storage. ICT Systems Security and Privacy Protection. SEC 2022. IFIP Advances in Information and Communication Technology, Vol 648, Springer, Cham, Switzerland. doi:10.1007/978-3-031-06975-8_10.

Ramazhamba, P. T., & Venter, H. S. (2023). Using distributed ledger technology for digital forensic investigation purposes on tendering projects. International Journal of Information Technology, 15(3), 1255–1274. doi:10.1007/s41870-023-01215-9.

Chernyshev, M., Zeadally, S., Baig, Z., & Woodward, A. (2017). Mobile Forensics: Advances, Challenges, and Research Opportunities. IEEE Security & Privacy, 15(6), 42–51. doi:10.1109/MSP.2017.4251107.

Klomklin, S., & Lekcharoen, S. (2016). A development of mobile phone forensics procedures for law enforcement agencies in Thailand. 2016 11th International Conference on Computer Science & Education (ICCSE), Nagoya, Japan. doi:10.1109/iccse.2016.7581626.

Jadhav, M., & Joshi, K. K. (2016). Forensic investigation procedure for data acquisition and analysis of Firefox OS based mobile devices. 2016 International Conference on Computing, Analytics and Security Trends (CAST), Pune, India. doi:10.1109/cast.2016.7915012.

Balushi, Y. A., Shaker, H., & Kumar, B. (2023). The Use of Machine Learning in Digital Forensics: Review Paper. Proceedings of the 1st International Conference on Innovation in Information Technology and Business (ICIITB 2022), 96–113. doi:10.2991/978-94-6463-110-4_9.

Sharma, B. K., Yadav, V., Purba, M. K., Sharma, Y., & Kumar, V. (2022). Challenges, Tools, and Future of Mobile Phone Forensics. Journal of Positive School Psychology, 4463-4474.

Kao, D.-Y., Wu, N.-C., & Tsai, F. (2019). The Governance of Digital Forensic Investigation in Law Enforcement Agencies. 2019 21st International Conference on Advanced Communication Technology (ICACT), PyeongChang, Korea (South). doi:10.23919/icact.2019.8701995.

Rascao, J. P. (2021). Data Governance in the Digital Age. Advances in Information Security, Privacy, and Ethics, 34–62, IGI Global, Pennsylvania, United States. doi:10.4018/978-1-7998-4201-9.ch003.

Graves, M. W. (2013). Digital archaeology: the art and science of digital forensics. Pearson Education, London, United Kingdom.

Omeleze, S., & Venter, H. S. (2019). Digital forensic application requirements specification process. Australian Journal of Forensic Sciences, 51(4), 371–394. doi:10.1080/00450618.2017.1374456.

Barmpatsalou, K., Cruz, T., Monteiro, E., & Simoes, P. (2018). Current and future trends in mobile device forensics: A survey. ACM Computing Surveys, 51(3), 1–31. doi:10.1145/3177847.

Casey, E., & Zehnder, A. (2021). Inter-regional digital forensic knowledge management: needs, challenges, and solutions. Journal of Forensic Sciences, 66(2), 619–629. doi:10.1111/1556-4029.14613.

Spellman, B. A., Eldridge, H., & Bieber, P. (2022). Challenges to reasoning in forensic science decisions. Forensic Science International: Synergy, 4, 100200. doi:10.1016/j.fsisyn.2021.100200.

Tassone, C. F. R., Martini, B., & Choo, K. K. R. (2017). Visualizing Digital Forensic Datasets: A Proof of Concept. Journal of Forensic Sciences, 62(5), 1197–1204. doi:10.1111/1556-4029.13431.

Sathe, S. C., & Dongre, N. M. (2018). Data acquisition techniques in mobile forensics. 2018 2nd International Conference on Inventive Systems and Control (ICISC), Coimbatore, India. doi:10.1109/icisc.2018.8399079.

Kim, D., Lee, Y., & Lee, S. (2018). Mobile forensic reference set (MFReS) and mobile forensic investigation for android devices. Journal of Supercomputing, 74(12), 6618–6632. doi:10.1007/s11227-017-2205-5.

Omeleze, S., & Venter, H. S. (2013). Testing the harmonised digital forensic investigation process model-using an Android mobile phone. In 2013 Information Security for South Africa - Proceedings of the ISSA 2013 Conference, 1–8. doi:10.1109/ISSA.2013.6641063.

Al-Sabaawi, A., & Foo, E. (2019). A comparison study of android mobile forensics for retrieving files system. International Journal of Computer Science and Security (IJCSS), 13(4), 148-166.

