survey

Current and Future Trends in Mobile Device Forensics: A Survey

Authors:

Konstantia Barmpatsalou,

Edmundo Monteiro,

Paulo SimoesAuthors Info & Claims

ACM Computing Surveys (CSUR), Volume 51, Issue 3

Article No.: 46, Pages 1 - 31

https://doi.org/10.1145/3177847

Published: 01 May 2018 Publication History

Abstract

Contemporary mobile devices are the result of an evolution process, during which computational and networking capabilities have been continuously pushed to keep pace with the constantly growing workload requirements. This has allowed devices such as smartphones, tablets, and personal digital assistants to perform increasingly complex tasks, up to the point of efficiently replacing traditional options such as desktop computers and notebooks. However, due to their portability and size, these devices are more prone to theft, to become compromised, or to be exploited for attacks and other malicious activity. The need for investigation of the aforementioned incidents resulted in the creation of the Mobile Forensics (MF) discipline. MF, a sub-domain of digital forensics, is specialized in extracting and processing evidence from mobile devices in such a way that attacking entities and actions are identified and traced. Beyond its primary research interest on evidence acquisition from mobile devices, MF has recently expanded its scope to encompass the organized and advanced evidence representation and analysis of future malicious entity behavior. Nonetheless, data acquisition still remains its main focus. While the field is under continuous research activity, new concepts such as the involvement of cloud computing in the MF ecosystem and the evolution of enterprise mobile solutions—particularly mobile device management and bring your own device—bring new opportunities and issues to the discipline. The current article presents the research conducted within the MF ecosystem during the last 7 years, identifies the gaps, and highlights the differences from past research directions, and addresses challenges and open issues in the field.

References

[1]

504ensics Labs. 2013. LiME—Linux Memory Extractor. Retrieved April 10, 2015, from https://github.com/504ensicsLabs/LiME/tree/master/doc.

[2]

Cosimo Anglano. 2014. Forensic analysis of Whatsapp messenger on Android smartphones. Special Issue: Embedded Forensics, Digital Investig. 11, 3 (2014), 201--213.

Digital Library

[3]

Apple Inc. 2016. iOS Security White Paper. Technical Report. Apple Inc. https://www.apple.com/business/docs/iOS_Security_Guide.pdf.

[4]

Claudio A. Ardagna, Rasool Asal, Ernesto Damiani, and Quang Hieu Vu. 2015. From security to assurance in the cloud: A survey. ACM Comput. Surv. 48, 1 (July 2015), Article 2, 50 pages.

Digital Library

[5]

Autopsy. 2016. Autopsy—The Sleuth Kit. Retrieved January 12, 2016, from http://www.sleuthkit.org/autopsy.

[6]

Rick Ayers, Sam Brothers, and Wayne Jansen. 2014. NIST Special Publication 800-101, Guidelines on Mobile Device Forensics: Revision 1. Technical Report SP 800-101. National Institute of Standards and Technology, Gaithersburg, MD.

[7]

Lee Badger, Tim Grance, Robert Patt-Corner, and Jeff Voas. 2012. NIST Special Publication 800-146, Cloud Computing Synopsis and Recommendations. Technical Report SP 800-146. National Institute of Standards and Technology, Gaithersburg, MD.

[8]

Ibrahim Baggili, Jeff Oduro, Kyle Anthony, Frank Breitinger, and Glenn McGee. 2015. Watch what you wear: Preliminary forensic analysis of smart watches. In Proceedings of the 2015 10th International Conference on Availability, Reliability, and Security (ARES’15), 303--311.

Digital Library

[9]

Konstantia Barmpatsalou, Bruno Sousa, Edmundo Monteiro, and Paulo Simoes. 2015. Mobile forensics for PPDR communications: How and why. In Proceedings of the 10th International Conference on Cyber Warfare and Security (ICCWS’15). 30.

[10]

Nedaa Baker Al Barghouthy, Andrew Marrington, and Ibrahim Baggili. 2013. The forensic investigation of android private browsing sessions using Orweb. In Proceedings of the 2013 5th International Conference on Computer Science and Information Technology (CSIT’13). 33--37.

[11]

Nedaa Baker Al Barghouthy and Huwida Said. 2013. Social networks IM forensics: Encryption analysis. J. Commun. 8, 11 (2013), 708--715.

[12]

Konstantia Barmpatsalou, Tiago Cruz, Edmundo Monteiro, and Paulo Simoes. 2017. Fuzzy system-based suspicious pattern detection in mobile forensic evidence. In Proceedings of the 9th EAI International Conference on Digital Forensics and Cyber Crime.

