•  
  •  
 

Publisher

The Association of Digital Forensics, Security and Law (ADFSL)

Abstract

Mobile devices usually provide a “factory-reset” tool to erase user-specific data from the main secondary storage. 9 Apple iPhones, 10 Android devices, and 2 BlackBerry devices were tested in the first systematic evaluation of the effectiveness of factory resets. Tests used the Cellebrite UME-36 Pro with the UFED Physical Analyzer, the Bulk Extractor open-source tool, and our own programs for extracting metadata, classifying file paths, and comparing them between images. Two phones were subjected to more detailed analysis. Results showed that many kinds of data were removed by the resets, but much user-specific configuration data was left. Android devices did poorly at removing user documents and media, and occasional surprising user data was left on all devices including photo images, audio, documents, phone numbers, email addresses, geolocation data, configuration data, and keys. A conclusion is that reset devices can still provide some useful information to a forensic investigation.

References

Alghafli, K., Jones, A, and Martin, T. (2012). Forensics data acquisition methods for mobile phones. Proceedings of 7th International Conference for Internet Technology and Secured Transactions, 265-269, December 2012.

Apple Inc. (2014). iOS: Understanding ‘Erase All Content and Settings. Retrieved on May 1 from support.apple.com/ kb/ht2110.

Cardwell, S. (2011). Residual Network Data Structures in Android Devices. M.S. thesis, Naval Postgraduate School. Retrieved on September 13, 2013 from www.dtic.mil/cgi-bin/GetTRDoc?Location=U2 & doc=GetTRDoc.pdf&AD=ADA552175.

Garfinkel, S. (2013). Digital media triage with bulk data analysis and bulk_extractor. Computer & Security 32, 56-72.

Garfinkel, S., Farrell, P., Roussev, V., and Dinolt, G. (2009). Bringing Science to Digital Forensics with Standardized Forensic Corpora. Digital Investigation 6, S2-S11.

The Guardian. (2013). Recycled Mobile Phones Retain Previous Owner Data. Infosecurity Magazine, retrieved September 13 from www.theguardian.com/medianetwork/partner-zone-infosecurity/mobile-phones-previous-owner_data.

Kauffman, R., Lee, Y., and Sougstad, R. (2009). Cost-effective investments in customer information privacy. Proceeding of the 42nd Hawaii Intl. Conf. on Systems Sciences, 1-10.

Kubi, A, Saleem, S., and Popov, O. (2011). Evaluation of Some Tools for Extracting E-evidence from Mobile Devices. 5th Conference on Application of Information and Communication Technologies, Baku, Azerbijan, October, 1-6.

Marturana, F., Me, G., Berte, R., and Tacconi, S. (2011). A Quantitative Approach to Triaging in Mobile Forensics. Prof. IEEE TrustCom, 582-588.

McMillan, J., Glisson, W., and Bromby, M. (2013). Investigating the increase in mobile phone evidence in criminal activities. 46th Hawaii International Conference on System Sciences, 4900-4909.

Omeleze, S., and Venter, H. (2013). Testing the harmonized digital forensic investigation process model–Using an Android mobile phone. Proceedings of the Conference on Information Security for South Africa, August, 1-8.

Owen, P., Thomas, P., and McPhee, D. (2010). An Analysis of Digital Forensic Examination of Mobile Phones. Proc. 4th International Conference on Next Generation Mobile Applications, Services, and Technologies, Amman, Jordan, July.

Payton, T., and Claypoole, T. (2014). Privacy in the Age of Big Data. Lanham, MD, US: Rowman and Littlefield.

Rouse, M. (2014). Hard Reset. Retrieved on February 7 from whatis.techtarget.com/definition/hard-reset-factory-resetmaster-reset.

Rowe, N. (2013). Identifying forensically uninteresting files using a large corpus. 5th International Conference on Digital Forensics and Computer Crime, Moscow, Russia, September.

Smith, J. (2012). Security guru: Don’t sell your Android Phone until turning it into Swiss cheese. GottaBeMOBILE: Mobile News & Reviews, February 27.

Zhu, H., Chen, E., Xiong, H., Yu, K., Cao, H., and Tian, J. (2014). Mining mobile user preferences for personalized content recommendation. ACM Transactions on Intelligent Systems and Technology, to appear.

DOI

https://doi.org/10.15394/jdfsl.2014.1182

 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.