A generic smartphone forensic investigation process model
Smartphones are sources of digital evidence and repository for considerable amount of personal and work-related information about the phone users, their network of contacts and activities. Investigations involving various such devices have been identified as growing challenges to digital forensic...
Saved in:
Main Author: | |
---|---|
Format: | Thesis |
Language: | English |
Published: |
2016
|
Subjects: | |
Online Access: | http://psasir.upm.edu.my/id/eprint/69362/1/FSKTM%202016%2033%20IR.pdf |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Summary: | Smartphones are sources of digital evidence and repository for considerable amount
of personal and work-related information about the phone users, their network of
contacts and activities. Investigations involving various such devices have been
identified as growing challenges to digital forensic researchers and practitioners.
Similar to other areas of digital forensic practice, the process models developed for
smartphones do not consider satisfying any scientific requirement of a digital
investigation process models to make such models reliable and admissible in court.
They have also been criticized for their tendency to focus on one particular type of
devices and failure to embrace the level of practicality and generality needed to be
applied in the investigation of all smartphones, independent of their platforms. In
addition, the common challenge associated with these models is that they tried to
encompass all aspects of digital forensic activities in a single-tier, high level process
models. This makes such models too unwieldy, impractical and unlikely to be adopted.
This research proposes a new forensic process model for digital investigation of
smartphones, called Generic Smartphone Forensic Investigation Process Model
(GSFIPM), which addresses both the practical needs of practitioners and the
expectations of legal domain for a reliable and structured process model to be
followed. The proposed model is a multi-tier, objective-based, iterative process model
that is generically applicable in investigation of any type of smartphones. GSFIPM is
integrated with Encompassing Proceedings as principles that have a wider scope than
a single process in the course of an investigation. The second tier of the GSFIPM
focuses on the evidence collection and preservation process since this process is
arguably the most critical process in the course of a digital investigation. Any doubt
cast upon this process makes the output of other processes moot. A two-stage formal
model called Formal Evidence Collection Model for Smartphones (FECMS) is
designed, comprising of two UML Activity Diagrams, two Implementation Guidelines
and the Overarching Principles.
This research employed the Design Science Research Process (DSRP) methodology
on the basis that it is an ‘ideal approach’ in the problem domain of digital forensic and
especially appropriate for creating a new process model. The effectiveness of the
GSFIPM and FECMS to satisfy the intended requirements are independently
evaluated by a group of digital forensic experts. Feedbacks from these experts are
taken into account and amendments are applied as appropriately as possible. The
feedbacks received from experts, regarding the GSFIPM, are generally positive in
fulfilling the scientific requirements. GSFIPM is also believed to hold new features in
the design, namely being multi-tier and iterative, and containing overarching
principles and stratification in roles and responsibilities. The feedbacks are also
optimist for FECMS, in terms of utility and usability. This research demonstrates how
GSFIPM and FECMS can be practically applicable in smartphone investigations and
beneficial to the digital forensic practitioners in various environments. |
---|