[13]

Konstantia Barmpatsalou, Dimitrios Damopoulos, Georgios Kambourakis, and Vasilios Katos. 2013. A critical review of 7 years of mobile device forensics. Digital Investig. 10, 4 (2013), 323--349.

Digital Library

[14]

Sean Barnum. 2012. Structured Threat Information eXpression. Technical Report. MITRE corporation. http://stix.mitre.org/about/documents/STIX_Whitepaper_v1.0.pdf.

[15]

R. Barona and E. A. M. Anita. 2017. A survey on data breach challenges in cloud computing security: Issues and threats. In Proceedings of the 2017 International Conference on Circuit, Power, and Computing Technologies (ICCPCT’17). 1--8.

[16]

Ashley Brinson, Abigail Robinson, and Marcus Rogers. 2006. A cyber forensics ontology: Creating a new approach to studying cyber forensics. Digital Investig. 3 (Sept. 2006), 37--43.

Digital Library

[17]

N. D. W. Cahyani, B. Martini, K.-K. R. Choo, and A. K. B. P. Muhammad Nuh Al-Azhar. 2016a. Forensic data acquisition from cloud-of-things devices: Windows smartphones as a case study. Concurrency and Computation: Practice and Experience 29, 14, e3855.

[18]

Niken Dwi Wahyu Cahyani, Nurul Hidayah Ab Rahman, Zheng Xu, William Bradley Glisson, and Kim-Kwang Raymond Choo. 2016b. The role of mobile forensics in terrorism investigations involving the use of cloud apps. In Proceedings of the 9th EAI International Conference on Mobile Multimedia Communications (MobiMedia’16). 199--204. http://dl.acm.org/citation.cfm?id=3021385.3021421

Digital Library

[19]

Eoghan Casey. 2011. Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet (3rd ed.). Academic Press.

Digital Library

[20]

Eoghan Casey. 2013. Smartphone forensics and mobile malware analysis. Retrieved February 4, 2015, from http://www.caseite.com/content/smartphone-forensics-and-mobile-malware-analysis.

[21]

Eoghan Casey, Greg Back, and Sean Barnum. 2014. Leveraging CybOX to standardize representation and exchange of digital information. Digital Investig. 12 (2014), S102--S110.

Digital Library

[22]

Cellebrite Predictions. 2015. Mobile Forensics: A look ahead. Retrieved April 10, 2015, from http://www.cellebrite.com/Media/Default/Files/CellebritePredictions20Survey202015.pdf.

[23]

Sheng-Wen Chen, Chung-Huang Yang, and Chien-Tsung Liu. 2011. Design and implementation of live SD acquisition tool in Android smart phone. In Proceedings of the 2011 5th International Conference on Genetic and Evolutionary Computing (ICGEC’11). 157--162.

Digital Library

[24]

Yan Cheng. 2011. Cybercrime forensic system in cloud computing. In Proceedings of the 2011 International Conference on Image Analysis and Signal Processing (IASP’11). 612--615.

[25]

Hyunji Chung, Jungheum Park, Sangjin Lee, and Cheulhoon Kang. 2012. Digital forensic investigation of cloud storage services. Digital Investig. 9, 2 (2012), 81--95.

[26]

Christian D’Orazio, Aswami Ariffin, and Kim-Kwang Raymond Choo. 2014. iOS Anti-forensics: How can we securely conceal, delete and insert data? In Proceedings of the 2014 47th Hawaii International Conference on System Sciences (HICSS’14). 4838--4847.

Digital Library

[27]

Farid Daryabar, Ali Dehghantanha, and Kim-Kwang Raymond Choo. 2015. Cloud storage forensics: MEGA as a case study. Aust. J. Forensic Sci. 49, 3, 1--14.

[28]

Waldo Delport, Martin S. Olivier, and Michael Kohn. 2011. Isolating a cloud instance for a digital forensic investigation. In Proceedings of the Conference on Information Security for South Africa (ISSA’11).

[29]

Farhood Norouzizadeh Dezfouli, Ali Dehghantanha, Brett Eterovic-Soric, and Kim-Kwang Raymond Choo. 2015. Investigating social networking applications on smartphones detecting Facebook, Twitter, LinkedIn and Google+ artefacts on Android and iOS platforms. Aust. J. Forensic Sci. 48, 4, 1--20.

[30]

Farhood Norouzizadeh Dezfouli, Ali Dehghantanha, Ramlan Mahmoud, Nor Fazlida Binti Mohd Sani, and Solahuddin bin Shamsuddin. 2012. Volatile memory acquisition using backup for forensic investigation. In Proceedings of the 2012 International Conference on Cyber Security, Cyber Warfare, and Digital Forensic (CyberSec’12). 186--189.

