Advertisement

Are We Relying Too Much on Forensics Tools?

Chapter
Part of the Studies in Computational Intelligence book series (SCI, volume 377)

Abstract

Cell phones are among the most common types of technologies present today and have become an integral part of our daily activities. The latest statis- tics indicate that currently there are over five billion mobile subscribers are in the world and increasingly cell phones are used in criminal activities and confiscated at the crime scenes. Data extracted from these phones are presented as evidence in the court, which has made digital forensics a critical part of law enforcement and legal systems in the world. A number of forensics tools have been developed aiming at extracting and acquiring the ever-increasing amount of data stored in the cell phones; however, one of the main challenges facing the forensics com- munity is to determine the validity, reliability and effectiveness of these tools. To address this issue, we present the performance evaluation of several market- leading forensics tools in the following two ways: the first approach is based on a set of evaluation standards provided by National Institute of Standards and Tech- nology (NIST), and the second approach is a simple and effective anti-forensics technique to measure the resilience of the tools.

Keywords

Cell phone forensics Android Smart phone Cell phone forensics tool Anti-forensics 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Group, A.M.: Wireless Network Traffic 2008 2015: Forecasts and Analysis (October 2008), http://www.researchandmarkets.com/reports/660766/
  2. 2.
    Five Billion Cell Users in 2010 (October 2010), http://www.dailywireless.org/2010/02/16/5-billion-cell-users-in-2010/
  3. 3.
    Worldwide Mobile Phone Sales Declined 8.6 Per Cent and Smartphones Grew 12.7 Per Cent in First Quarter of 2009 (May 2009), http://www.gartner.com/it/page.jsp?id=985912
  4. 4.
  5. 5.
    Casey, E.: Addressing limitations in mobile device tool. In: Proceedings of the First Annual ACM Northeast Digital Forensics Exchange (2009)Google Scholar
  6. 6.
    Casey, E.: Addressing Limitations in Mobile Device Tool (July 2009), https://blogs.sans.org/computer-forensics/category/computer-forensics/mobile-device-forensics/
  7. 7.
    Casey, E.: Common Pitfalls of Forensic Processing of Blackberry Mobile Devices (June 2009), https://blogs.sans.org/computer-forensics/category/computer-forensics/mobile-device-forensics/
  8. 8.
    NIST, NIST - Computer Forensics Tool Testing (CFTT) Project (2010), http://www.cftt.nist.gov/
  9. 9.
    NIST, NIST: Smart Phone Tool Assessment Test Plan, National Institute of Standards and Technology (August 2009), http://www.cftt.nist.gov/mobiledevices.htm
  10. 10.
    Curran, K., Robinson, A., Peacocke, S., Cassidy, S.: Mobile phone forensic analysis. International Journal of Digital Crime and Forensics 2(2), 15–27 (2010)CrossRefGoogle Scholar
  11. 11.
    Somasheker, A., Keesara, H., Luo, X.: Efficient forensic tools for handheld devices: A comprehensive perspective. In: Proceedings of Southwest Decision Sciences Institute (March 2008)Google Scholar
  12. 12.
    Kim, K., Hong, D., Chung, K., Ryou, J.-C.: Data acquisition from cell phone using logical approach. World Academy of Science, Engineering and Technology 32 (2007)Google Scholar
  13. 13.
    Thing, V., Ng, K.-Y., Chang, E.-C.: Live memory forensics of mobile phones. In: Proceedings of DFRWS (2010)Google Scholar
  14. 14.
    Mokhonoana, P.M., Olivier, M.S.: Acquisition of a symbian smart phone’s content with an on-phone forensic tool. In: Proceedings of the Southern African Telecommunication Networks and Applications Conference (SATNAC) (September 2007)Google Scholar
  15. 15.
    Connor, T.P.O.: Provider side cell phone forensics. Small Scale Digital Device Forensics Journal 3(1) (2009)Google Scholar
  16. 16.
    Distefano, A., Me, G., Pace, F.: Android anti-forensics through a local paradigm. Digital Investigation, 95–103 (2010)Google Scholar
  17. 17.
    Garfinkel, S.: Anti-forensics: Techniques, detection and countermeasures. In: Proceedings of the 2nd International Conference on i-Warfare and Security (ICIW), Monterey, CA (March 2007)Google Scholar
  18. 18.
    Test Results for Mobile Device Acquisition Tool: Secure View 2.1.0 (November 2010), http://ncjrs.gov/pdffiles1/nij/232225.pdf
  19. 19.
    Test Results for Mobile Device Acquisition Tool: XRY 5.0.2 (November 2010), http://ncjrs.gov/pdffiles1/nij/232229.pdf
  20. 20.
    Test Results for Mobile Device Acquisition Tool: Device Seizure 4.0 (November 2010), http://ncjrs.gov/pdffiles1/nij/232230.pdf
  21. 21.
    Test Results for Mobile Device Acquisition Tool: CelleBrite UFED 1.1.3.3 - Report Manager 1.6.5 (November 2010), http://ncjrs.gov/pdffiles1/nij/231987.pdf
  22. 22.
    Cellebrite mobile data secured, http://www.cellebrite.com/
  23. 23.
    Corporation, P.: http://www.paraben.com/
  24. 24.
  25. 25.
    Guidance Software EnCase Neutrino, http://www.encase.com/products/neutrino.aspx
  26. 26.
  27. 27.
    Harris, R.: Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem. In: Proceedings of Digital Forensic Research Workshop (2006)Google Scholar
  28. 28.
    Professional Software USB Protocol Analyzer, http://www.usblyzer.com/

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  1. 1.Department of Computer & Information SciencesTowson UniversityTowsonUSA

Personalised recommendations