Forensic Techniques for Mobile Devices and Data Recovery
Info: 2157 words (9 pages) Example Dissertation Proposal
Published: 26th Jan 2022
Objectives of the research
The overall goal of this study is to look at the mobile devices using different tools like Susteen DataPilot Secure View and Paraben Device Seizure, mobiledit oxygen phone manager and determine if they create and preserve a forensically sound case file.
In second part I discuss the different operating systems using in mobile devices nowadays like IOS for iphone, RIM for blackberry, Symbian for mostly nokia or Android OS for different smartphones. For normal communication between mobile device and PC, every OS has its own PC suite but for forensic point of view there are some special tools which are paid and there are some free open source tools as well. In my rese arch I prefer to use these free open source tools.
Another technique to recover device is to use hashing. Mobile device internal memory hash values are variable when per forming back-to-back acquisitions. Hash values are beneficial in providing examiners with the ability to filter known data files, match data objects across platforms and prove that data integrity remains intact. The research conducted at Purdue University compared known hash values with reported values for data objects populated onto mobile devices using various data transmission methods. While the results for the majority of tests were uniform, the hash values reported for data objects transferred via Multimedia Messaging Service (MMS) were variable.
Cell phones and other handheld devices integrating cell phone abilities (e.g., Personal Digital Assistant (PDA) phones) are universal. Rather than just making calls, some specific phones permit users to make extra tasks such as Multi-Media Messaging Service (MMS) messaging, SMS (Short Message Service) messaging, IM (Instant Messaging), Web browsing, electronic mail, and simple PIM (Personal Information Management) applications (e.g., phone and date book). PDA phones, frequently mentioned to as smartphones, offer users by means of the joint capabilities of both a cell phone and a PDA. In addition to system services and basic PIM applications, one can achieve more extensive appointment and contact information, review electronic documents, give a presentation, and perform other tasks.
All but the most basic phones provide individuals with some ability to load additional applications, store and process personal and sensitive information independently of a desktop or notebook computer, and optionally synchronize the results at some later time. As digital technology evolves, the capabilities of these devices continue to improve rapidly. When cell phones or other cellular devices are involved in a crime or other incident, forensic examiners require tools that allow the proper retrieval and speedy examination of information present on the device. This report gives an overview of current forensic software, designed for acquisition, examination, and reporting of data discovered on cellular handheld devices, and an understanding of their capabilities and limitations.
As technology continues to permeate society and mobile computing becomes more prevalent, people will more heavily depend on applications such as e-mail, SMS (Short Message Service), MMS (Multimedia Messaging Service) and online transactions (i.e. bank, ins, etc); such devices provide a good source of evidence for forensic investigators to prove or disprove the commitment of crimes or location of suspects/victims. Digital forensics for handheld devices is starting now. Unlike traditional computers, two important factors that must be accountted for in a forensic investigation are the state of the device at the time of acquisition and radio isolation. Traditional digital forensics with personal computers allows an investigator to perform a dead forensic data acquisition simply by disconnecting the power source to preserve the current state of the computer. That option is not available with mobile forensics for fear of loss of evidence or security mechanisms, such as device locks or passwords, being activated. The fact that various operating systems are used for different mobile devices in current markets makes development of digital forensics tools for mobile devices more complicated.
This research is being proposed to survey available digital forensics tools for capturing e-evidence from mobile devices and meet the demand of e-evidence for current and future’s crimes. This research focuses on practical investigations for digital forensics tools that will help investigators or students obtain first-hand experiences in digital forensics for mobile devices. Investigators should be able to perform their job more informed as a result of this case study.
Research Plan
The purpose of this report is to inform law enforcement, incident response team members, and forensic examiners about the capabilities of present day forensic software tools that have the ability to acquire information from cell phones operating over CDMA (Code Division Multiple Access), TDMA (Time Division Multiple Access), GSM (Global System for Mobile communications) networks and running various operating systems, including Symbian, Research in Motion (RIM), Android, IOS and windows phones. My main focus will be android phones. Android is a set of open source software elements specifically designed for MDs developed by Google; it includes the Operating System (OS), a middleware and a set of applications. Although it has been designed and developed for MDs (e.g., Smartphones), several laptop manufacturers plan to equip their products with Android. At the time of writing, less than 2% of Smartphones (Gartner Mob ile OS Share Forecast, 2009) runs Android and Gartner Inc. forecasts a 15% market share in 2012; in such case, Android will be the second OS, behind Symbian, in terms of Smartphone’s market penetration. Furthermore, if Android will be hosted on laptops, the integration of Smartphones and portable computer could be boosted with the natural sideeffects on the market.
An overview of each tool describes the functional range and facilities for acquiring and analyzing evidence contained on cell phones and PDA phones. Generic scenarios were devised to mirror situations that arise during a forensic examination of these devices and their associated media. The scenarios are structured to reveal how selected tools react under various situations. Though generic scenarios were used in analyzing forensic tools, the procedures are not intended to serve as a formal product test or as a comprehensive evaluation. Additionally, no claims are made on the comparative benefits of one tool versus another. The report, instead, offers a broad and probing perspective on the state of the art of present-day forensic software tools for cell phones and PDA phones. Alternatives to using a forensic software tool for digital evidence recovery, such as desoldering and removing memory from a device to read out its contents or using a built-in hardware test interface to access memory, are outside the scope of this report.