[31]

Francesco Di Cerbo, Andrea Girardello, Florian Michahelles, and Svetlana Voronkova. 2011. Detection of malicious applications on Android OS. In Computational Forensics. Lecture Notes in Computer Science, Vol. 6540. Springer, 138--149.

Digital Library

[32]

Quang Do, Ben Martini, and Kim-Kwang Raymond Choo. 2015. A forensically sound adversary model for mobile devices. PLoS ONE 10, e0138449.

[33]

Josiah Dykstra and Alan T. Sherman. 2012. Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques. Digital Investig. 9, Supplement (2012), S90--S98.

[34]

Jason Farina, Mark Scanlon, Nhien-An Le-Khac, and Mohand Tahar Kechadi. 2015. Overview of the forensic investigation of cloud services. In Proceedings of the 2015 10th International Conference on Availability, Reliability, and Security (ARES’15). 556--565.

Digital Library

[35]

Roy Thomas Fielding. 2000. Architectural Styles and the Design of Network-Based Software Architectures. Ph.D. Dissertation. University of California, Irvine.

Digital Library

[36]

Luis Gomez-Miralles and Joan Arnedo-Moreno. 2012. Versatile iPad forensic acquisition using the Apple camera connection kit. Comput. Math. Appl. 63, 2 (2012), 544--553.

Digital Library

[37]

Google Inc. 2016. Compatibility Definition Android 6.0. Technical Report. Google Inc. https://static.googleusercontent.com/media/source.android.com/en//compatibility/android-cdd.pdf.

[38]

George Grispos, William Bradley Glisson, and Tim Storer. 2013. Using smartphones as a proxy for forensic evidence contained in cloud storage services. arXiv:1303.4078.

Digital Library

[39]

George Grispos, William Bradley Glisson, and Tim Storer. 2015. Recovering residual forensic data from smartphone interactions with cloud storage providers. In The Cloud Security Ecosystem, R. K.-K. R. Choo (Ed.). Syngress, Boston, MA, 347--382.

[40]

George Grispos, Tim Storer, and William Bradley Glisson. 2011. A comparison of forensic evidence recovery techniques for a Windows mobile smart phone. Digital Investig. 8, 1 (July 2011), 23--36.

Digital Library

[41]

George Grispos, Tim Storer, and William Bradley Glisson. 2012. Calm before the storm: The challenges of cloud computing in digital forensics. arXiv:1410.2123. http://arxiv.org/abs/1410.2123

[42]

Justin Grover. 2013. Android forensics: Automated data collection and reporting from a mobile device. Digital Investig. 10, Supplement (2013), S12--S20.

Digital Library

[43]

Tareq Hanaysha, Dale Lindskog, and Ron Ruhl. 2014. Using open source tools to investigate malware in the Android operating system. In Proceedings of the Master of Information Systems Security Research 2014 Convocation. 1--8.

[44]

David Christopher Harrill and Richard P. Mislan. 2007. A small scale digital device forensics ontology. Small Scale Device Forensics J. 1, 1 (2007).

[45]

Ryan Harris. 2006. Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem. Digital Investig. 3, Supplement (2006), 44--49.

Digital Library

[46]

Andri P. Heriyanto. 2013. Procedures and tools for acquisition and analysis of volatile memory on Android smartphones. In Proceedings of the 11th Australian Digital Forensics Conference. http://ro.ecu.edu.au/adf/123.

[47]

Christian Hilgers, Holger Macht, Tilo Müller, and Michael Spreitzenbarth. 2014. Post-mortem memory analysis of cold-booted Android devices. In Proceedings of the 2014 8th International Conference on IT Security Incident Management IT Forensics (IMF’14). 62--75.

Digital Library

[48]

Irvin Homem. 2016. Towards automation in digital investigations: Seeking efficiency in digital forensics in mobile and cloud environments. In Proceedings of the Afternoon Session on 1-Rootkit and Network Security and Forensics.

[49]

Andrew Hoog. 2011. Android Forensics: Investigation, Analysis and Mobile Security for Google Android. Syngress Publishing.

Digital Library

[50]

Amir Houmansadr, Saman A. Zonouz, and Robin Berthier. 2011. A cloud-based intrusion detection and response system for mobile phones. In Proceedings of the 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSN-W’11). 31--32.

Digital Library

[51]

Felix Immanuel, Ben Martini, and Kim-Kwang Raymond Choo. 2015. Android cache taxonomy and forensic process. In Proceedings of the 2015 IEE Trustcom/BigDataSE/ISPA Conference, Vol. 1. 1094--1101.

