Abstract
Aside from the primary objective of finding potential digital evidence, preserving the integrity of the evidence and maintaining proper chain of custody are also equal priorities for an investigator to ensure admissibility of evidence in the court of law. Advanced mobile forensic techniques pose a serious challenge in achieving the latter due to the complexity of the process and possibility of alteration in the state of the device during data acquisition. Hence efforts are made to understand the critical issues faced by the investigators while employing advanced mobile forensic techniques, which may be invasive or destructive. A standardised investigative process is presented in this paper which may act as a guide to investigators, prosecutors and judicial officers dealing with digital evidence in India.
Similar content being viewed by others
References
Afonin, Oleg, and Vladimir Katalov. 2016. Mobile forensics—Advanced investigative strategies. Birmingham: Packt Publications.
All Answers Ltd. 2018. Investigation of JTAG and ISP techniques for forensic procedures. https://ukdiss.com/examples/jtag-and-isp-techniques-forensic-procedures.php?vref=1. Accessed 26 Dec 2020.
Ayers, R., W. Jansen, L. Moenner, and A. Delaitre. 2007. Cell phone forensic tools: An overview and analysis update. NIST Interagency/Internal Report (NISTIR) 7387. https://doi.org/10.6028/NIST.IR.7387.
Bair, John. 2018a. eMMC reading and in-system programming. In Seeking the truth from mobile evidence, ed. John Bair, 457–478. Cambridge: Academic. https://doi.org/10.1016/B978-0-12-811056-0.00030-3.
Bair, John. 2018b. The legal process. In Seeking the truth from mobile evidence, ed. John Bair, 41–54. Cambridge: Academic. https://doi.org/10.1016/B978-0-12-811056-0.00004-2.
Barmpatsalou, K., T. Cruz, E. Monteiro, and P. Simoes. 2018. Current and future trends in mobile device forensics: A survey. ACM Computing Surveys 51 (3): 1–31. https://doi.org/10.1145/3177847.
Beebe, Nicole Lang, and Jan Guynes Clark. 2005. A hierarchical, objectives-based framework for the digital investigations process. Digital Investigation 2 (2): 147–167. https://doi.org/10.1016/j.diin.2005.04.002.
Breeuwsma, M.F. 2006. Forensic imaging of embedded systems using JTAG (boundary-scan). Digital Investigation 3 (1): 32–42. https://doi.org/10.1016/j.diin.2006.01.003.
Breeuwsma, M., M. de-Jongh, C. Klaver, R. Van-der-Knijff, and M. Roeloffs. 2007. Forensic data recovery from flash memory. Small Scale Digital Device Forensics Journal 1 (1): 1–17.
Carrier, Brian D., and Eugene H. Spafford. 2003. Getting physical with the digital investigation process. International Journal of Digital Evidence 2 (2): 1–20.
Casey, Eoghan. 2011. Digital evidence and computer crime: Forensic science, computers and the Internet, 3rd ed., 187–196. Waltham: Academic.
Chanajitt, Rajchada, Wantanee Viriyasitavat, and Kim-Kwang Raymond. Choo. 2018. Forensic analysis and security assessment of Android m-banking apps. Australian Journal of Forensic Sciences 50 (1): 3–19. https://doi.org/10.1080/00450618.2016.1182589.
Chernyshev, M., S. Zeadally, Z. Baig, and A. Woodward. 2017. Mobile forensics: Advances, challenges, and research opportunities. IEEE Security and Privacy 15 (6): 42–51. https://doi.org/10.1109/MSP.2017.4251107.
Dasgupta, Rhythm Kr. 2020. Mobile forensic: Investigation of dead or damaged smart phone—An overview, tools and technique challenges from law enforcement perspective. Researchgate Journal. https://www.researchgate.net/publication/340939977_Mobile_Forensic_Investigation_of_Dead_or_Damage_Smart_Phone_-An_Overview_Tools_Technique_Challenges_from_Law_Enforcement_Perspective. Accessed 3 Jan 2021.
Distefano, A., G. Me, and F. Pace. 2010. Android anti-forensics through a local paradigm. Digital Investigation 7: S83–S94. https://doi.org/10.1016/j.diin.2010.05.011.
Eden, P., A. Blyth, P. Burnap, Y. Cherdantseva, K. Jones, H. Soulsby, and K. Stoddart. 2016. Forensic readiness for SCADA/ICS incident response. In Proceedings of the 4th international symposium for ICS and SCADA cyber security research 2016, 142–150. https://doi.org/10.14236/ewic/ICS2016.16.
Eijk, Onno Van, and Mark Roeloffs. 2010. Forensic acquisition and analysis of the random access memory of TomTom GPS navigation systems. Digital Investigation 6 (3–4): 179–188. https://doi.org/10.1016/j.diin.2010.02.005.
Embedded. 2002. Introduction to JTAG. https://www.embedded.com/introduction-to-jtag/. Accessed 26 Dec 2020.
