Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Evaluation of Some Tools for Extracting e-Evidence from Mobile Devices
Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
2011 (English)In: Application of Information and Communication Technologies (AICT), 2011, 1-6 p.Conference paper, Published paper (Refereed)
Abstract [en]

In a digital world, even illegal behaviour and/or crimes may be termed as digital. This world is increasing becoming mobile, where the basic computation and communication entities are Small Scale Digital Devices (SSDDs or S2D2s) such as ordinary mobile phones, personal digital assistants, smart phones and tablets. The need to recover data, which might refer to unlawful and unethical activities gave rise to the discipline of mobile forensics, which has become an integral part of digital forensics. Consequently, in the last few years there is an abundance of mobile forensics tools, both commercial and open-source ones, whose vendors and developers make various assertions about the capabilities and the performance of their tools. The complexity and the diversity of both mobile devices and mobile forensics tools, coupled with the volatile nature of the digital evidence and the legal requirements of admissibility makes it difficult for forensics investigators to select the right tool. Hence, we have evaluated UFED Physical Pro 1.1.3.8 and XRY 5.0 following “Smartphone Tool Specifications Standard” developed by NIST, in order to start developing a framework for evaluating and referencing the “goodness” of the mobile forensic tools. The experiments and the results of the research against the core smart phone tool specifications and their associated test findings are presented in such a way that it should make it easier for the prospective mobile forensic examiner select the most adequate tool for a specific case.

Place, publisher, year, edition, pages
2011. 1-6 p.
Keyword [en]
mobile forenscis, digital evidence, extraction tools, e-Evidence
National Category
Information Systems
Research subject
Computer and Systems Sciences
Identifiers
URN: urn:nbn:se:su:diva-67126DOI: 10.1109/ICAICT.2011.6110999ISBN: 978-1-61284-831-0 (print)OAI: oai:DiVA.org:su-67126DiVA: diva2:469550
Conference
The 5th International Conference on Application of Information and Communication Technologies (AICT), Azerbaijan, Baku, 12-14 October 2011
Available from: 2011-12-26 Created: 2011-12-26 Last updated: 2015-05-05Bibliographically approved
In thesis
1. Protecting the Integrity of Digital Evidence and Basic Human Rights During the Process of Digital Forensics
Open this publication in new window or tab >>Protecting the Integrity of Digital Evidence and Basic Human Rights During the Process of Digital Forensics
2015 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Scientific development and progress in the fields of computer science, information technology and their related disciplines, have transformed our world into a “digital world”. Omnipresent digital devices and e-services running on numerous versions of pervasive e-infrastructures generate a wealth of electronically stored information (ESI) from which we can extract a great deal of potential digital evidence.

Digital evidence is sometimes even more revealing than its traditional counterpart, but at the same time it is very fragile and volatile in nature. Preserving the integrity of digital evidence is therefore of major concern, especially when it comes from purportedly illegal, illicit and malicious activities. The acquisition and analysis of digital evidence are also crucial to the functioning of the digital world, regardless of the positive or negative implications of the actions and activities that generated the evidence. All stakeholders should have the right to be assured of the accuracy of the digital forensics process and the people involved in it. Currently they surrender these rights and have to trust the process and the individuals carrying it out. They do not have any guarantee that intentional or unintentional conduct or modification will not affect the outcome of the forensic process, which might compromise their other human rights as a consequence, such as their right to liberty and even their right to life. Protecting basic human rights by ensuring the correctness of the entire forensics process, and its output in the form of digital evidence, is thus a point of concern. The “right to a fair trial” given in Article 6 of the European Convention as an umbrella principle that affects the forensics process, is one example of the protection of basic human rights.

In digital forensics there are principles and models on the top (theoretical basis), acting as a platform on abstract and generic level, in the middle, there are policies and practices and at the bottom, there are technical procedures and techniques. During this research we worked to solve the above mentioned problems, concentrating on all three layers, by extending the abstract models, defining best practice, and by providing new technical procedures employing latest technology. Our work also helps to implement organisational policies.

The research was undertaken in two cycles, starting with an exploration of the theoretical basis and continuing to procedures and techniques. The methods used to preserve the integrity of digital evidence were explored and evaluated in the first cycle. A new technical model called PIDESC[1] was thus proposed. This can preserve the integrity of digital evidence by orchestrating both software- and hardware-based security solutions. The model was evaluated in terms of time and cost. The results suggest that the gains outweigh the additional cost and time. The increase in time is a constant negligible factor of only half a millisecond on average. In the next cycle we built on our knowledge and extended the theoretical basis on an abstract and generic level to preserve the integrity of digital evidence and to protect basic human rights as overarching umbrella principles (2PasU[2]). We then developed specific solutions, including a formal method to select the best mobile device forensics tool, and developed a guide for best practices to fulfil the requirements of preservation and protection. Finally, we mapped the solutions to the proposed extended model with 2PasU, putting all the research into its context in order to pave the way for future work in this domain.

[1] Protecting Digital Evidence Integrity by Using Smart Cards

[2] Preservation and Protection as Umbrella Principles

Place, publisher, year, edition, pages
Stockholm: Department of Computer and Systems Sciences, Stockholm University, 2015. 116 p.
Series
Report Series / Department of Computer & Systems Sciences, ISSN 1101-8526 ; 15-010
National Category
Computer Science
Research subject
Computer and Systems Sciences
Identifiers
urn:nbn:se:su:diva-116581 (URN)978-91-7649-180-5 (ISBN)
Public defence
2015-06-05, L50, NOD-huset, Borgarfjordsgatan 12, Kissta, 13:00 (English)
Opponent
Supervisors
Note

At the time of the doctoral defense, the following paper was unpublished and had a status as follows: Paper 6: Submitted.

Available from: 2015-05-14 Created: 2015-04-22 Last updated: 2015-05-19Bibliographically approved

Open Access in DiVA

fulltext(263 kB)1225 downloads
File information
File name FULLTEXT01.pdfFile size 263 kBChecksum SHA-512
6742a64587a6b3a0aac9d2fc99fc7816c197462da706391a1a7df328692a10633c2f80cd76f533d2b7585e9dceaddd4678ae0e4cbcb2acd2a40a41a7f76c3c60
Type fulltextMimetype application/pdf

Other links

Publisher's full text

Search in DiVA

By author/editor
Saleem, ShahzadPopov, Oliver
By organisation
Department of Computer and Systems Sciences
Information Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 1225 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 686 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf