Executive summary The digital forensic community faces the challenges to operate latest technologies which assist to expose clues at the time of investigation. Cellular device are commonly used in our society for the purpose of personal and professional. When cellular device is detect during an investigation process many queries will arise: what is the best procedure to secure the evidence? How should mobile device will manage? How should the potential data exist in the device be refined or extracted? The key reply of the questions stars with understanding of hardware and software feature of device. This will guide the method for acquisition, examination, analysis, and reporting of digital evidence. The organization must use these guide as an initial task for creating a forensic ability in conjunction with appropriate professional training that is promoted by legal authority and management. 1
Table of Contents 1.Introduction.......................................................................................................................................3 2.Investigative Procedures...................................................................................................................3 3.Techniques involved in digital evidence processing........................................................................4 4.Evidence Analysis..............................................................................................................................5 5.Evaluation and findings of mobile forensic......................................................................................7 6.Conclusion........................................................................................................................................10 References................................................................................................................................................11 2
1.Introduction 1.1Purpose and scope Thisresearchoffersthefundamentalinformationaboutmobileforensictools.The preservation, examination, analysis and reporting of digital evidence exist on cellular device (Baggili, 2011). This data is related with enforcement law and other kind of research. This study mainly concentrates on the characteristic of mobile device such as mobile phone, smart phone, tablet and other handheld device. It aim to address the common area that is analyzed by security staff of group and law enforcement researchers which involves electronic digital information residingonhandhelddevices(Morrissey,2010).Thiswillintendedtoachieveexisting instruction and investigate deeply about the problem in cellular phone and its research and findings. The models and procedure in this mobile forensic study is considered as the best practices. Readers are proposed to execute the suggested practices after the management collaboration and legal executive for rules and regulation. 2.Investigative Procedures Procedures involved in investigation which need no forensic hardware or software tools. The following methods are used for investigation: Ask the Admin Get the information from the mobile owner whether the device is well secure with PIN, password and other authentication method (Li, 2010). The owner may investigate for this data at the time of interview. Analysis of captured information PIN may be exposed by mistake in case of written in a slip or kept near the phone or computer require to synchronize with mobile phones or with the mobile owners. This will discover through visual analysis (Hoog, 2011). To reset the password, UICC or cellular phone assist to attached with Pin Unlocking Key (PUK). Device vulnerabilities called smudge attack are exploited. This attack is used for examining the occurrence of current gesture lock. 3
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Ask the service provider ICCID identifier get from GSM device and request the PUK from the service launcher and reset the PIN if a GSM Cellular device is secured with Password enabled UICC. The service launcher promotes the mechanism to retrieve the PUK by entering the numbers of cellular device and particular subscriber data to universal web sites build for this type of principle (Phillips & Enfinger, 2009). The data reveal by contacting mobile manufacturer. Cellular phone users do prefer weak pin to protect their device in the form of 1-1-1-1, 0-0- 0-0 or 1-2-3-4. This format is not fully prescribed try to unlock a device applying those compounds for various threat determinant. This might leads to constant loss of mobile memory, permit advanced security techniques for example PUK or PIN and initiating destructive operation. Before applying the attempts to unlocking a cellular phones, it is suggested to consider the time of attempts left over. Instance has to be considered where an analyzer may prefer to take this risk. This is the only solution for information extraction. 3.Techniques involved in digital evidence processing These all are the techniques or methods used to processed the digital evidence, they are 1.Assessment Mobile forensics analyzer should determine complete processing of digital evidence along with the capacity consideration case to estimate the consequent activities that has to be consider (Gladyshev & Rogers, 2012). 2.Acquisition Digital evidence is generally simple, altered, broken or damage due to inappropriate examination and maintenance. Analysis is the best management for the intimation of original evidence. This original evidence should be revealed with the secured way of evidence integrity. 3.Examination Analysis process targets to extracts and analysis of digital evidence. The extraction refers to rehabilitation of data from media. Analysis refers to the concept of gathered information which has to be stored into the database for future plan. 4.Documenting and reporting 4
