Abstract
This paper proposes the mobile forensic reference set (MFReS), a mobile forensic investigation procedure and a tool for mobile forensics that we developed. The MFReS consists of repositories, databases, and services that can easily retrieve data from a database, which can be used to effectively classify meaningful data related to crime, among numerous data types in mobile devices. Mobile data consist of system data, application data, and multimedia data according to characteristics and format. We have developed a mobile forensic process that can effectively analyze information from installed applications and user behavior through these data. In particular, our tool can be useful for investigators because it can analyze the log files of all applications (apps) and analyze behavior based on timeline, geodata, and other characteristics. Our research can contribute to the study of mobile forensic support systems and suggest the direction of mobile data analysis tool development.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
ISO/IEC 27043 (2015) Information technology: security techniques: incident investigation principles and processes
Raymond EM, Venter HS (2014) Mobile forensics using the harmonised digital forensic investigation process. In: 2014 Information security for South Africa. IEEE
Omeleze S, Venter HS (2013) Testing the harmonised digital forensic investigation process model-using an Android mobile phone. In: 2013 Information security for South Africa. IEEE
NIST Special Publication 800-101 Revision 1, Guidelines on Mobile Device Forensics (2014)
NIST NSRL (2016). http://www.nsrl.nist.gov/
Mead S (2006) Unique file identification in the national software reference library. Digit Investig 3:138–150
Kim K, Park S, Chang T, Lee C, Back S (2009) Lessons learned from the construction of a Korean software reference data set for digital forensics. Digit Investig 6:S108–113
Ruback Marcelo, Hoel Bruno, Ralha Celia (2012) A new approach for creating forensic hashsets. In: Advances in digital forensics VIII: IFIP AICT, vol 383 pp 83–97
Rowe NC (2012) Testing the national software reference library. Digit Investig 9:S131–138
Telegram (2016). https://telegram.org/
KakaoTalk (2016). http://www.kakao.com/talk/
ApkTool (2016). https://ibotpeaches.github.io/Apktool/
dex2jar (2016). http://sourceforge.net/projects/dex2jar/
JD Project (2016). http://jd.benow.ca/
JEB Decompiler (2016). https://www.pnfsoftware.com/
Ohana DJ, Shashidhar N (2013) Do private and portable web browsers leave incriminating evidence?: a forensic analysis of residual artifacts from private and portable web browsing sessions. EURASIP J Inf Secur
Lukas J, Fridrich J, Goljan M (2006) Digital camera identification from sensor pattern noise. IEEE Trans Inf Forensics Secur 1(2):205–214
Kornblum JD (2008) Using JPEG quantization tables to identify imagery processed by software. Digit Investig 5:S21–S25
Thai TH, Retraint F, Cogranne R (2016) Camera model identification based on the generalized noise model in natural images. Digit Signal Process 48:285–297
Kim MS, Jung D, Lee S (2016) Building a database of DQT information to identify a source of the smartphone JPEG image file. Korea Inst Inf Secur Cryptol 26(2):359–367
The Sleuth Kit (TSK) & Autopsy (2016) Open source digital forensics tools. http://www.sleuthkit.org/
md5deep and hashdeep (2016). http://md5deep.sourceforge.net/#download/
Blondel VD, Decuyper A, Krings G (2015) A survey of results on mobile phone datasets analysis. EPJ Data Sci
Choi J, Lee S (2016) A study of user relationships in smartphone forensics. Multimed Tools Appl 75:14971–14983
NIST Computer Forensics Tool Testing Program (2016). http://www.cftt.nist.gov/
Talib A (2016) Towards early software reliability prediction for computer forensic tools (case study). Springerplus
Acknowledgements
This research was supported by the Public Welfare and Safety Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Science, ICT and Future Planning (2012M3A2A1051106).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Kim, D., Lee, Y. & Lee, S. Mobile forensic reference set (MFReS) and mobile forensic investigation for android devices. J Supercomput 74, 6618–6632 (2018). https://doi.org/10.1007/s11227-017-2205-5
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-017-2205-5