Prior Publisher

The Association of Digital Forensics, Security and Law (ADFSL)


The proliferation of mobile communication and computing devices, in particular smart mobile phones, is almost paralleled with the increasing number of mobile device forensics tools in the market. Each mobile forensics tool vendor, on one hand claims to have a tool that is best in terms of performance, while on the other hand each tool vendor seems to be using different standards for testing their tools and thereby defining what support means differently. To overcome this problem, a testing framework based on a series of tests ranging from basic forensics tasks such as file system reconstruction up to more complex ones countering antiforensic techniques is proposed. The framework, which is an extension of an existing effort done in 2010, prescribes a method to clearly circumscribe the term support into precise levels. It also gives an idea of the standard to be developed and accepted by the forensic community that will make it easier for forensics investigators to quickly select the most appropriate tool for a particular mobile device.


Ahmed, R., & Dharaskar, R. (2008). Mobile forensics: an overview, tools, future trends and challenges from law enforcement perspective. 6th International Conference on EGovernance, ICEG, Emerging Technologies in E-Government, MGovernment, 312–323. Retrieved from http://www.academia.edu/download/30422105/34_312-323.pdf

Al-Zarouni, M. (2006). Mobile handset forensic evidence: a challenge for law enforcement. 4th Australian Digital Forensics Conference. Perth. Retrieved from http://ro.ecu.edu.au/adf/24/

Armstrong, C. (2003). Developing a framework for evaluating computer forensic tools. Evaluation in Crime Trends and justice: Trends and Methods Conference in Conjunction with the Australian Bureau of Statistics, Canberra Australia, 24-25. Canberra. Retrieved from http://www.aic.gov.au/media_library/conferences/evaluation/armstrong.pdf

Ayers, R. (2007). Cell phone forensic tools: an overview and analysis update. Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology. Retrieved from http://csrc.nist.gov/publications/nistir/nistir-7387.pdf

Baggili, I., Mislan, R., & Rogers, M. (2007). Mobile Phone Forensics Tool Testing: A Database Driven Approach. International Journal of Digital Evidence, 6(2). Retrieved from http://www.utica.edu/academic/institutes/ecii/publications/articles/1C33DF76-D8D3-EFF5-47AE3681FD948D68.pdf

Bhadsavle, N., & Wang, J. (2009). Validating tools for cell phone forensics. American Society for Engineering Education (ASEE) Southeastern Section Conference. Marietta. Retrieved from http://icee.usm.edu/ICEE/conferences/ASEE-SE-2010/ConferenceFiles/ASEE2009/papers/PR2009088WAN.PDF

Bilby, D. (2006). Low down and dirty: Antiforensic rootkits. Proceedings of Ruxcon. Retrieved from http://scholar.google.com/scholar?hl=en&btnG=Search&q=intitle:Low+Down+and+Dirty:+Anti-Forensic+Rootkits#0

Brothers, S. (2007). IPhone Tool Classification. Retrieved on March 12, 2012 from http://www.sambrothers.com

Butler, J. (2010). Forensic Analysis of Mobile Phones. Retrieved May 10, 2014, from http://www.geodeforensics.com/Images/ White paper.pdf

Carrier, B. (2003). Defining digital forensic examination and analysis tools using abstraction layers. International Journal of Digital Evidence, 1(4), 1–12. Retrieved from

http://citeseerx.ist.psu.edu/viewdoc/download?doi= &type=pdf

Casey, E. (2009). Digital forensics: Coming of age. Digital Investigation, 6(1-2), 1-2. doi:10.1016/j.diin.2009.08.001

Casey, E. (2011). Digital evidence and computer crime: forensic science, computers, and the Internet, 3rd ed.

Curran, K., Robinson, A., Peacocke, S., & Cassidy, S. (2010). Mobile phone forensic analysis. International Journal of Digital Crime and Forensics (IJDCF), 2(3), 15-27.

