Prior Publisher
The Association of Digital Forensics, Security and Law (ADFSL)
Abstract
In this work, a survey was conducted to help quantify the relevance of nineteen types of evidence (such as SMS) to seven types of digital investigations associated with mobile devices (MD) (such as child pornography). 97 % of the respondents agreed that every type of digital evidence has a different level of relevance to further or solve a particular investigation. From 55 serious participants, a dataset of 5,772 responses regarding the relevance of nineteen types of digital evidence for all the seven types of digital investigations was obtained. The results showed that (i) SMS belongs to the most relevant type of digital evidence for all the seven types of investigations; (ii) MMS belongs to the most relevant type of digital evidence for all the types of digital investigations except espionage and eavesdropping where it is the second most relevant type of digital evidence; (iii) Phonebook and Contacts is the most relevant type of digital evidence for all types of digital investigations except child pornography; (iv) Audio Calls is the most relevant type of digital evidence for all types of digital investigations except credit card fraud and child pornography; and (v) Standalone Files are the least relevant type of digital evidence for most of the digital investigations. The size of the response dataset was fairly reasonable to analyze and then delineate by generalization, relevance based best practices for mobile device forensics, which can supplement any forensics process model, including digital triage. For the reliability of these best practices, the impact of responses from the participants with more than five years of experience was analyzed by using one hundred and thirty three (133) instances of One-Way ANOVA tests. The results of this research can help investigators concentrate on the relevant types of digital evidence when investigating a specific case, consequently saving time and effort.
References
ADF Solutions Incharge. (2013). Triage computers to reduce forensic backlogs and lower costs. Retrieved September 13, 2013, from http://www.adfsolutions.com/products/tria ge-examiner
Anobah, M. (2013). Testing Framework for Mobile Forensic Investigation Tools. Stockholm University.
Baggili, I., Marrington, A., & Jafar, Y. (2014). Performance of a Logical, Five- Phase, Multithreaded, Bootable Triage Tool.pdf. In Advances in Digital Forensics X (pp. 279–295). Springer.
Baggili, I., Mislan, R., & Rogers, M. (2007). Mobile phone forensics tool testing: A database driven approach. International Journal of Digital Evidence, 6(2). Retrieved from http://www.utica.edu/academic/institutes/ ecii/publications/articles/1C33DF76-D8D3- EFF5-47AE3681FD948D68.pdf
Black, I., & Yeschke, C. L. (2003). The Art of Investigative Interviewing, 2 nd ed. Butterworth-Heinemann.
Bowen, L. (2001). The Borda Count Method. Retrieved September 12, 2013, from http://www.ctl.ua.edu/math103/voting/bo rda.htm#Determine1
Brinson, A., Robinson, A., & Rogers, M. (2006). A cyber forensics ontology: Creating a new approach to studying cyber forensics. Digital Investigation, 3, 37–43. doi:10.1016/j.diin.2006.06.008
Casey, E. (2011). Digital evidence and computer crime: Forensic science, computers, and the Internet, 3rd ed.
Encyclopedia Britannica. (2013). MarriamWebster: Triage. Retrieved July 25, 2013, from http://www.merriamwebster.com/dictionary/triage
Garfinkel, S. L. (2010). Digital forensics research: The next 10 years. Digital Investigation, 7, S64–S73. doi:10.1016/j.diin.2010.05.009
International Telecommunication Union (ITU). (2013). ICT Facts and Figures. Retrieved September 23, 2013, from http://www.itu.int/en/ITUD/Statistics/Documents/facts/ICTFactsFi gures2013.pdf
iSixSigma. (2013). How to determine sample size. Retrieved May 03, 2013, from http://www.isixsigma.com/toolstemplates/sampling-data/how-determinesample-size-determining-sample-size/
James, J., & Gladyshev, P. (2013). Challenges with automation in digital forensic investigations. arXiv Preprint arXiv:1303.4498. Retrieved from http://arxiv.org/abs/1303.4498
