Abstract
In modern criminal investigations, mobile devices are seized at every type of crime scene, and the data on those devices often becomes critical evidence in the case. Various mobile forensic techniques have been established and evaluated through research in order to extract possible evidence data from devices over the decades. However, as mobile devices become essential tools for daily life, security and privacy concerns grow, and modern smartphone vendors have implemented multiple types of security protection measures - such as encryption - to guard against unauthorized access to the data on their products. This trend makes forensic acquisition harder than before, and data extraction from those devices for criminal investigation is becoming a more challenging task. Today, mobile forensic research focuses on identifying more invasive techniques, such as bypassing security features, and breaking into target smartphones by exploiting their vulnerabilities. In this paper, we explain the increased encryption and security protection measures in modern mobile devices and their impact on traditional forensic data extraction techniques for law enforcement purposes. We demonstrate that in order to overcome encryption challenges, new mobile forensic methods rely on bypassing the security features and exploiting system vulnerabilities. A new model for forensic acquisition is proposed. The model is supported by a legal framework focused on the usability of digital evidence obtained through vulnerability exploitation.
Highlights
Mobile devices frequently contain data relevant to criminal investigations, and forensic analysis of those devices has become an increasingly critical investigative capability for law enforcement agencies
Note that even though micro read is ranked as the highest level in the above mentioned classification system, and past research had proved that reading the data directly from the memory die is possible (Courbon et al, 2017), in practice, it is not regarded as the practical mobile data extraction technique in mobile forensics to the best of the authors’ knowledge
A EUeUS consensus has not been reached, and the patchwork legislation shows the need for an international treaty for regulating encryption, access to cloud data, and digital evidence exchange according to internationally-agreed digital forensic standards
Summary
Mobile devices frequently contain data relevant to criminal investigations, and forensic analysis of those devices has become an increasingly critical investigative capability for law enforcement agencies. Various forensic science researchers have established methods and processes to extract evidence data from mobile devices in a forensically sound manner (Barmpatsalou et al, 2013; Al-Dhaqm et al, 2020; Reedy, 2020). Encryption, together with other security guard features has clearly created challenges for forensic investigators seeking to extract data from mobile devices seized at crime scenes. Those security features have disabled many of the data acquisition methods that have been used historically, and new methods to acquire data from modern mobile devices must be explored. A new model for forensic acquisition is proposed, and modern forensic data extraction techniques are evaluated in the context of the controversial, and underdeveloped regulation of encryption and governmental access to encrypted devices
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
