Abstract
Mobile Forensics (MF) field uses prescribed scientific approaches with a focus on recovering Potential Digital Evidence (PDE) from mobile devices leveraging forensic techniques. Consequently, increased proliferation, mobile-based services, and the need for new requirements have led to the development of the MF field, which has in the recent past become an area of importance. In this article, the authors take a step to conduct a review on Mobile Forensics Investigation Process Models (MFIPMs) as a step towards uncovering the MF transitions as well as identifying open and future challenges. Based on the study conducted in this article, a review of the literature revealed that there are a few MFIPMs that are designed for solving certain mobile scenarios, with a variety of concepts, investigation processes, activities, and tasks. A total of 100 MFIPMs were reviewed, to present an inclusive and up-to-date background of MFIPMs. Also, this study proposes a Harmonized Mobile Forensic Investigation Process Model (HMFIPM) for the MF field to unify and structure whole redundant investigation processes of the MF field. The paper also goes the extra mile to discuss the state of the art of mobile forensic tools, open and future challenges from a generic standpoint. The results of this study find direct relevance to forensic practitioners and researchers who could leverage the comprehensiveness of the developed processes for investigation.
Highlights
Mobile Forensics (MF) as a branch of science is concerned with the recovery of digital evidence from mobile devices using prescribed and appropriate scientific forensic conditions [1]
WORKS In literature, several models proposed by different scholars on forensic investigation processes have been observed, which deal with various mobile devices (e.g., BlackBerry, Personal Digital Assistants (PDAs), Cellular mobile, GSM, Mobile phone Linux and Windows platforms, Huawei, Korea CDMA, Symbian, iPhone, etc.)
Through this review, MF field has suffered from several issues as shown previously in Figure 3: 1. Lack of standardized investigation model: Several specific investigation process models have been proposed in the literature
Summary
Mobile Forensics (MF) as a branch of science is concerned with the recovery of digital evidence from mobile devices using prescribed and appropriate scientific forensic conditions [1]. The authors in [3] introduced an innovative forensic process model that its focus was on the issues related to the Windows mobile device forensic investigations and approaching standardized This model comprised 12 investigation processes as follows: preparing, securing the scene, survey, and recognition, documentation of the scene, communication shielding, collecting volatile evidence, collecting non-volatile evidence, preserving, examining, analyzing, presenting, and reviewing. The model consisted of 12 investigation processes: preparing, securing the scene, documenting the scene, collecting volatile evidence, collecting non-volatile evidence, off-set, analyzing cell site, preserving, examination, analyzing, presenting, and reviewing It showed two main advantages: 1) serving as a benchmark and a reliable reference for those who investigate Smartphones regarding criminal cases, and 2) providing a generalized solution and addressing the challenging issue of digital technological scenarios that are highly vulnerable and change quickly. After identifying the device in hand and doing the preservation techniques (for instance, making sure the device is radio suppressed, which aims at preventing the remote wiping), the initial technique setting up the device in a way to boot a live collection OS from volatile memory (RAM) of the device
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
