A forensic analysis approach to smartphones from a criminal investigation perspective

Abstract

Ever since the introduction of new functionalities like social networking and instant messaging, there has been a remarkably growth in the number of smartphone users. This innovative communication method also increases the likelihood for deploying smartphones, in view of its diversity and anonymous nature, as portable devices used in criminal activities. Thus, the objective of this research is to identify and review proper technical approaches in conducting forensic examinations on smartphones. The term, mobile device forensics denotes the recovery of digital evidence or data stored on a mobile device by any method or scheme that is forensically sound. This is a two-stage process which comprised of data extraction and analysis. Most of the forensic toolkits being used to gain access to a phone’s internal memory are developed by forensic companies who design their own programs and acquisition methods. So far these toolkits have not been independently verified or tested for full memory acquisition. Accordingly, in the first part of this thesis, research experiments will be carried out to evaluate if the smartphone backup option, physical extraction using custom boot loader or the equipment specifically build to facilitate the invasive task of JTAG (Joint Task Action Group) acquisition can be used to acquire data and at the same time preserve the integrity of such digital evidence. The latter half of the thesis will examine the acquired data by means of various decoding software to determine their relevancy to forensic investigations. Test results are also cross-evaluated by commercial forensic tools so as to make a comparison on their effectiveness and completeness in analyzing the extracted data. The ultimate goal is to ensure digital data so recovered by mobile forensic tools can be adduced as reliable evidence in court proceedings. Some drawbacks of the mobile forensic toolkits and procedures will also be highlighted. For instance, it is considered that there is no single tool or method which is capable of acquiring all necessary evidence from various smartphone models. Lastly, this thesis will conclude with a synopsis of findings and the future work planned in this area.