DESIGN OF A FRAMEWORK FOR DATA EXTRACTION AND ANALYSIS FROM ANDROID-EMBEDDED SMARTPHONES
Main Article Content
Abstract
Mobile forensic acquisition is a critical aspect of modern criminal investigations, as mobile devices have become an essential part of our daily lives. Yet, forensic investigators aiming to extract data from current mobile devices in a forensically sound manner have faced substantial difficulties due to the robust security features of these devices, such as encryption. Conventional forensic data-collecting techniques are no longer viable, necessitating the development of new techniques that work by evading security measures and taking advantage of system flaws. The CLOUD Act is a US law that gives foreign governments the authority to demand information from US-based Cloud Service Providers or to eavesdrop on conversations, which makes it more difficult to do forensic analysis on mobile devices. To address these issues and evaluate contemporary forensic data extraction approaches in light of the contentious regulation of encryption and governmental access to encrypted devices, this article suggests a new model for mobile forensic acquisition. One of the major challenges faced by forensic investigators is the constantly evolving nature of mobile devices and their software. As manufacturers release new models with different security features and operating systems, forensic experts must adapt their techniques to keep up with these changes. Additionally, the use of encryption is becoming more widespread among consumers, which makes it more difficult for forensic experts to access data on these devices. Therefore, it is essential that forensic investigators stay up to date with the latest advancements in mobile technology and develop new techniques for data extraction that can keep pace with these advancements.
Article Details
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
References
Abraha, H.H., 2019. How compatible is the US ‘CLOUD Act’ with cloud computing? A brief analysis. International Data Privacy Law 9, 207-215. https://doi.org/10.1093/idpl/ipz009.
Al-Dhaqm, A., Razak, S., Ikuesan, R.A., Kebande, V.R., 2020. A review of mobile forensic investigation process models. IEEE access, 1-1.
Alendal, G., Dyrkolbotn, G.O., Axelsson, S., 2018. Forensics acquisition and analysis and circumvention of samsung secure boot enforced common criteria mode. Digit. Invest. 24, S60-S67. https://doi.org/10.1016/j.diin.2018.01.008.
Apple, 2020. Apple platform security. https://manuals.info.apple.com/MANUALS/1000/MA1902/en_US/apple-platform-security-guide.pdf.
Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., & Wingers, L. (2015). Simon and speck: block ciphers for the internet of things, IACR Cryptol. ePrint Arch 2015, 585.
Ayers, R., Brothers, S., & Jansen, W. (2014). Guidelines on Mobile Device Forensics. National Institute of Standards and Technology.
UT Austin ISO Blog. (2015). Android 5.x lockscreen bypass (cve-2015-3860). Retrieved from https://sites.utexas.edu/iso/2015/09/15/android-5-lockscreen-bypass/.
Hargreaves, C., & Chivers, H. (2008). Recovery of encryption keys from memory using a linear scan. In: 2008 Third International Conference on Availability, Reliability and Security, pp. 1369e1376. https://doi.org/10.1109/ARES.2008.109.
Heckmann, T., Markantonakis, K., Naccache, D., & Souvignet, T. (2018). Forensic smartphone analysis using adhesives: transplantation of package on package components. Digit. Invest. 26, 29e39. https://doi.org/10.1016/j.diin.2018.05.005.
Hargreaves, C., & Chivers, H. (2008). Recovery of encryption keys from memory using a linear scan. In: 2008 Third International Conference on Availability, Reliability and Security, pp. 1369e1376. https://doi.org/10.1109/ARES.2008.109.