Scientific forensic framework for smartphones

Main interest in both criminal investigations and security agencies is discovering communications channels by terrorists and criminals. One of the primary challenges faced by law enforcement agencies is the tremendous capacity and capabilities of smartphones as affordable, commonplace and an indispe...

Full description

Saved in:
Bibliographic Details
Main Author: Shahpasand, Maryam
Format: Thesis
Language:English
Published: 2015
Subjects:
Online Access:http://psasir.upm.edu.my/id/eprint/65262/1/FSKTM%202015%2047IR.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Main interest in both criminal investigations and security agencies is discovering communications channels by terrorists and criminals. One of the primary challenges faced by law enforcement agencies is the tremendous capacity and capabilities of smartphones as affordable, commonplace and an indispensable part of daily lives. When mobile phone devices are involved in a crime, forensic examiners need methods and tools to properly retrieve and analyze existing data on the digital device based on scientific forensic standards. Unfortunately, forensic analysis of mobile phone devices is not adequately documented and explored. However to overcome this issue, there has been considerable work in the mobile phone analysis field but forensic science does not apply to forensic remnants determination on newfangled smartphones. Consideration of existing forensic works demonstrates that no formal technique covers verification of valuable forensic evidences on smartphones. Forensic investigators need scientific forensic sound techniques to analyze smartphones and present at court as reliable report. The current standard and open formats for mobile phone forensic describe memory image properties, but do not describe the products of detailed investigations for real-world crime cases and caused to mobile phone forensic investigators are confronting constraints such as time, budget, and the capacity when handling mobile phone forensic cases on a daily basis. So, the strong need felt for plenary framework to investigate smartphones in both digital and scientific forensic part, verify formally and apply to real-world scenarios. The aim of this study is to propose and develop a scientific forensic framework for smartphones to apply the scientific forensic processes on smartphone investigation. The proposed scientific forensic framework for smartphones helps investigators by considering all artifacts and available digital evidences on these devices. A formal model designed for describing scientific forensic framework to verify examination results for presenting in the court rooms. The developed framework is analyzed for different contexts and conditions, within of real-world smartphone crime scenarios. Based on exploratory research, real-world smartphone crime cases investigate to discover the methods with the acquiring, preserving and analyzing digital evidences on Windows Phone 8 devices. Extracted evidences and forensic methods are examined by content pattern, formalize the extracted evidences in mathematical way and developed applications provided correctness, atomicity, integrity and consistency according to Doubert Standard. Scientific forensic framework is developed and verified in both formal and experimental aspect of research. Formal model developed for scientific forensic framework based on TLA logic and proof the applicability of model on all smartphones independent of platforms. Formal model devised an expressive and flexible model for representing scientific forensic framework for smartphones. Experimental part done on Windows Phone 8, evaluated based on Doubert standard and approved by panel of experts including academic Committee, Low Enforcement Committee and Digital Investigator Committee. Applicability of proposed framework to real-world scenarios proves the framework correctness and device independency. The results demonstrate how the development framework can cover all steps of scientific and digital investigation process in smartphone crime cases. Scientific forensic framework is conformed to the best practices including: identifying the file sources, extracting files metadata, extracting device information,Network, auditing and reporting system to prepare court reports, file signatures (file carving model), SIM and SD card, Hardware, Phone State and artifacts examination on desktop O.S. The present study creates a reliable guideline on smartphone investigation process and presented a scientific forensic framework by providing correctness, atomicity, integrity and consistency for smartphone. The proposed scientific forensic framework assists investigators by collecting all possible smartphone evidences to find out the chain of custody, present a court report and detect the criminals. Furthermore, the proposed framework as a scientific reference for smartphones investigators can be used for police agencies, low Enforcements, Incident Response management teams. Moreover, this study can be regarded as pioneering research which has attempted to shed light on smartphone forensic.