Rao, V. V., & Chakravarthy, A. S. N. (2016). Forensic analysis of android mobile devices. 2016 International Conference on Recent Advances and Innovations in Engineering (ICRAIE), Jaipur, India. doi:10.1109/icraie.2016.7939540.

Alhassan, J.K., Oguntoye, R.T., Misra, S., Adewumi, A., Maskeliūnas, R., Damaševičius, R. (2018). Comparative Evaluation of Mobile Forensic Tools. Proceedings of the International Conference on Information Technology & Systems (ICITS 2018), ICITS 2018, Advances in Intelligent Systems and Computing, Vol 721, Springer, Cham, Switzerland. doi:10.1007/978-3-319-73450-7_11.

Gajjar, K., & Sharma, P. (2020). Android based Mobile Forensic and Comparison using various Tools. International Research Journal of Engineering and Technology (IRJET), 7(4), 1399-1404.

Attar M. I. A &. Kapale M. M. M. (2019). Conceptual Study of Mobile Forensics. International Journal of Trend in Scientific Research and Development, 4(1), 161-163.

Mumba, E. R., & Venter, H. S. (2014). Mobile forensics using the harmonised digital forensic investigation process. Information Security for South Africa, Johannesburg, South Africa. doi:10.1109/issa.2014.6950491.

Baskerville, R., Baiyere, A., Gregor, S., Hevner, A., & Rossi, M. (2018). Design science research contributions: Finding a balance between artifact and theory. Journal of the Association for Information Systems, 19(5), 358–376. doi:10.17705/1jais.00495.

Weber, S., Beck, R., & Gregory, R. W. (2012). Combining Design Science and Design Research Perspectives--Findings of Three Prototyping Projects. 2012 45th Hawaii International Conference on System Sciences, Maui, United States. doi:10.1109/hicss.2012.163.

Ostrowski, L., Helfert, M., & Xie, S. (2012). A Conceptual Framework to Construct an Artefact for Meta-Abstract Design Knowledge in Design Science Research. 45th Hawaii International Conference on System Sciences, Maui, United States. doi:10.1109/hicss.2012.51.

Dresch, A., Pacheco Lacerda, D., & Cauchick Miguel, P. A. (2015). A Distinctive Analysis of Case Study, Action Research and Design Science Research. Review of Business Management, 1116–1133. doi:10.7819/rbgn.v17i56.2069.

Schorr, F., & Hvam, L. (2018). The Use of Design-science to Define Information Content Requirements for IT Service Catalogs. 2018 IEEE International Conference on Industrial Engineering and Engineering Management (IEEM), Bangkok, Thailand. doi:10.1109/ieem.2018.8607318.

Cronholm, S., & Göbel, H. (2016). Evaluation of the information systems research framework: Empirical evidence from a design science research project. Electronic Journal of Information Systems Evaluation, 19(3), 158-168.

Soltani, S., & Hosseini Seno, S. A. (2023). Detecting the software usage on a compromised system: A triage solution for digital forensics. Forensic Science International: Digital Investigation, 44, 301484. doi:10.1016/j.fsidi.2022.301484.

Brunty, J. (2023). Validation of forensic tools and methods: A primer for the digital forensics’ examiner. WIREs Forensic Science, 5(2), 1-6. doi:10.1002/wfs2.1474.

Hackman, L., Mack, P., & Ménard, H. (2024). Behind every good research there are data. What are they and their importance to forensic science. Forensic Science International: Synergy, 8, 100456. doi:10.1016/j.fsisyn.2024.100456.

Ferreira, J., Santos, B., Oliveira, W., Antunes, N., Cabral, B., & Fernandes, J. P. (2023). On Security and Energy Efficiency in Android Smartphones. 2023 IEEE/ACM 10th International Conference on Mobile Software Engineering and Systems (MOBILESoft), Melbourne, Australia. doi:10.1109/mobilsoft59058.2023.00018.

Alam, M. N., & Kabir, Md. S. (2023). Forensics in the Internet of Things: Application Specific Investigation Model, Challenges and Future Directions. 2023 4th International Conference for Emerging Technology (INCET), Belgaum, India. doi:10.1109/incet57972.2023.10170607.

Zhang, X., Liu, C. Z., Choo, K. K. R., & Alvarado, J. A. (2021). A design science approach to developing an integrated mobile app forensic framework. Computers and Security, 105. doi:10.1016/j.cose.2021.102226.