Digital Library

[52]

Asif Iqbal, Hanan Al Obaidli, Andrew Marrington, and Andy Jones. 2014. Windows surface {RT} tablet forensics. Digital Investig. 11, Supplement 1 (2014), S87--S93.

[53]

ISO/IEC. 2012. Guidelines for Identification, Collection, Acquisition, and Preservation of Digital Evidence. ISO/IEC.

[54]

ISO/IEC. 2015a. Guidelines for the Analysis and Interpretation of Digital Evidence. ISO/IEC.

[55]

ISO/IEC. 2015b. Guidelines for the Analysis and Interpretation of Digital Evidence. ISO/IEC.

[56]

Alan R. Jamieson. 2004. Radiocommunication for Public Protection and Disaster Relief. Technical Report. International Telecommunication Union. https://www.itu.int/itunews/manager/display.asp?lang=en&year===2006&issue===03&ipage===publicProtection&ext===html.

[57]

Wayne Jansen and Richard P. Ayers. 2007. NIST Special Publication 800-101, Guidelines on Cell Phone Forensics. Technical Report SP 800-101. National Institute of Standards and Technology, Gaithersburg, MD.

Digital Library

[58]

Marnix Kaart and Susan Laraghy. 2014. Android forensics: Interpretation of timestamps. Digital Investig. 11, 3 (2014), 234--248.

Digital Library

[59]

Damir Kahvedzic and Mohand Tahar Kechadi. 2009. DIALOG: A framework for modeling, analysis and reuse of digital forensic knowledge. Digital Investig. 6, Supplement (2009), S23--S33.

Digital Library

[60]

Nickson M. Karie and Hein S. Venter. 2014. Toward a general ontology for digital forensic disciplines. J. Forensic Sci. 59, 5 (2014), 1231--1241.

[61]

Dimitrios Kasiaras, Thomas Zafeiropoulos, Nathan Clarke, and Georgios Kambourakis. 2014. Android forensics: Correlation analysis. In Proceedings of the 2014 9th International Conference for Internet Technology and Secured Transactions (ICITST’14). 157--162.

[62]

Mohand Tahar Kechadi, Muhammad Faheem, and Nhien An Le-Khac. 2015. The state of the art forensic techniques in mobile cloud environment: A survey, challenges and current trends. Int. J. Digit. Crime For. 7, 2 (April 2015), 1--19.

Digital Library

[63]

Gary C. Kessler. 2007. Anti-forensics and the digital investigator. In Proceedings of the 5th Australian Digital Forensics Conference.

[64]

Atta ur Rehman Khan, Mazliza Othman, Sajjad Ahmad Madani, and Samee Ullah Khan. 2014. A survey of mobile cloud computing application models. IEEE Comm. Surve. Tutor. 16, 1, 393--413.

[65]

Coert Klaver. 2010. Windows mobile advanced forensics. Digital Investig. 6, 3--4 (May 2010), 147--167.

Digital Library

[66]

Michael Donovan Kohn, Mariki M. Eloff, and Jan H. P. Eloff. 2013. Integrated digital forensic process model. Comput. Sec. 38, 103--115.

Digital Library

[67]

Panayiotis A. Kotsopoulos and Yiannis Stamatiou. 2012. Uncovering mobile phone users’ malicious activities using open source tools. In Proceedings of the 2012 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM’12). 927--933.

Digital Library

[68]

Jooyoung Lee and Do Won Hong. 2011. Pervasive forensic analysis based on mobile cloud computing. In Proceedings of the 2011 3rd International Conference on Multimedia Information Networking and Security (MINES’11). 572--576.

Digital Library

[69]

Juanru Li, Dawu Gu, and Yuhao Luo. 2012. Android malware forensics: Reconstruction of malicious events. In Proceedings of the 2012 32nd International Conference on Distributed Computing Systems Workshops (ICDCSW’12). 552--558.

Digital Library

[70]

Silas Luttenberger and Reiner Creutzburg. 2011. Forensic investigation of certain types of mobile devices. Proc. SPIE 7881 (2011), 78810Q.

[71]

Ben Martini and Kim-Kwang Raymond Choo. 2012. An integrated conceptual digital forensic framework for cloud computing. Digital Investig. 9, 2 (2012), 71--80.

[72]

Ben Martini and Kim-Kwan Raymond Choo. 2014. Cloud forensic technical challenges and solutions: A snapshot. IEEE Cloud Computing 1, 4 (Nov 2014), 20--25.

