•  
  •  
 

Publisher

The Association of Digital Forensics, Security and Law (ADFSL)

Abstract

In this work, a survey was conducted to help quantify the relevance of nineteen types of evidence (such as SMS) to seven types of digital investigations associated with mobile devices (MD) (such as child pornography). 97 % of the respondents agreed that every type of digital evidence has a different level of relevance to further or solve a particular investigation. From 55 serious participants, a dataset of 5,772 responses regarding the relevance of nineteen types of digital evidence for all the seven types of digital investigations was obtained. The results showed that (i) SMS belongs to the most relevant type of digital evidence for all the seven types of investigations; (ii) MMS belongs to the most relevant type of digital evidence for all the types of digital investigations except espionage and eavesdropping where it is the second most relevant type of digital evidence; (iii) Phonebook and Contacts is the most relevant type of digital evidence for all types of digital investigations except child pornography; (iv) Audio Calls is the most relevant type of digital evidence for all types of digital investigations except credit card fraud and child pornography; and (v) Standalone Files are the least relevant type of digital evidence for most of the digital investigations. The size of the response dataset was fairly reasonable to analyze and then delineate by generalization, relevance based best practices for mobile device forensics, which can supplement any forensics process model, including digital triage. For the reliability of these best practices, the impact of responses from the participants with more than five years of experience was analyzed by using one hundred and thirty three (133) instances of One-Way ANOVA tests. The results of this research can help investigators concentrate on the relevant types of digital evidence when investigating a specific case, consequently saving time and effort.

References

ADF Solutions Incharge. (2013). Triage computers to reduce forensic backlogs and lower costs. Retrieved September 13, 2013, from http://www.adfsolutions.com/products/tria ge-examiner

Anobah, M. (2013). Testing Framework for Mobile Forensic Investigation Tools. Stockholm University.

Baggili, I., Marrington, A., & Jafar, Y. (2014). Performance of a Logical, Five- Phase, Multithreaded, Bootable Triage Tool.pdf. In Advances in Digital Forensics X (pp. 279–295). Springer.

Baggili, I., Mislan, R., & Rogers, M. (2007). Mobile phone forensics tool testing: A database driven approach. International Journal of Digital Evidence, 6(2). Retrieved from http://www.utica.edu/academic/institutes/ ecii/publications/articles/1C33DF76-D8D3- EFF5-47AE3681FD948D68.pdf

Black, I., & Yeschke, C. L. (2003). The Art of Investigative Interviewing, 2 nd ed. Butterworth-Heinemann.

Bowen, L. (2001). The Borda Count Method. Retrieved September 12, 2013, from http://www.ctl.ua.edu/math103/voting/bo rda.htm#Determine1

Brinson, A., Robinson, A., & Rogers, M. (2006). A cyber forensics ontology: Creating a new approach to studying cyber forensics. Digital Investigation, 3, 37–43. doi:10.1016/j.diin.2006.06.008

Casey, E. (2011). Digital evidence and computer crime: Forensic science, computers, and the Internet, 3rd ed.

Encyclopedia Britannica. (2013). MarriamWebster: Triage. Retrieved July 25, 2013, from http://www.merriamwebster.com/dictionary/triage

Garfinkel, S. L. (2010). Digital forensics research: The next 10 years. Digital Investigation, 7, S64–S73. doi:10.1016/j.diin.2010.05.009

International Telecommunication Union (ITU). (2013). ICT Facts and Figures. Retrieved September 23, 2013, from http://www.itu.int/en/ITUD/Statistics/Documents/facts/ICTFactsFi gures2013.pdf

iSixSigma. (2013). How to determine sample size. Retrieved May 03, 2013, from http://www.isixsigma.com/toolstemplates/sampling-data/how-determinesample-size-determining-sample-size/

James, J., & Gladyshev, P. (2013). Challenges with automation in digital forensic investigations. arXiv Preprint arXiv:1303.4498. Retrieved from http://arxiv.org/abs/1303.4498

James, J. I., & Gladyshev, P. (2013). A survey of digital forensic investigator decision processes and measurement of decisions based on enhanced preview. Digital Investigation, 10(2), 148–157. doi:10.1016/j.diin.2013.04.005