James, J. I., & Gladyshev, P. (2013). A survey of digital forensic investigator decision processes and measurement of decisions based on enhanced preview. Digital Investigation, 10(2), 148–157. doi:10.1016/j.diin.2013.04.005
Kubi, A., Saleem, S., & Popov, O. (2011). Evaluation of some tools for extracting eevidence from mobile devices. In Application of Information and Communication Technologies, 603–608. Baku: IEEE. doi:10.1109/ICAICT.2011.6110999
Leys, C., Ley, C., Klein, O., Bernard, P., & Licata, L. (2013). Detecting outliers: Do not use standard deviation around the mean, use absolute deviation around the median. Journal of Experimental …, 4–6. Retrieved from http://www.sciencedirect.com/science/artic le/pii/S0022103113000668
Marturana, F., Me, G., Berte, R., & Tacconi, S. (2011). A Quantitative approach to triaging in mobile forensics. 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications, 582–588. doi:10.1109/TrustCom.2011.75
Mislan, R. P., Casey, E., & Kessler, G. C. (2010). The growing need for on-scene triage of mobile devices. Digital Investigation, 6(3-4), 112–124. doi:10.1016/j.diin.2010.03.001
Narasimhan, B. (1996). The normal distribution. Retrieved September 11, 2013, from http://wwwstat.stanford.edu/~naras/jsm/NormalDensi ty/NormalDensity.html
National Institute of Justice. (2001). Electronic crime scene investigation: A guide for first responders. Retrieved February 15, 2012, from https://www.ncjrs.gov/txtfiles1/nij/187736 .txt
National Security Database. (2013). Digital forensic analysis. Retrieved February 05, 2013, from http://www.nsd.org.in/digitalforensic-analysis/
Oxford University Press. (2013). Oxford Dictionaries: Triage. Retrieved July 25, 2013, from http://oxforddictionaries.com/definition/en glish/triage?q=triage
Palmer, G. (2001). A road map for digital forensic research. Digital Forensic Research Workshop (DFRWS). Retrieved from http://www.dfrws.org/2001/dfrws-rmfinal.pdf
Pearson, S., & Watson, R. (2010a). Digital Triage Forensics: Processing the Digital Crime Scene. (M. Harrington, Ed.) (1st ed.).
Syngress. Pearson, S., & Watson, R. (2010b). Introduction: Using the digital triage forensics model to collect and process cell phones and SIM cards. In Digital Triage Forensics: Processing the Digital Crime Scene (pp. ix–xi).
Syngress. doi:10.1016/B978-1-59749-596-7.00012-7 Reith, M., Carr, C., & Gunsch, G. (2002). An examination of digital forensic models. International Journal of Digital Evidence, 1(3), 1–12.
Rogers, M. K. (2004). DCSA: A Practical Approach to Digital Crime Scene Analysis. West Lafayette: Department of Computer Technology, Purdue University. Retrieved January 17, 2013, from http://www2.tech.purdue.edu/cit/Courses/ cit556/readings/DCSA.pdf
Rogers, M. K., Mislan, R., Goldman, J., Wedge, T., & Debrota, S. (2006). Computer forensics field triage process model. In Conference on Digital Forensics, Security and Law, 27–40. Retrieved from http://www.digitalforensicsconference.org/CFFTPM/CDFSLproceedings2006-CFFTPM.pdf
Routledge. (2004). Introduction. In Cavendish: Evidence Lawcards, 3rd ed., 1–8. Routledge-Cavendish.
Ryan, D. J., & Shpantzer, G. (2002). Legal aspects of digital forensics. In Proceedings: Forensics Workshop. Retrieved from http://euro.ecom.cmu.edu/program/law/08 -732/Evidence/RyanShpantzer.pdf
Saleem, S., Popov, O., & Bagilli, I. (2014). Extended Abstract Digital Forensics Model with 2PasU. Procedia Computer Science, 35, 812–821.
Saleem, S., Popov, O., & Kubi, A. (2013). Evaluating and comparing tools for mobile device forensics using quantitative analysis. Digital Forensics and Cyber Crime: Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, 114, 264–282. doi:10.1007/978-3-642-39891-9_17
Recommended Citation
Saleem, Shahzad; Baggili, Ibrahim; and Popov, Oliver
(2014)
"Quantifying Relevance of Mobile Digital Evidence as They Relate to Case Types: A Survey and a Guide for Best Practice,"
Journal of Digital Forensics, Security and Law: Vol. 9
, Article 3.
DOI: https://doi.org/10.15394/jdfsl.2014.1186
Available at:
https://commons.erau.edu/jdfsl/vol9/iss3/3
Included in
Computer Engineering Commons, Computer Law Commons, Electrical and Computer Engineering Commons, Forensic Science and Technology Commons, Information Security Commons