[73]

Ben Martini, Quang Do, and Kim-Kwang Raymond Choo. 2015a. Conceptual evidence collection and analysis methodology for Android devices. In The Cloud Security Ecosystem, R. K.-K. R. Choo (Ed.). Syngress, Boston, MA, 285--307.

[74]

Ben Martini, Quang Do, and Kim-Kwang Raymond Choo. 2015b. Mobile cloud forensics: An analysis of seven popular Android apps. In The Cloud Security Ecosystem, R. K.-K. R. Choo (Ed.). Syngress, Boston, MA, 309--345.

[75]

Fabio Marturana, Gianluigi Me, Rosamaria Berte, and Simone Tacconi. 2011. A quantitative approach to triaging in mobile forensics. In Proceedings of the 2011 IEEE 10th International Conference on Trust, Security, and Privacy in Computing and Communications (TrustCom’11). 582--588.

Digital Library

[76]

Fabio Marturana, Gianluigi Me, and Sergio Tacconi. 2012. A case study on digital forensics in the cloud. In Proceedings of the 2012 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC’12). 111--116.

Digital Library

[77]

Peter Mell and Timothy Grance. 2011. The NIST Definition of Cloud Computing. Technical Report 800-145. National Institute of Standards and Technology, Gaithersburg, MD. http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf.

[78]

Antonis Michalas and Rohan Murray. 2016. Mem Tri: Memory Forensics Triage Tool. Technical Report. Cyber Security Group, University of Westminster. http://westminsterresearch.wmin.ac.uk/id/eprint/17867.

[79]

Antonis Michalas and Rohan Murray. 2017. MemTri: A memory forensics triage tool using bayesian network and volatility. In Proceedings of the 2017 International Workshop on Managing Insider Security Threats (MIST’17). ACM, New York, NY, USA.

Digital Library

[80]

The MITRE Corporation. 2015. Cyber Observable eXpression (CybOXTM). Technical Report. The MITRE Corporation. http://cyboxproject.github.io

[81]

Pontjho M. Mokhonoana and Martin S. Olivier. 2007. Acquisition of a Symbian smart phone’s content with an on-phone forensic tool. In Proceedings of the Southern African Telecommunication Networks and Applications Conference.

[82]

Hamid R. Motahari-Nezhad, Bryan Stephenson, and Sharad Singhal. 2009. Outsourcing business to cloud computing services: Opportunities and challenges. IEEE Internet Computing, Special Issue on Cloud Computing. Submitted.

[83]

Tilo Müller and Michael Spreitzenbarth. 2013. FROST: Forensic recovery of scrambled telephones. In Proceedings of the 11th International Conference on Applied Cryptography and Network Security (ACNS’13). 373--388.

Digital Library

[84]

Cynthia Murphy, Adrian Leong, Maggie Gaffney, Shafik G. Punjad, JoAnn Gibb, and Brian McGarry. 2016. Windows Phone 8 Forensic Artifacts. Technical Report. SANS Institute. https://www.sans.org/reading-room/whitepapers/forensics/windows-phone-8-forensic-artifacts-35787.

[85]

Cynthia A. Murphy. 2013. Developing Process for Mobile Device Forensics. Retrieved April 9, 2018, from https://digital-forensics.sans.org/media/mobile-device-forensic-process-v3.pdf.

[86]

Luis Filipe da Cruz Nassif and Eduardo Raul Hruschka. 2011. Document clustering for forensic computing: An approach for improving computer inspection. In Proceedings of the 2011 10th International Conference on Machine Learning and Applications and Workshops, Vol. 1 (ICMLA’11). IEEE, Los Alamitos, CA, 265--268.

Digital Library

[87]

Daniel Nguli, Almerindo Graziano, George Nicolaou, and Juma Fredrick. 2014. Nyuki Android Process Dumper User Guide. Retrieved April 9, 2018, from http://www.silensec.com/images/images/nyuki_aprocdump_user_guide.pdf.

[88]

Prashant N. Ninawe and Shrikant B. Ardhapurkar. 2014. Forensic-as-a-service for mobile devices (literature survey). Int. J. Comput. Sci. Inform. Technol. 5, 6 (2014), 7776--7778.

[89]

NowSecure. 2016. NowSecure: Power-efficient MF for Android and iOS. Retrieved January 12, 2016, from https://www.nowsecure.com/forensics.

[90]

Christoforos Ntantogian, Dimitris Apostolopoulos, Giannis Marinakis, and Christos Xenakis. 2014. Evaluating the privacy of Android mobile applications under forensic analysis. Comp. Sec. 42, 66--76.