Ryu, J. H., Sharma, P. K., Jo, J. H., & Park, J. H. (2019). A blockchain-based decentralized efficient investigation framework for IoT digital forensics. Journal of Supercomputing, 75(8), 4372–4387. doi:10.1007/s11227-019-02779-9.

Årnes, A. (2017). Digital forensics. John Wiley & Sons, Hoboken, United States.

Houck, M. M. (2019). How forensic science works: an architecture for the forensic enterprise. Australian Journal of Forensic Sciences, 51(3), 359–368. doi:10.1080/00450618.2017.1375396.

House of Lords. (2019). Forensic science and the criminal justice system: A blueprint for change science and technology select committee 3rd report of session 2017–19. House of Lords, London, United Kingdom.

Roux, C., Ribaux, O., & Crispino, F. (2018). Forensic science 2020–the end of the crossroads? Australian Journal of Forensic Sciences, 50(6), 607–618. doi:10.1080/00450618.2018.1485738.

Valdez, B. (2018). Spotlight on a Discipline. International Social Science Review, 94(2), 1-6.

Du, X., Le-Khac, N. A., & Scanlon, M. (2017). Evaluation of digital forensic process models with respect to digital forensics as a service. arXiv: preprint arXiv:1708.01730. doi:10.48550/arXiv.1708.01730.

SONMEZ, Y. U., & VAROL, A. (2017). Review of evidence collection and protection phases in digital forensics process. International Journal of Information Security Science, 6(4), 39-45.

Faheem, M., Le-Khac, N.-A., & Kechadi, T. (2016). Toward a new mobile cloud forensic framework. 2016 Sixth International Conference on Innovative Computing Technology (INTECH). doi:10.1109/intech.2016.7845142.

Mirza, M. M., Ozer, A., & Karabiyik, U. (2022). Mobile Cyber Forensic Investigations of Web3 Wallets on Android and iOS. Applied Sciences (Switzerland), 12(21). doi:10.3390/app122111180.

Bjornson, J., & Hunter, A. (2016). Mobile forensics for cloud data: Practical and legal considerations. 2016 14th Annual Conference on Privacy, Security and Trust (PST), Auckland, New Zealand. doi:10.1109/pst.2016.7906927.

Ayers, R., Brothers, S., & Jansen, W. (2014). Guidelines on mobile device forensics. National Institute of Standards and Technology, 1-85. doi:10.6028/nist.sp.800-101r1.

Hummert, C., & Pawlaszczyk, D. (2022). Mobile Forensics – The File Format Handbook. In Mobile Forensics – The File Format Handbook. doi:10.1007/978-3-030-98467-0.

Maras, M. H., & Miranda, M. D. (2014). Forensic Science. Encyclopedia of Law and Economics. Springer, New York, United States. doi:10.1007/978-1-4614-7883-6_11-1.

Horsman, G. (2024). The importance of digital evidence strategies. WIREs Forensic Science, 6(1), 1-10. doi:10.1002/wfs2.1507.

Hayes, D. R. (2015). A practical guide to computer forensics investigations. Pearson Education, London, United Kingdom.

Mullen, G. (2006). Project-a-phone revolutionizes the art of presentation. Telecommunications (Americas Edition), 40(5), 8.

Netherlands Forensic Institute. (2011). The NFI Memory Toolkit II – A universal forensic solution to read memory chips developed by the Netherlands Forensic Institute. Netherlands Forensic Institute, The Hague, Netherlands.

Ayers, R., Jansen, W., Cilleros, N., & Daniellou, R. (2005). Cell phone forensics tools: An overview and analysis. National Institute of Standards and technology (NIST), Gaithersburg, United States.

Bachler, M. (2020). An Analysis of Smartphones Using Open Source Tools versus the Proprietary Tool Cellebrite UFED Touch®. Marshall University Forensic Science Center, Huntington, United States.

Heriyanto, A., Valli, C., & Hannay, P. (2015). Comparison of live response, linux memory extractor (LiME) and Mem tool for acquiring android’s volatile memory in the malware incident. Australian Digital Forensics Conference, ADF 2015, l(eld), 5–14. doi:10.4225/75/57b3f143fb884.

Sumuri LLC. (2016). Quick Start Guide - Paladin Forensic Mode Version 7.00.

Bommisetty, S., Tamma, R., & Mahalik, H. (2014). Practical mobile forensics. Packt Publishing Ltd, Birmingham, United Kingdom.

Lessard, J., & Kessler, G.C. (2010). Android Forensics: Simplifying Cell Phone Examinations. Small Scale Digital Device Forensics Journal, 4(1), 1-12.