Examination and agreement shoulddocumentedthroughtheforensicevidence.Thiswill conclude the development of a written statement suggestion. 4.Evidence Analysis The principle of mobile forensic apply when examining the digital evidence. There are several types of media required different type of analyses method. Analysis of digital evidence should be practice for this scope (Peterson & Shenoi, 2012). There are few levels involved when performing the evidence examination, they are Step 1. Preparation Develop the enabled directories for the purpose of discovering and extracting the evidence document and information Step 2. Extraction There are two type of extraction involved in this, they are physical extraction and logical extraction. The physical extraction used to found and store the data on physical drive. The logical extraction discovers and store the data which is based on installed OS and file system. Physical extraction At the time of physical extraction, the data form the drive show at the physical drive will not considered the file system available on the drive. This may involve following methods such as keyword searching, carving the document and extracting the partition table. ï‚·The performance of keyword searching in physical drive is very useful for the purpose of allowing the analyzer to extract the data which do not assume by the operating system. ï‚·The file carving techniques on physical drive may assist to recover and refining the useful document which does not assumed by operating system or file system. ï‚·Examining the design of partition may found the availability of file system and examine if the entire memory of hard disk is considered for. Logical extraction At the time of logical extraction from physical drive based on availability of file system on drive where it invokes the resources from files, deleted data and unallocated memory resources. This state include the followings. 5
ï‚·Data extraction of file system contains the characteristic such as directory structure, attributes of file, file name, data and time of the file, file size and location. ï‚·Removal of data is the process of determining and removing file through the interrelation of calculated hash value into the authenticated values. ï‚·Restoring the deleted files ï‚·Extracting the encrypted data, secured password and compressed file. ï‚·Refinement of file slack ï‚·Refinement of unallocated memory. Step 3. Analysis of extracted data Examination is consequent process of read the extracted data to analyses the essential factors. The examination is performed by time frame analysis, application and file analysis, data hiding analysis. This analysis required an Enquiry of device request, searching and discovering the legal authority of digital evidence. I.Timeframe analysis It is useful for analyzing the events located on a system. There are two types of techniques are, ï‚·Monitor the date and time stamp which is avail in the file system (Meta data) such as recent modified file, recent accessed file and developed to connect the file for timeframe related to investigation. ï‚·Monitor the available system and app logs. These will contain the installation logs, error logs, and security and connection logs. II.Data hiding analysis Data hiding analysis referred the data will enclosed with the system. This is useful for determining and resuming the data. Methods involved: ï‚·To determining the mismatches require to combine the resources headers as a file extension. ï‚·Performing the connection to encrypted file, protected PIN and compressed zip file to reveal the attempt to secure the data from unauthorized user. ï‚·Steganography ï‚·Performing access to host-protected area. The availability of user-discovered information with HPA may indicate attempt to cover data. 6
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
III.Application and file analysis The programs and resources are determined (Li, 2010). This will contain the information relevant to the analysis and provide awareness about the system ability and user data (Tahiri, 2016). The result of this analysis indicate advance stage that need to design in the extraction and examination process. For example: Checking the file name for patterns and applicability. Determine the content of the file. Determine the type of operating system. Correlate the data with the already installed application. Review the relationship between the resources and files for example comparing history in the internet to cache file and mail file for email attachments. Determine the unknown resources types for estimate their gain for the analysis. Evaluating the default storage location of the users’ for application and structure of the file drive to analyses if the resource has been collected in their alternative or default location. Evaluate user-configuration settings in application. 5.Evaluation and findings of mobile forensic 5.1Intelligence Mobile Forensic It is an inter-disciplinary technique used for technology advancement and performing the resources in intelligent way to resolve the enquiry (Barrett & Kipper, 2011). It encompasses with certain range of tools and methods which integrate from artificial intelligence and analysis of social networking in order to concentrate on digital evidence and deduct the time that spend for digital evidence (Lillard, 2010). The proactive benefits of intelligent forensic on mobile device seeks to discover the threats in advance of an event take place (Blackstone, n.d.). The benefits of intelligent forensics methods is used for the valid investigation process to offer more intelligence that can assist the complete analysis of data sources. A techniques involved in this juncture named as SNA (Social Network 7