[91]

Gary Palmer. 2001. A Road Map for Digital Forensic Research. Technical Report DTRT0010-01. Digital Forensic Research Workshop.

[92]

Albert Pang. 2015. Worldwide Cloud Applications Market Forecast 2015-2019. Retrieved April 9, 2018, from http://www.appsruntheworld.com/worldwide-cloud/applications-market-forecast-2015-2019.

[93]

Emmanuel S. Pilli, Rutvij C. Joshi, and Rajdeep Niyogi. 2010. Network forensic frameworks: Survey and research challenges. Digital Investig. 7, 2 (2010), 14--27.

Digital Library

[94]

Christian Platzer, Martin Stuetz, and Martina Lindorfer. 2014. Skin Sheriff: A machine learning solution for detecting explicit images. In Proceedings of the 2nd International Workshop on Security and Forensics in Communication Systems (SFCS’14). ACM, New York, NY, 45--56.

Digital Library

[95]

Darren Quick and Kim-Kwang Raymond Choo. 2014. Impacts of increasing volume of digital forensic data: A survey and future research challenges. Digital Investig. 11, 4 (2014), 273--294.

Digital Library

[96]

Shivankar Raghav and Ashish Kumar Saxena. 2009. Mobile forensics: Guidelines and challenges in data preservation and acquisition. In Proceedings of the 2009 IEEE Student Conference on Research and Development (SCOReD’09). 5--8.

[97]

RightScale. 2016. State of the Cloud Report. Retrieved April 4, 2016, from http://assets.rightscale.com/uploads/pdfs/RightScale-2016-State-of-the-Cloud-Report.pdf.

[98]

Marcus K. Rogers. 2013. Analysis of digital evidence. In Encyclopedia of Forensic Sciences, J. A. Siegel, P. J. Saukko, and M. M. Houck (Eds.). Academic Press, Waltham, MA 455--460.

[99]

Marcus K. Rogers, James Goldman, Rick Mislan, Timothy Wedge, and Steve Debrota. 2006. Computer forensics field triage process model. J. Digital Forensics, Secur. Law 1, 2 (2006), 19--38.

[100]

Keyun Ruan, Joe Carthy, Mohand Tahar Kechadi, and Ibrahim Baggili. 2013. Cloud forensics definitions and critical criteria for cloud forensic capability: An overview of survey results. Digital Investig. 10, 1 (2013), 34--43.

Digital Library

[101]

Sherif Saad and Issa Traore. 2010. Ontology-Based Intelligent Network-Forensics Investigation. Retrieved April 9, 2018, from https://pdfs.semanticscholar.org/3a33/c4f3215ddc284ff87532753fe40b4f1d1d4.pdf.

[102]

Mohammed I. Al-Saleh and Yahya A. Forihat. 2013. Skype forensics in Android devices. Int. J. Comput. Appl. 78, 7 (Sept. 2013), 38--44.

[103]

Brendan Saltaformaggio, Rohit Bhatia, Zhongshu Gu, Xiangyu Zhang, and Dongyan Xu. 2015. GUITAR: Piecing together Android app GUIs from memory images. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS’15). ACM, New York, NY, 120--132.

Digital Library

[104]

SALUS. 2014. Deliverable 7.1 SALUS PPDR Platform—Intermediate. Retrieved April 9, 2018, from http://www.sec-salus.eu/wp-content/uploads/2014/05/SALUS_D7.1_v1.1.pdf.

[105]

Nouha Samet, Asma Ben Letaifa, Mohamed Hamdi, and Sami Tabbane. 2014. Forensic investigation in mobile cloud environment. In Proceedings of the 2014 International Symposium on Networks, Computers, and Communications. 1--5.

[106]

Philip Schutz, Michael Breuer, Hans Hofken, and Marko Schuba. 2013. Malware proof on mobile phone exhibits based on GSM/GPRS traces. In Proceedings of the 2nd International Conference on Cyber Security, Cyber Peacefare, and Digital Forensic (CyberSec’13). 89--96.

[107]

Tamer Shanableh. 2013. Detection of frame deletion for digital video forensics. Digital Investig. 10, 4 (2013), 350--360.

Digital Library

[108]

Mohammad Shariati, Ali Dehghantanha, and Kim-Kwang Raymond Choo. 2016. SugarSync forensic analysis. Aust. J. Forensic Sci. 48, 1 (2016), 95--117.

[109]

Mohammad Shariati, Ali Dehghantanha, Ben Martini, and Kim-Kwang Raymond Choo. 2015. Ubuntu One investigation: Detecting evidences on client machines. In The Cloud Security Ecosystem, R. K.-K.-R. Choo (Ed.). Syngress, Boston, MA, 429--446.