Kubi, A., Saleem, S., & Popov, O. (2011). Evaluation of some tools for extracting eevidence from mobile devices. In Application of Information and Communication Technologies, 603–608. Baku: IEEE. doi:10.1109/ICAICT.2011.6110999

Leys, C., Ley, C., Klein, O., Bernard, P., & Licata, L. (2013). Detecting outliers: Do not use standard deviation around the mean, use absolute deviation around the median. Journal of Experimental …, 4–6. Retrieved from http://www.sciencedirect.com/science/artic le/pii/S0022103113000668

Marturana, F., Me, G., Berte, R., & Tacconi, S. (2011). A Quantitative approach to triaging in mobile forensics. 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications, 582–588. doi:10.1109/TrustCom.2011.75

Mislan, R. P., Casey, E., & Kessler, G. C. (2010). The growing need for on-scene triage of mobile devices. Digital Investigation, 6(3-4), 112–124. doi:10.1016/j.diin.2010.03.001

Narasimhan, B. (1996). The normal distribution. Retrieved September 11, 2013, from http://wwwstat.stanford.edu/~naras/jsm/NormalDensi ty/NormalDensity.html

National Institute of Justice. (2001). Electronic crime scene investigation: A guide for first responders. Retrieved February 15, 2012, from https://www.ncjrs.gov/txtfiles1/nij/187736 .txt

National Security Database. (2013). Digital forensic analysis. Retrieved February 05, 2013, from http://www.nsd.org.in/digitalforensic-analysis/

Oxford University Press. (2013). Oxford Dictionaries: Triage. Retrieved July 25, 2013, from http://oxforddictionaries.com/definition/en glish/triage?q=triage

Palmer, G. (2001). A road map for digital forensic research. Digital Forensic Research Workshop (DFRWS). Retrieved from http://www.dfrws.org/2001/dfrws-rmfinal.pdf

Pearson, S., & Watson, R. (2010a). Digital Triage Forensics: Processing the Digital Crime Scene. (M. Harrington, Ed.) (1st ed.).

Syngress. Pearson, S., & Watson, R. (2010b). Introduction: Using the digital triage forensics model to collect and process cell phones and SIM cards. In Digital Triage Forensics: Processing the Digital Crime Scene (pp. ix–xi).

Syngress. doi:10.1016/B978-1-59749-596-7.00012-7 Reith, M., Carr, C., & Gunsch, G. (2002). An examination of digital forensic models. International Journal of Digital Evidence, 1(3), 1–12.

Rogers, M. K. (2004). DCSA: A Practical Approach to Digital Crime Scene Analysis. West Lafayette: Department of Computer Technology, Purdue University. Retrieved January 17, 2013, from http://www2.tech.purdue.edu/cit/Courses/ cit556/readings/DCSA.pdf

Rogers, M. K., Mislan, R., Goldman, J., Wedge, T., & Debrota, S. (2006). Computer forensics field triage process model. In Conference on Digital Forensics, Security and Law, 27–40. Retrieved from http://www.digitalforensicsconference.org/CFFTPM/CDFSLproceedings2006-CFFTPM.pdf

Routledge. (2004). Introduction. In Cavendish: Evidence Lawcards, 3rd ed., 1–8. Routledge-Cavendish.

Ryan, D. J., & Shpantzer, G. (2002). Legal aspects of digital forensics. In Proceedings: Forensics Workshop. Retrieved from http://euro.ecom.cmu.edu/program/law/08 -732/Evidence/RyanShpantzer.pdf

Saleem, S., Popov, O., & Bagilli, I. (2014). Extended Abstract Digital Forensics Model with 2PasU. Procedia Computer Science, 35, 812–821.

Saleem, S., Popov, O., & Kubi, A. (2013). Evaluating and comparing tools for mobile device forensics using quantitative analysis. Digital Forensics and Cyber Crime: Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, 114, 264–282. doi:10.1007/978-3-642-39891-9_17

DOI

https://doi.org/10.15394/jdfsl.2014.1186

 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.