Comparative analysis of commercial and open source mobile device forensic tools

Abstract

With forensics playing such a crucial role in today's data-driven world, this paper addresses the need to explore the different mobile device forensic tools available. Open Source and Commercial tools are two domains in close contention, with contrasting considerations such as accessibility and security. This paper aims at performing a comparative analysis of the various commercial and open source mobile device forensic tools, with respect to predefined software parameters and by employing a cross-device and test-driven approach. The test scenarios are structured to assess whether the selected tools possess the capabilities of a holistic one, while responding to threats and scenarios pertaining to the digital realm. The Commercial Tools under consideration are MOBILedit! Forensic (including Phone Forensics Express) and Cellebrite's UFED Physical Analyzer, while the Open Source Tools are — The Sleuth Kit (including Autopsy) and SANS SIFT. The result of this paper is a comparison matrix, which could help in identifying the best-fit solution as per the need of the investigation. It could also indicate the degree to which open source tools are comparable to (or better than) their commercial counterparts, and answer questions like — Can open source tools be a suitable replacement for the proprietary tools? Can this in reality, be a feasible shift for the forensic industry?