[110]

Silensec. 2016. Nyuki Forensic Investigator (NFI). Retrieved January 12, 2016, from http://www.silensec.com.

[111]

Murugiah Souppaya and Karen Scarfone. 2013. NIST Special Publication 800-124, Guidelines for Managing the Security of Mobile Devices in the Enterprise: Revision 1. Technical Report. National Institute of Standards and Technology, Gaithersburg, MD.

[112]

Vrizlynn L. L. Thing, Kian-Yong Ng, and Ee-Chien Chang. 2010. Live memory forensics of mobile phones. Digital Investig. 7, Supplement0 (2010), S74--S82. Proceedings of the Tenth Annual (DFRWS) Conference.

Digital Library

[113]

Gordon Thomson. 2012. BYOD: Enabling the chaos. Netw. Secur. 2012, 2 (2012), 5--8.

[114]

Volatile Systems. 2011. The volatility framework: Volatile memory artifact extraction utility framework. Retrieved January 12, 2015, from https://www.volatilesystems.com.

[115]

Stefan Vomel. 2013. Forensic Acquisition and Analysis of Volatile Data in Memory. Ph.D. Dissertation. Faculty at the Friedrich-Alexander University Erlangen-Nurnberg.

[116]

Daniel Votipka, Timothy Vidas, and Nicolas Christin. 2013. Passe-partout: A general collection methodology for Android devices. IEEE Trans. Inf. Forensics Security 8, 12 (Dec. 2013), 1937--1946.

Digital Library

[117]

Robert J. Walls, Erik Learned-Miller, and Brian Neil Levine. 2011. Forensic triage for mobile phones with DEC0DE. In Proceedings of the 20th USENIX Conference on Security (SEC’11). 7.

Digital Library

[118]

M. Wazid, A. Katal, R. H. Goudar, and S. Rao. 2013. Hacktivism trends, digital forensic tools and challenges: A survey. In Proceedings of the 2013 IEEE Conference on Information Communication Technologies (ICT’13). 138--144.

[119]

Shams Zawoad, Amit Kumar Dutta, and Ragib Hasan. 2013. SecLaaS: Secure logging-as-a-service for cloud forensics. In Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer, and Communications Security (ASIA CCS’13). ACM, New York, NY, 219--230.

Digital Library

[120]

Shams Zawoad and Ragib Hasan. 2013. Cloud forensics: A meta-study of challenges, approaches, and open problems. arXiv:1302.6312. http://arxiv.org/abs/1302.6312

[121]

Shams Zawoad and Ragib Hasan. 2015. Towards a systematic analysis of challenges and issues in secure mobile cloud forensics. In Proceedings of the 2015 3rd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering (MobileCloud’15). 237--238.

Digital Library

[122]

Jonathan Zdziarski. 2008. iOS Forensic Investigative Methods. Technical Report. International Telecommunication Union. http://www.zdziarski.com/blog/wp-content/uploads/2013/05/iOS-Forensic-Investigative-Methods.pdf.

Cited By

Nishchal S(2024)Forensic Analysis of WhatsApp: A Review of Techniques, Challenges, and Future DirectionsJournal of Forensic Science and Research10.29328/journal.jfsr.10010598:1(019-024)Online publication date: 18-Jun-2024
https://doi.org/10.29328/journal.jfsr.1001059
Santos JValadares DGorgônio KPerkusich A(2024)Mobile Data Security with Attribute-based Encryption and Confidential Computing2024 IEEE International Conference on Consumer Electronics (ICCE)10.1109/ICCE59016.2024.10444176(1-4)Online publication date: 6-Jan-2024
https://doi.org/10.1109/ICCE59016.2024.10444176
Asghari ASohrabi M(2024)Server placement in mobile cloud computing: A comprehensive survey for edge computing, fog computing and cloudletComputer Science Review10.1016/j.cosrev.2023.10061651(100616)Online publication date: Feb-2024
https://doi.org/10.1016/j.cosrev.2023.100616
Show More Cited By

Index Terms

Current and Future Trends in Mobile Device Forensics: A Survey
1. Applied computing
  1. Computer forensics
    1. Network forensics
    2. System forensics
2. Security and privacy
  1. Network security
    1. Mobile and wireless security
  2. Systems security
    1. Operating systems security
      1. Mobile platform security

Recommendations

Practical investigations of digital forensics tools for mobile devices
InfoSecCD '10: 2010 Information Security Curriculum Development Conference

With the continued growth of the mobile device market, the possibility of their use in criminal activity will only continue to increase. While the mobile device market provides a great variety of manufactures and models causing a strong diversity. It ...
Fast smartphones forensic analysis results through mobile internal acquisition tool and forensic farm

