Mobile forensic triage for damaged phones using M_Triage
Mobile forensics triage is a useful technique in a digital forensics investigation for recovering lost or purposely deleted and hidden files from digital storage. It is particularly useful, especially when solving a very sensitive crime, for example, kidnapping, in a timely manner. However, the exis...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English English |
| Published: |
2016
|
| Subjects: | |
| Online Access: | http://eprints.uthm.edu.my/814/1/24p%20YUSOOF%20MOHAMMED%20HASHEEM.pdf http://eprints.uthm.edu.my/814/2/YUSOOF%20MOHAMMED%20HASHEEM%20WATERMARK.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my-uthm-ep.814 |
|---|---|
| record_format |
uketd_dc |
| spelling |
my-uthm-ep.8142021-09-01T07:55:15Z Mobile forensic triage for damaged phones using M_Triage 2016-07 Mohammed Hasheem, Yusoof HV8073-8079.35 Investigation of crimes. Examination and identification of prisoners Mobile forensics triage is a useful technique in a digital forensics investigation for recovering lost or purposely deleted and hidden files from digital storage. It is particularly useful, especially when solving a very sensitive crime, for example, kidnapping, in a timely manner. However, the existing mobile forensics triage tools do not consider performing a triage examination on damaged mobile phones. This research addressed the issues of performing triage examination on damaged Android mobile phones and reduction of false positive result generated by the current mobile forensics triage tools. Furthermore, the research addressed the issues of ignoring possible evidence residing in a bad block memory location. In this research a new forensics triage tool called M_Triage was introduced by extending Decode’s framework to handle data retrieval challenges on damaged Android mobile phones. The tool was designed to obtain evidence quickly and accurately (i.e. valid address book, call logs, SMS, images, and, videos, etc.) on Android damaged mobile phones. The tool was developed using C#, while back end engines was done using C programming and tested using five data sets. Based on the computational time processing comparison with Dec0de, Lifter, XRY and Xaver, the result showed that there was 75% improvement over Dec0de, 36% over Lifter, 28% over XRY and finally 71% over Xaver. Again, based on the experiment done on five data sets, M_Triage was capable of carving valid address book, call logs, SMS, images and videos as compared to Dec0de, Lifter, XRY and Xaver. With the average improvement of 90% over DEC0DE, 30% over Lifter, 40% over XRY and lastly 61% over Xaver. This shows that M_Triage is a better tool to be used because it saves time, carve more relevant files and less false positive result are achieved with the tool. 2016-07 Thesis http://eprints.uthm.edu.my/814/ http://eprints.uthm.edu.my/814/1/24p%20YUSOOF%20MOHAMMED%20HASHEEM.pdf text en public http://eprints.uthm.edu.my/814/2/YUSOOF%20MOHAMMED%20HASHEEM%20WATERMARK.pdf text en validuser phd doctoral Universiti Tun Hussein Onn Malaysia Faculty of Computer Science and Information Technology |
| institution |
Universiti Tun Hussein Onn Malaysia |
| collection |
UTHM Institutional Repository |
| language |
English English |
| topic |
HV8073-8079.35 Investigation of crimes Examination and identification of prisoners |
| spellingShingle |
HV8073-8079.35 Investigation of crimes Examination and identification of prisoners Mohammed Hasheem, Yusoof Mobile forensic triage for damaged phones using M_Triage |
| description |
Mobile forensics triage is a useful technique in a digital forensics investigation for recovering lost or purposely deleted and hidden files from digital storage. It is particularly useful, especially when solving a very sensitive crime, for example, kidnapping, in a timely manner. However, the existing mobile forensics triage tools do not consider performing a triage examination on damaged mobile phones. This research addressed the issues of performing triage examination on damaged Android mobile phones and reduction of false positive result generated by the current mobile forensics triage tools. Furthermore, the research addressed the issues of ignoring possible evidence residing in a bad block memory location. In this research a new forensics triage tool called M_Triage was introduced by extending Decode’s framework to handle data retrieval challenges on damaged Android mobile phones. The tool was designed to obtain evidence quickly and accurately (i.e. valid address book, call logs, SMS, images, and, videos, etc.) on Android damaged mobile phones. The tool was developed using C#, while back end engines was done using C programming and tested using five data sets. Based on the computational time processing comparison with Dec0de, Lifter, XRY and Xaver, the result showed that there was 75% improvement over Dec0de, 36% over Lifter, 28% over XRY and finally 71% over Xaver. Again, based on the experiment done on five data sets, M_Triage was capable of carving valid address book, call logs, SMS, images and videos as compared to Dec0de, Lifter, XRY and Xaver. With the average improvement of 90% over DEC0DE, 30% over Lifter, 40% over XRY and lastly 61% over Xaver. This shows that M_Triage is a better tool to be used because it saves time, carve more relevant files and less false positive result are achieved with the tool. |
| format |
Thesis |
| qualification_name |
Doctor of Philosophy (PhD.) |
| qualification_level |
Doctorate |
| author |
Mohammed Hasheem, Yusoof |
| author_facet |
Mohammed Hasheem, Yusoof |
| author_sort |
Mohammed Hasheem, Yusoof |
| title |
Mobile forensic triage for damaged phones using M_Triage |
| title_short |
Mobile forensic triage for damaged phones using M_Triage |
| title_full |
Mobile forensic triage for damaged phones using M_Triage |
| title_fullStr |
Mobile forensic triage for damaged phones using M_Triage |
| title_full_unstemmed |
Mobile forensic triage for damaged phones using M_Triage |
| title_sort |
mobile forensic triage for damaged phones using m_triage |
| granting_institution |
Universiti Tun Hussein Onn Malaysia |
| granting_department |
Faculty of Computer Science and Information Technology |
| publishDate |
2016 |
| url |
http://eprints.uthm.edu.my/814/1/24p%20YUSOOF%20MOHAMMED%20HASHEEM.pdf http://eprints.uthm.edu.my/814/2/YUSOOF%20MOHAMMED%20HASHEEM%20WATERMARK.pdf |
| _version_ |
1747830686105993216 |