A Process Model for Forensic Analysis of Symbian Smart Phones

Yu, Xiaoquan; Jiang, Liehui; Shu, Hui; Yin, Qing; Liu, Tieming

doi:10.1007/978-3-642-10619-4_11

Cited by 12 publications

(14 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The process model consists of five stages which are Preparation and Version Identification; Remote Evidence Acquisition; Internal Evidence Acquisition; Analysis and Presentation; and Review. According to Yu, this model can overcome some problems of forensic investigation in Symbian OS [27]. Savoldi and Gubain was presented an assessment about specifically forensic acquisition focusing on security features in Symbian OS [28].…”

Section: Symbian Osmentioning

confidence: 99%

Advances of Mobile Forensic Procedures in Firefox OS

Yusoff¹

2014

IJCSDF

View full text Add to dashboard Cite

The advancement of smartphone technology has attracted many companies in developing mobile operating system (OS). Mozilla Corporation recently released Linux-based open source mobile OS, named Firefox OS. The emergence of Firefox OS has created new challenges, concentrations and opportunities for digital investigators. In general, Firefox OS is designed to allow smartphones to communicate directly with HTML5 applications using JavaScript and newly introduced WebAPI. However, the used of JavaScript in HTML5 applications and solely no OS restriction might lead to security issues and potential exploits. Therefore, forensic analysis for Firefox OS is urgently needed in order to investigate any criminal intentions. This paper will present an overview and methodology of mobile forensic procedures in forensically sound manner for Firefox OS.

show abstract

Section: Symbian Osmentioning

confidence: 99%

Advances of Mobile Forensic Procedures in Firefox OS

Yusoff¹

2014

IJCSDF

View full text Add to dashboard Cite

show abstract

Section: Fig 2 Phases Of Symbian Smart Phones Forensic Process Modelmentioning

confidence: 99%

“…Fig. 1 illustrates a twelve-stage model for Windows Mobile forensic [22].There is also a process model for forensic analysis of Symbian smartphones [23] as shown in Fig. 2.…”

mentioning

confidence: 99%

“…Evidence acquisition in Symbian model is divided into two remote and internal parts. Internal evidence acquisition is applicable when the investigation target is early Symbian smartphones without Trusted Computing Base (TCB) [23].Preservation is another phase which is stated only in Windows Mobile model. It is about employing procedures that protect collected digital evidence from being altered.…”

mentioning

confidence: 99%

“…2, April 2013 353 In Symbian model these two phases are combined into a single phase called analysis. Accordingly the data should be extracted from the memory of the smartphone and then it should be disassembled in order to cope with the code and password in consequence to crack mobile phone [23]. …”

mentioning

confidence: 99%

See 2 more Smart Citations

Towards a Unified Forensic Investigation Framework of Smartphones

Mohtasebi¹,

Dehghantanha²

2013

IJCTE

View full text Add to dashboard Cite

Abstract-In recent years advanced capabilities of smartphones have enabled their users to store and manage copious information about their personal and professional life. Consequently, any seized smartphone might involve some useful evidence.However a wide variety of manufacturers, different operating systems, enormous hardware components and a huge number of programs that smartphones are using make it difficult to reach a unified forensic framework for all models. This paper firstly reviews the previous works on remote and local data acquisition methods from smartphones. Afterwards, it reports difficulties in analyzing and examining retrieved data from smartphones. Additionally, it evaluates current forensic investigation process models in relation to smartphones in order to find a suitable model that can be applied to all smartphones forensic investigations. This paper proposes solutions for addressing data acquisition, data examination, and investigation process model to ultimately come towards a unified framework for investigation of smartphones.Index Terms-Mobile forensics, smartphone investigation, forensic framework. I. INTRODUCTIONBased on statistics published by Gartner [1] in the third quarter of 2010 smartphone sales have been raised to 96 percent from the third quarter of 2009. It is also expected that the number of smartphone users exceeds to the one billion by 2013 [2].Smartphones with sophisticated capabilities and features facilitate storing different kinds of information of their owners and any piece of this information is potentially precious evidence.In spite of many similarities between smartphones, the structure and configuration of each model is different from another one. There are a wide variety of operating systems, applications, and hardware components that are used in different models of smartphones. Additionally, a lot of worthy information stored on smartphones is volatile.Notwithstanding existence of different software and hardware tools for data gathering from cell phones, none of them can recover all data without making alteration.Moreover, almost every day new applications for smartphones are released. Even if the data is being successfully recovered, still there might be various barriers in examining some data like encrypted ones.Another major issue in smartphone forensics is nonexistence of any widely accepted standard investigation process model. This paper reviews two common data acquisition methods to find a proper approach for gathering data from smartphones. Data examining and its obstacles to smartphone forensics are other issues that this paper encompasses. Furthermore, this paper evaluates two investigation process models that are introduced for investigation of Windows Mobile and Symbian operating systems to find an appropriate model which is capable of being employed in all smartphone forensic investigations. II. LITERATURE REVIEWThe crux of smartphone forensics is narrowing down the following issues:Determining the most appropriate data acquisition method;Examining c...

show abstract