Market penetration of smartphones and the enriched capabilities of new devices lead to the storage of lot of data in their internal memory, providing a silent witness of digital crimes and private facts as well. This article proposes a new methodology ...
An investigation of anonymous and spoof SMS resources used for the purposes of cyberstalking

In 2012, the United Kingdom actively sought to tackle acts of stalking through amendments to the Protection from Harassment Act 1997. Now, not only is stalking a recognised criminal offence, acts associated with stalking behaviour have finally been ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Computing Surveys

ACM Computing Surveys Volume 51, Issue 3

May 2019

796 pages

ISSN:0360-0300

EISSN:1557-7341

DOI:10.1145/3212709

Editor:
Sartaj Sahni
Department of Computer and Information Science and Engineering / University of Florida / Gainesville, FL 32611

Issue’s Table of Contents

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 May 2018

Accepted: 01 January 2018

Revised: 01 November 2017

Received: 01 October 2016

Published in CSUR Volume 51, Issue 3

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Survey
Research
Refereed

Funding Sources

Centro 2020 Mobitrust Project

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

38
Total Citations
View Citations
3,445
Total Downloads

Downloads (Last 12 months)427
Downloads (Last 6 weeks)24

Reflects downloads up to 26 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Nishchal S(2024)Forensic Analysis of WhatsApp: A Review of Techniques, Challenges, and Future DirectionsJournal of Forensic Science and Research10.29328/journal.jfsr.10010598:1(019-024)Online publication date: 18-Jun-2024
https://doi.org/10.29328/journal.jfsr.1001059
Santos JValadares DGorgônio KPerkusich A(2024)Mobile Data Security with Attribute-based Encryption and Confidential Computing2024 IEEE International Conference on Consumer Electronics (ICCE)10.1109/ICCE59016.2024.10444176(1-4)Online publication date: 6-Jan-2024
https://doi.org/10.1109/ICCE59016.2024.10444176
Asghari ASohrabi M(2024)Server placement in mobile cloud computing: A comprehensive survey for edge computing, fog computing and cloudletComputer Science Review10.1016/j.cosrev.2023.10061651(100616)Online publication date: Feb-2024
https://doi.org/10.1016/j.cosrev.2023.100616
Khubrani M(2023)Mobile Device Forensics, challenges and Blockchain-based Solution2023 Second International Conference On Smart Technologies For Smart Nation (SmartTechCon)10.1109/SmartTechCon57526.2023.10391719(1504-1509)Online publication date: 18-Aug-2023
https://doi.org/10.1109/SmartTechCon57526.2023.10391719
Rath SDas TAstaburuaga ISengupta S(2023)Less is More: Deep Learning Framework for Digital Forensics in Resource-Constrained Environments2023 11th International Symposium on Digital Forensics and Security (ISDFS)10.1109/ISDFS58141.2023.10131803(1-6)Online publication date: 11-May-2023
https://doi.org/10.1109/ISDFS58141.2023.10131803
Conti MKumar GLal CSaha R(2023)Blockchain-Based Distributed and Secure Digital Forensic Investigation SystemsBlockchains10.1007/978-3-031-32146-7_11(337-362)Online publication date: 10-Aug-2023
https://doi.org/10.1007/978-3-031-32146-7_11
Studiawan HAhmad TSantoso BPratomo B(2022)Forensic Timeline Analysis of iOS Devices2022 International Conference on Engineering and Emerging Technologies (ICEET)10.1109/ICEET56468.2022.10007150(1-5)Online publication date: 27-Oct-2022
https://doi.org/10.1109/ICEET56468.2022.10007150
Casino FDasaklis TSpathoulas GAnagnostopoulos MGhosal ABorocz ISolanas AConti MPatsakis C(2022)Research Trends, Challenges, and Emerging Topics in Digital Forensics: A Review of ReviewsIEEE Access10.1109/ACCESS.2022.315405910(25464-25493)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3154059
El Majdoub ASaadi CChaoui H(2022)Mobile Forensics Data AcquisitionITM Web of Conferences10.1051/itmconf/2022460200646(02006)Online publication date: 6-Jun-2022
https://doi.org/10.1051/itmconf/20224602006
Zhang ABradford BMorgan RNakhaeizadeh S(2022)Investigating the uses of mobile phone evidence in China criminal proceedingsScience & Justice10.1016/j.scijus.2022.03.01162:3(385-398)Online publication date: May-2022
https://doi.org/10.1016/j.scijus.2022.03.011
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents