A generic smartphone forensic investigation process model

Smartphones are sources of digital evidence and repository for considerable amount of personal and work-related information about the phone users, their network of contacts and activities. Investigations involving various such devices have been identified as growing challenges to digital forensic...

Full description

Saved in:
Bibliographic Details
Main Author: Farjamfar, Anahita
Format: Thesis
Language:English
Published: 2016
Subjects:
Online Access:http://psasir.upm.edu.my/id/eprint/69362/1/FSKTM%202016%2033%20IR.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Smartphones are sources of digital evidence and repository for considerable amount of personal and work-related information about the phone users, their network of contacts and activities. Investigations involving various such devices have been identified as growing challenges to digital forensic researchers and practitioners. Similar to other areas of digital forensic practice, the process models developed for smartphones do not consider satisfying any scientific requirement of a digital investigation process models to make such models reliable and admissible in court. They have also been criticized for their tendency to focus on one particular type of devices and failure to embrace the level of practicality and generality needed to be applied in the investigation of all smartphones, independent of their platforms. In addition, the common challenge associated with these models is that they tried to encompass all aspects of digital forensic activities in a single-tier, high level process models. This makes such models too unwieldy, impractical and unlikely to be adopted. This research proposes a new forensic process model for digital investigation of smartphones, called Generic Smartphone Forensic Investigation Process Model (GSFIPM), which addresses both the practical needs of practitioners and the expectations of legal domain for a reliable and structured process model to be followed. The proposed model is a multi-tier, objective-based, iterative process model that is generically applicable in investigation of any type of smartphones. GSFIPM is integrated with Encompassing Proceedings as principles that have a wider scope than a single process in the course of an investigation. The second tier of the GSFIPM focuses on the evidence collection and preservation process since this process is arguably the most critical process in the course of a digital investigation. Any doubt cast upon this process makes the output of other processes moot. A two-stage formal model called Formal Evidence Collection Model for Smartphones (FECMS) is designed, comprising of two UML Activity Diagrams, two Implementation Guidelines and the Overarching Principles. This research employed the Design Science Research Process (DSRP) methodology on the basis that it is an ‘ideal approach’ in the problem domain of digital forensic and especially appropriate for creating a new process model. The effectiveness of the GSFIPM and FECMS to satisfy the intended requirements are independently evaluated by a group of digital forensic experts. Feedbacks from these experts are taken into account and amendments are applied as appropriately as possible. The feedbacks received from experts, regarding the GSFIPM, are generally positive in fulfilling the scientific requirements. GSFIPM is also believed to hold new features in the design, namely being multi-tier and iterative, and containing overarching principles and stratification in roles and responsibilities. The feedbacks are also optimist for FECMS, in terms of utility and usability. This research demonstrates how GSFIPM and FECMS can be practically applicable in smartphone investigations and beneficial to the digital forensic practitioners in various environments.