Gonzalez, J., Hung, J., & Friedberg, S. (2011). Mobile Device Forensics : A Brave New World. Retrieved on April 04, 2012 from http://www.strozfriedberg.com/files/Publication/224ca0f8-5101-4e1b-938a-4d4b128ad5ed/Presentation/Publication Attachment/ef4a28ad-ff7d-4014-aea8-80505789b86c/Mobile Device Forensics_A Brave New World.pdf

Guo, Y., Slay, J., & Beckett, J. (2009). Validation and verification of computer forensic software tools-Searching Function. Digital Investigation, 6, S12–S22. doi:10.1016/j.diin.2009.06.015

International Telecommunication Union (ITU). (2010). The World in 2010: ICT Facts and Figures. Retrieved on May 10, 2014 from http://www.itu.int/ITUD/ ict/material/FactsFigures2010.pdf

International Telecommunication Union (ITU). (2014). The World in 2014: ICT Facts and Figures. Retrieved on May 10, 2014 from http://www.itu.int/en/ITUD/ Statistics/Documents/facts/ICTFacts Figures2014-e.pdf

Ispirian. (2013). The Dark Side of Forensics. Retrieved on January 01, 2013 from http://www.ispirian.com/Articles/TheDarkSideofForensics.pdf

Jansen, W., Delaitre, A., & Moenner, L. (2008). Overcoming impediments to cell phone orensics. Proceedings of the 41st Hawaii International Conference on System Sciences, 1-9. Retrieved from http://ieeexplore.ieee.org/xpls/abs_all.js p?arnumber=4439183

Kubi, A., Saleem, S., & Popov, O. (2011). Evaluation of some tools for extracting eevidence from mobile devices.Application of Information and Communication Technologies, 603-608. Baku: IEEE. doi:10.1109/ICAICT.2011.6110999

MSAB Blog. (2011). Mobile Forensic Controversies. Retrieved on December 09, 2011 from http://www.msab.com/posts/blog

National Institute of Standards and Technology (NIST). (2010a). Smart Phone Tool Specification, Version 1.1. Retrieved from http://www.cftt.nist.gov/documents/Smart_Phone_Tool_Specification.pdf

National Institute of Standards and Technology (NIST). (2010b). Smart Phone Tool Test Assertions and Test Plan, Version 1.1. Test. Retrieved from http://www.cftt.nist.gov/documents/Smart_Phone_Tool_Test_Assertions_and_Test_Plan.pdf

National Institute of Standards and Technology (NIST). (2013). Computer Forensics Tool Testing Program: Mobile Devices. Retrieved on May 05, 2014 from http://www.cftt.nist.gov/mobile_devices.htm

Radatz, J., Geraci, A., & Katki, F. (1990). IEEE standard glossary of software engineering terminology. IEEE Standards Board, New York, Standard IEEE Std. doi:10.1109/IEEESTD.1990.101064

Saleem, S., & Popov, O. (2013). Formal Approach for the Selection of a Right Tool for Mobile Device Forensics. 5th International Conference on Digital Forensics & Cyber Crime. Moscow.

Saleem, S., Popov, O., & Baggili, I. (2014). Right of a Fair Trial and Selection of the Right Tool for Mobile Device Forensics. Journal of Digital Forensics, Security and Law (Submitted) (Vol. 9).

Saleem, S., Popov, O., & Kubi, A. (2013). Evaluating and Comparing Tools for Mobile Device Forensics using Quantitative Analysis. Digital Forensicsand Cyber Crime: Lecture Notes of theInstitute for Computer Sciences, Social Informatics and Telecommunications Engineering, 114, 264-282.doi:10.1007/978-3-642-39891-9_17

Williamson, B., & Apeldoorn, P. (2005). Forensic analysis of the contents of Nokia mobile phones. In Advances in Digital Forensics, 191-204. Springer. Retrieved from http://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1035&context=adf



To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.