Analysis) and AI (Artificial Intelligence). Intelligence of Digital forensic will worn from the activities of intelligence and through the regular inspection where the intelligence restore in databases. Intelligence database with this kind of forensic domain for the object of UK National DNA Database, IDENT1 which is known as National Fingerprint database of UK and the IAFIS called as USA Integrated Automated Fingerprint Identification system (Genesereth, 2010). The following databases are represents the comparison between evidence and intelligence. It does not having evidence but it will share effective solution for digital crimes that has not reveal at the certain period that similar access were combine with the database (Weerasinghe, 2010). The solution involved in this intelligent forensic addressing the difficulties evolve in big data sources of digital evidence or speeding up the process of tools for the purpose of investigation and intelligence forensics(Lai, Gu, Jin, Wang & Li, 2011). This will enhance techniques and processes which enable the information to discover queries and data to discover data. 5.2Mobile Forensic Tool for Investigation Forensic tools are help to maintain the conventional investigation case need by dispatch huge amount of applicable devices (Peterson & Shenoi, 2014). The recovery of deleted data form the device memory require the advance tool and knowledge acquired for devices. The characteristics offered such as bookmarking, searching and reporting ability may alter significantly. Tools should be validated to assure with acceptability and practice when updates is exist. Tool validation need to determine a set of data where the acquisition procedure to gather the test data and assessing the result (Taiwo, 2010). The important feature of forensic tools has the ability to manage the integrity of original data being extracting the information. There are some of the cellular device tools used for digital investigation. I.Oxygen Forensic Suite Thiswilldeterminingtheinvestigationofoxygenforensicsuittoexaminethe information such asIMSI, ICCID, and IMEI in mobile device that must use in crime investigation. This type of procedure includes whatsapp fraudulent (International journal of digital crime and forensics, 2010). So, the whatsapp text data is find. The Oxygen Forensic Suite tool is used as freeware which is limited on amount of data that will be 8
refined. Figure. 1 represents the data that will assist the examiner to discover the primary evidence which is needed II.UFED Physical Analyzer UDED tool is used in forensic analysis is not the end. Most of the forensic experts recommending enormous number of tools for extracting detailed evidences that will be produced in the court (Widup, 2014). The android phones, tablets and other apple devices approved by using UFEFD physical analyzer widen the search evidence. Data exist in the smartphone was extracted by the software. The software will refined the analytical data that helps the forensic analysis include message history and call logs. The Artefact represents the installation of whatsapp in smartphone are represented in Fig. 2. 9
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
6.Conclusion Procedure involved for performing forensic examination should organize with appropriate guidance for maintaining evidence. Firstly, the mobile application issues that analyzing the suspected device should perform using android forensic software tools such as oxygen forensic suite and UFED tools. Analysis of extracted information from testing tools with logs from Internet service provider must be related and discovering the reported. The devices with IMEI, IMSI and ICCID number as well as SIM card will be related with significant logs. This research provides the data about mobile forensic tools and it focuses to address the common field which is investigatedbysecurityemployeeoforganizationandlawprosecutioninvestigatorsare discussed. 10
References Baggili, I. (2011).Digital Forensics and Cyber Crime. Berlin, Heidelberg: Springer Berlin Heidelberg. Barrett, D., & Kipper, G. (2011).Virtualization and forensics. Oxford: Elsevier. Blackstone, W.Commentaries on the laws of England. Genesereth, M. (2010).Intelligent privacy management. Menlo Park, Calif: AAAI Press. Gladyshev, P., & Rogers, M. (2012).Digital forensics and cybercrime. Berlin: Springer. Hoog, A. (2011).Android forensics. Waltham, MA: Syngress. International journal of digital crime and forensics. (2010). Hershey. Lai, X., Gu, D., Jin, B., Wang, Y., & Li, H. (2011).Forensics in Telecommunications, Information, and Multimedia. Berlin, Heidelberg: Springer Berlin Heidelberg. Li,C.(2010).Handbookofresearchoncomputationalforensics,digitalcrime,and investigation. Hershey, PA: Information Science Reference. Lillard, T. (2010).Digital forensics for network, internet, and cloud computing. Amsterdam [u.a.]: Syngress/Elsevier. Morrissey, S. (2010).IOS Forensic Analysis for iPhone, iPad, and iPod touch. Berkeley, CA: Sean Morrissey. Peterson, G., & Shenoi, S. (2014).Advances in Digital Forensics X. Berlin, Heidelberg: Springer Berlin Heidelberg. Phillips, N., & Enfinger, S. (2009).Guide to computer forensics and investigations. Clifton Park, N.Y.: Delmar. Tahiri, S. (2016).Mastering Mobile Forensics. Packt Publishing. 11
Taiwo, O. (2010).Handbook of research on discourse behavior and digital communication. Hershey, Pa.: Information Science Reference. Weerasinghe, D. (2010).Information security and digital forensics. Berlin: Springer-Verlag. Widup, S. (2014).Computer forensics and digital investigation with EnCase Forensic v7. New York: McGraw-Hill Education. 12