Shortall, A., & Bin Azhar, M. A. H. (2015). Forensic Acquisitions of WhatsApp Data on Popular Mobile Platforms. 2015 Sixth International Conference on Emerging Security Technologies (EST). doi:10.1109/est.2015.16.

Byers, D., & Shahmehri, N. (2009). A systematic evaluation of disk imaging in EnCase® 6.8 and LinEn 6.1. Digital Investigation, 6(1–2), 61–70. doi:10.1016/j.diin.2009.05.004.

Dykstra, J., & Sherman, A. T. (2012). Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques. Digital Investigation, 9, S90–S98. doi:10.1016/j.diin.2012.05.001.

Hoog, A. (2011). Android Forensics: Investigation, Analysis and Mobile Security for Google Android. Syngress, Rockland, United States. doi:10.1016/C2010-0-65787-7.

Homeland Security – Science and Technology. (2016). Test Results for Mobile Device Acquisition Tool – BlackLight v2016.1. DHS Science and Technology Directorate, Washington, United States.

Cappa, F., Del Sette, F., Hayes, D., & Rosso, F. (2016). How to deliver open sustainable innovation: An integrated approach for a sustainable marketable product. Sustainability (Switzerland), 8(12), 1341. doi:10.3390/su8121341.

Asim, M., Amjad, M. F., Iqbal, W., Afzal, H., Abbas, H., & Zhang, Y. (2019). AndroKit: A toolkit for forensics analysis of web browsers on android platform. Future Generation Computer Systems, 94, 781–794. doi:10.1016/j.future.2018.08.020.

Alghafli, K. A., Jones, A., & Martin, T. A. (2012). Forensics data acquisition methods for mobile phones. 2012 International Conference for Internet Technology and Secured Transactions, 10-12 December, London, United Kingdom.

Kim, A. D. (2020). Digital Forensics Tools Integration. The Air Force Institute of Technology (AFIT), Ohio, United States.

da Silveira, C. M., de Sousa, R. T., de Oliveira Albuquerque, R., Nze, G. D. A., de Oliveira Júnior, G. A., Orozco, A. L. S., & Villalba, L. J. G. (2020). Methodology for forensics data reconstruction on mobile devices with android operating system applying in-system programming and combination firmware. Applied Sciences (Switzerland), 10(12), 4231. doi:10.3390/app10124231.

Passware Inc. (2017). Passware Kit Forensic - The complete encrypted electronic evidence discovery solution. Passware Inc., Mountain View, United States.

Homeland Security – Science and Technology. (2020). Final Mobile Forensics Version 2019.07.05 Test Results for Binary Image Tool. DHS Science and Technology Directorate, Washington, United States.

Homeland Security – Science and Technology. (2016). Test Results for Mobile Device Acquisition Tool - Secure View v4.1.9. 2016. DHS Science and Technology Directorate, Washington, United States.

Bernardo, B. (2021). Toolbox Application to Support and Enhance the Mobile Device Forensics Investigation Process. Forensic Science & Addiction Research, 5(3), 1-105. doi:10.31031/fsar.2021.05.000619.

Bernardo, B., & Santos, V. (2020). Mobile Device Forensics Investigation Process. Handbook of Research on Cyber Crime and Information Privacy, 2021, 256–288. doi:10.4018/978-1-7998-5728-0.ch014.

Bernardo, B. (2022). Artificial Intelligence and Digital Forensics on Data Governance Breaking Through its Importance to Organizations and its Operations. Forensic Science & Addiction Research, 5(4). doi:10.31031/fsar.2022.05.000625.

Li, S., Sun, Q., & Xu, X. (2018). Forensic Analysis of Digital Images over Smart Devices and Online Social Networks. IEEE 20th International Conference on High Performance Computing and Communications; IEEE 16th International Conference on Smart City; IEEE 4th International Conference on Data Science and Systems (HPCC/SmartCity/DSS), Exeter, United Kingdom. doi:10.1109/hpcc/smartcity/dss.2018.00168.

Akinbi, A. O. (2023). Digital forensics challenges and readiness for 6G Internet of Things (IoT) networks. WIREs Forensic Science, 5(6), 1-21. doi:10.1002/wfs2.1496.


Full Text: PDF

DOI: 10.28991/ESJ-2024-08-03-011

Refbacks

  • There are currently no refbacks.


Copyright (c) 2024 Bruno Miguel Vital Bernardo, Henrique São Mamede, João Manuel Pereira Barroso, Vítor Manuel Pereira Duarte dos Santos