The variety of forensic toolkits for cellphones and other handheld devices is diverse. A considerable number of software tools and toolkits exist, but the range of devices over which they operate is typically narrowed to distinct platforms for a manufacturer’s product line, a family of operating systems, or a type of hardware architecture. Moreover, the tools require that the examiner have full access to the device (i.e., the device is not protected by some authentication mechanism or the examiner can satisfy any authentication mechanism encountered).
While most toolkits support a full range of acquisition, examination, and reporting functions, some tools focus on a subset. Similarly, different tools may be capable of using different interfaces (e.g., IrDA, Bluetooth, or serial cable) to acquire device contents. The types of information that tool can acquire can range widely and include PIM (Personal Information Management) data (e.g., phone book); logs of phone calls; SMS/EMS/MMS messages, email, and IM content; URLs and content of visited Web sites; audio, video, and image content; SIM content; and uninterrupted image data. Information present on a cell phone can vary depending on several factors, including the following:
- The inherent capabilities of the phone implemented by the manufacturer
- The modifications made to the phone by the service provider or network operator
- The network services subscribed to and used by the user
- The modifications made to the phone by the user
Acquisition through a cable interface generally yields superior acquisition results than other device interfaces. However, a wireless interface such as infrared or Bluetooth can serve as a reasonable alternative when the correct cable is not readily available. Regardless of the interface used, one must be vigilant about any forensic issues associated. Note too that the ability to acquire the contents of a resident SIM may not be supported by some tools, particularly those strongly oriented toward PDAs. Table 1 lists open-source and commercially available tools and the facilities they provide for certain types of cell phones.
The software applications for mobile forensics available today are not 100% forensically sound. The reason is that they use command and response protocols that provide indirect access to memory (McCarthy, 2005; McCarthy & Slay, 2006). This means that the forensic software does not have direct access or low level access to data within the phone’s memory as it depends on the mobile phone’s operating system based command to retrieve data in the memory. Therefore in querying the operating system, the device could be creating changes to the memory of the device. Some command based mobile forensics software were not originally developed for forensic purposes and therefore they could unexpectedly write to the mobile phone device’s memory (Horenbeeck, 2007). Sometimes forensic software such as MOBLedit Forensic1 requires the user to install additional software on the mobile phone being examined. This is in direct violation of the principles of electronic evidence as published by the UK’s Association of Chief Police Officers (ACPO) Good Practice Guide for Computer based Electronic Evidence (ACPO, 2009) which states that “No action taken by law enforcement agencies or their agents should change data held on a computer or storage media which may subsequently be relied upon in court.”
With the increasing popularity and technological advances of mobile devices, new challenges arise for forensic examiners and tool makers. Data recovered from mobile devices has proven useful in solving incidents and investigating criminal activity. Cryptographic hash functions provide forensic examiners with the ability to verify the integrity of acquired data. The resulting hash value, a fixed-size bit string, is often used to identify known files and illustrates that data has not been modified. The two most commonly used hash functions are MD5 an d SHA-1. Minimal research has been performed on how mobile phone forensic tools report hash values for individual data objects. Recent research conducted at Purdue University explored the hash results reported by mobile device forensic tools for acquired graphical images (e.g., .jpg, .bmp, .gif). While research conducted shows consistent behavior across mobile forensic tools, the following area of concern illustrates the need for future research: data objects transferred using Multimedia Messaging Service (MMS). My research addresses issues surrounding mobile forensic tools and the ability to use hashing mechanisms to validate the integrity of acquired data objects. The document is divided into the following chapters and appendix:
- Terminology: Defines terms used throughout the document.
- Previous Research: Provides a summary of earlier research performed in this area.
- Methodology: Describes the procedures used for conducting individual tests.
- Results: Illustrates the final results of tests conducted over each prescribed scenario.
- Conclusions: Provides a summary of the document.
There are many tools now available that will help forensic teams to extract the exact information they required to make the case strong or find the targets. Tool like mobiledit: forensic is specifically design for mobile forensics and most importantly it support most of the devices of operating systems for smartphones available so far. MOBILedit! Forensic extracts all content and generates a forensic report ready for courtroom presentation. These tamper-proof, flawless reports are used in hundreds of courtrooms every day.
Cite This Work
To export a reference to this article please select a referencing stye below:
Related Services
View allRelated Content
All TagsContent relating to: "Forensic Science"
Forensic science, or forensics, is the application of science to criminal and civil law, usually during criminal investigation, and involves examining trace material evidence to establish how events occurred. Forensic scientists provide impartial scientific evidence that can be used in court.
Related Articles
DMCA / Removal Request
If you are the original writer of this dissertation proposal and no longer wish to have your work published on the UKDiss.com website then please: