Abstract
In this paper we have presented quantitative analysis technique to measure and compare the quality of mobile device forensics tools while evaluating them. For examiners, it will provide a formal mathematical base and an obvious way to select the best tool, especially for a particular type of digital evidence in a specific case. This type of comparative study was absent in both NIST’s evaluation process and our previous work (Evaluation of Some Tools for Extracting e-Evidence from Mobile Devices). We have evaluated UFED Physical Pro 1.1.3.8 and XRY 5.0. To compare the tools we have calculated Margin of Error and Confidence Interval (CI) based on the proportion of successful extractions from our samples in different scenarios. It is followed by hypothesis testing to further strengthen the CI results and to formally compare the accuracy of the tools with a certain level of confidence.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Techsling, Personal Computers Outnumbered by Mobile Phones (2010), http://www.techsling.com/2010/10/personal-computers-outnumbered-by-mobile-phones/ (accessed March 28, 2012)
International Telecommunication Union (ITU), ICT Data and Statistics (IDS) (2011), http://www.itu.int/ITU-D/ict/statistics/material/excel/2011/Mobile_cellular_01-11_2.xls (accessed March 28, 2012)
International Organization on Computer Evidence, IOCE - Guidelines for Best Practice in the Forensic Examination of Digital Technology (2002)
Brezinski, D., Killalea, T.: RFC 3227: Guidelines for Evidence Collection and Archiving (2002)
Daubert v. Merrell Dow Pharmaceuticals (92-102), 509 U.S. 579 (1993), http://www.law.cornell.edu/supct/html/92-102.ZS.html (accessed February 29, 2012)
Weissenberger, G., Duane, J.J.: Federal Rules of Evidence: Rules, Legislative History, Commentary, and Authority (2004)
Federal Evidence Review, Federal Rules of Evidence 2012 (2012), http://federalevidence.com/downloads/rules.of.evidence.pdf (accessed June 10, 2012)
National Institute of Standards and Technology (NIST), Smart Phone Tool Specification, Version 1.1 (2010)
National Institute of Standards and Technology (NIST), Smart Phone Tool Test Assertions and Test Plan, Version 1.1 (2010)
National Institute of Standards and Technology (NIST), CFTT- Mobile Devices, http://www.nist.gov/itl/ssd/cs/cftt/cftt-mobile-devices.cfm (accessed June 6, 2012)
Kubi, A., Saleem, S., Popov, O.: Evaluation of some tools for extracting e-evidence from mobile devices. Application of Information and Communication Technologies (10), 603–608 (2011)
Baryamureeba, V., Tushabe, F.: The enhanced digital investigation process model. In: Proceedings of the 4th Annual Digital Forensic Research Workshop, pp. 1–9 (2004)
Noblett, M.G., Church, F., Pollitt, M.M., Presley, L.A.: Recovering and Examining Computer Forensic Evidence. Â 2(4) (October 2000)
Palmer, G.: A Road Map for Digital Forensic Research, Utica, New York (2001)
Casey, E.: Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet, 3rd edn. Academic Press (2011)
United States Computer Emergency Response Team, Computer Forensics US-CERT (2008)
Meyers, M., Rogers, M.: Computer forensics: the need for standardization and certification. International Journal of Digital Evidence 3(2), 1–11 (2004)
Kent, K., Chevalier, S., Grance, T., Dang, H.: Guide to integrating forensic techniques into incident response, pp. 80–86. NIST Special Publication (August 2006)
Carrier, B.: An event-based digital forensic investigation framework. In: Proceedings of Digital Forensic Research Workshop (2004)
Ieong, R.S.C.: FORZA – Digital forensics investigation framework that incorporate legal issues. Digital Investigation 3, 29–36 (2006)
Beebe, N.L., Clark, J.G.: A hierarchical, objectives-based framework for the digital investigations process. Digital Investigation 2(2), 147–167 (2005)
Agarwal, A., Gupta, M., Gupta, S., Chandra, S.: Systematic Digital Forensic Investigation Model. International Journal of Computer Science and Security 5(1), 118–131 (2011)
Carrier, B.: Getting physical with the digital investigation process. International Journal of Digital Evidence 2(2), 1–20 (2003)
Reith, M., Carr, C., Gunsch, G.: An Examination of Digital Forensic Models. International Journal of Digital Evidence 1(3), 1–12 (2002)
National Institute of Justice, Electronic crime scene investigation: A guide for first responders (2001)
Noblett, M.G., Pollitt, M.M., Presley, L.A.: Recovering and examining computer forensic evidence. Forensic Science Communications 2(4), 102–109 (2000)
Carrier, B.: Defining digital forensic examination and analysis tools using abstraction layers. International Journal of Digital Evidence 1(4), 1–12 (2003)
Shin, Y.-D.: New Model for Cyber Crime Investigation Procedure. Journal of Next Generation Information Technology 2(2), 1–7 (2011)
Ramabhadran, A.: Forensic Investigation Process Model For Windows Mobile Devices. Tata Elxsi Security Group, pp. 1–16 (2007)
Appiah-Kubi, O.K.: Evaluation of UFED Physical Pro 1.1.3.8 and XRY 5.0: Tools for Extracting e-Evidence from Mobile Devices. Stockholm University (2010)
Bishop, M.: Evaluating Systems. In: Computer Security: Art and Science, p. 571. Addison-Wesley Professional (2002)
Radatz, J., Geraci, A., Katki, F.: IEEE standard glossary of software engineering terminology. IEEE Standards Board, New York, Standard IEEE std (1990)
Saleem, S., Popov, O.: Protecting Digital Evidence Integrity by Using Smart Cards. Digital Forensics and Cyber Crime 53, 110–119 (2011)
National Institute of Standards and Technology, “Computer Forensics Tool Testing (CFTT) Project, http://www.cftt.nist.gov/ (accessed: February 26, 2012)
Attia, A.: Why should researchers report the confidence interval in modern research. Middle East Fertility Society Journal 10(1), 78–81 (2005)
Ross, S.M.: Interval Estimates. In: Introduction to Probability and Statistics for Engineers and Scientists, 3rd edn., pp. 240–241. Elsevier Academic Press (2004)
University of Leicester, Online Statistics (2000), http://www.le.ac.uk/bl/gat/virtualfc/Stats/ttest.html (accessed: June 16, 2012)
Ross, S.M.: Hypothesis Testing. In: Introduction to Probability and Statistics for Engineers and Scientists, 3rd edn., p. 291. Elsevier Academic Press (2004)
UCAL Academic Technology Services, What are the differences between one-tailed and two-tailed tests? http://www.ats.ucla.edu/stat/mult_pkg/faq/general/tail_tests.htm (accessed: June 16, 2012)
Easton, V.J., McColl, J.H.: Statistics Glossary V1.1 (1997), http://www.stats.gla.ac.uk/steps/glossary/index.html (accessed: June 16, 2012)
Jansen, W., Delaitre, A.: Mobile forensic reference materials: A methodology and reification. US Department of Commerce, National Institute of Standards and Technology (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Saleem, S., Popov, O., Appiah-Kubi, O.K. (2013). Evaluating and Comparing Tools for Mobile Device Forensics Using Quantitative Analysis. In: Rogers, M., Seigfried-Spellar, K.C. (eds) Digital Forensics and Cyber Crime. ICDF2C 2012. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 114. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39891-9_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-39891-9_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-39890-2
Online ISBN: 978-3-642-39891-9
eBook Packages: Computer ScienceComputer Science (R0)