Abstract
Mobile forensics is an exciting new field of research. An increasing number of Open source and commercial digital forensics tools are focusing on less time during digital forensic examination. There is a major issue affecting some mobile forensic tools that allow the tools to spend much time during the forensic examination. It is caused by implementation of poor file searching algorithms by some forensic tool developers. This research is focusing on reducing the time taken to search for a file by proposing a novel, multi-pattern signature matching algorithm called M-Aho-Corasick which is adapted from the original Aho-Corasick algorithm. Experiments are conducted on five different datasets which one of the data sets is obtained from Digital Forensic Research Workshop (DFRWS 2010). Comparisons are made between M-Aho-Corasick using M_Triage with Dec0de, Lifter, XRY, and Xaver. The result shows that M-Aho-Corasick using M_Triage has reduced the searching time by 75% as compared to Dec0de, 36% as compared to Lifter, 28% as compared to XRY, and 71% as compared to Xaver. Thus, M-Aho-Corasick using M_Triage tool is more efficient than Dec0de, Lifter, XRY, and Xaver in avoiding the extraction of high number of false positive results.
Highlights
In the last few decades, Digital forensic (DF) plays a paramount part not entirely in availing in cracking cases against mobile phone malefactions like drug dealing, child trafficking, and arms trade
The once extracted using JTAG are chosen as the input to validate the output of the proposed technique. Due to this flexibility of recovering any leads that might connect Monsieur Victor [8] to other individuals, companies, or bank accounts that are involved in his international arms business, valid addressbook, call logs, SMS, images and videos, parameters are considered in this experiment as data of interest to validate M_Triage tool
A dataset from DFRWS 2010 and another four dataset are used for the experiment
Summary
In the last few decades, Digital forensic (DF) plays a paramount part not entirely in availing in cracking cases against mobile phone malefactions like drug dealing, child trafficking, and arms trade. In this paper a new technique called images and videos signature pattern matching using M-Aho-Corasick is proposed to efficiently search for images and videos file from damaged mobile phone using M_Triage tool. One of the main components in M_Triage tool that efficiently search for images and videos utilizing multi-pattern signature matching is the M-Aho-Corasick algorithm. The algorithm is habituated and modified from the pristine algorithm kenned as Aho-Corasick, where the failure links function is abstracted and superseded with a signature database which contains all the pattern and file structure that pertains to investigator stored in it [3]. During the probing in M-Aho-Corasick algorithm, a file pattern like JPEG, 3gp and MP4 are probing by building their signature database, followed by building the block tree and integrating pattern ID’s into the tree utilizing automation. The algorithm transmuted the probing method with respect to the failure fewer transitions
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