Fukami, Aya, and Kazuhiro Nishimura. 2019. Forensic analysis of water damaged mobile devices. In Proceedings of the nineteenth annual DFRWS USA. Digital Investigation 29: S71–S79.
Guri, M., Y. Poliak, B. Shapira, and Y. Elovici. 2015. JoKER: Trusted detection of kernel rootkits in Android devices via JTAG interface. In IEEE Trustcom/BigDataSE/ISPA, Helsinki, 65–73. https://doi.org/10.1109/Trustcom.2015.358.
Hadgkiss, M., S. Morris, and S. Paget. 2019. Sifting through the ashes: Amazon Fire TV stick acquisition and analysis. Digital Investigation 28: 112–118. https://doi.org/10.1016/j.diin.2019.01.003.
Hazra, Sudip, and Prabhaker Mateti. 2017. Challenges in Android forensics. In Security in computing and communications, ed. S. Thampi, et al., 286–299. Singapore: Springer. https://doi.org/10.1007/978-981-10-6898-0_24.
IEEE Std 1149.1. 2001. IEEE Standard test access port and boundary scan architecture. In IEEE Std 1149.1-2001, 1–212. https://doi.org/10.1109/IEEESTD.2001.92950.
Jansen, Wayne, and Rick Ayers. 2007. Guidelines on cell phone forensics. NIST. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-101.pdf. . Accessed 3 Jan 2021.
Jo, Wooyeon, et al. 2019. Digital forensic practices and methodologies for AI speaker ecosystems. Digital Investigation 29: S80–S93. https://doi.org/10.1016/j.diin.2019.04.013.
Jones, G. Maria, and S. Godfrey Winster. 2017. Forensics analysis on smart phones using mobile forensics tools. International Journal of Computational Intelligence Research 13 (8): 1859–1869.
Karia, Tejas D. 2008. Digital evidence: An Indian perspective. Digital Evidence and Electronic Signature Law Review 5: 214–220.
Kim, K., D. Hong, K. Chung, and J.C. Ryou. 2007. Data acquisition from cell phone using logical approach. Proceedings of World Academy of Science, Engineering and Technology 26: 29–32.
Krishnan, S., B. Zhou, and M.K. An. 2019. Smartphone forensic challenges. International Journal of Computer Science and Security 13 (5): 183–200.
Marturana, F., G. Me, R. Berte, and S. Tacconi. 2011. A quantitative approach to triaging in mobile forensics. In 2011 IEEE 10th international conference on trust, security and privacy in computing and communications, 582–588. https://doi.org/10.1109/TrustCom.2011.75.
McMillan, J.E.R., W.B. Glisson, and M. Bromby. 2013. Investigating the increase in mobile phone evidence in criminal activities. In 2013 46th Hawaii international conference on system sciences, 4900–4909. IEEE. https://doi.org/10.1109/HICSS.2013.366.
Odom, N.R., J.M. Lindmar, J. Hirt, and J. Brunty. 2019. Forensic inspection of sensitive user data and artifacts from smart watch wearable devices. Journal of Forensic Sciences 64: 1673–1686. https://doi.org/10.1111/1556-4029.14109.
Pappas, Stefanos. 2017. Investigation of JTAG and ISP techniques for forensic procedures, 11. Masters’ Thesis, University of Tartu, Tartu. https://comserv.cs.ut.ee/home/files/pappas_cybersecurity_2017.pdf?study=ATILoputoo&reference=BE2138E95B31179324FF14E71176FCDB482D24DD.
Raghav, Shivankar, and Ashish Kumar Saxena. 2009. Mobile forensics: Guidelines and challenges in data preservation and acquisition. In Proceedings of 2009 IEEE student conference on research and development (SCOReD), 5–8. https://doi.org/10.1109/SCORED.2009.5443431.
Ramírez, Sanabria Perla Rocío. 2020. Digital forensics—Guidelines and tools for a digital evidence investigation process: A case study for a business data leak, 14–15. Thesis for Bachelor of Engineering, Information and Communications Technology, Turku University of Applied Sciences.
Reddy, Niranjan. 2019. Practical cyber forensics: An incident-based approach to forensic investigations. New York: Apress Publishers.
Ryser, E., H. Spichiger, and E. Casey. 2020. Structured decision making in investigations involving digital and multimedia evidence. Forensic Science International: Digital Investigation 34: 301015. https://doi.org/10.1016/j.fsidi.2020.301015.
Servida, Francesco, and Eoghan Casey. 2019. IoT forensic challenges and opportunities for digital traces. Digital Investigation 28: S22–S29. https://doi.org/10.1016/j.diin.2019.01.012.
Silveira, C.M., et al. 2020. Methodology for forensics data reconstruction on mobile devices with Android operating system applying in-system programming and combination firmware. Applied Sciences 10 (12): 4231. https://doi.org/10.3390/app10124231.
Son, N., Y. Lee, D. Kim, J.I. James, S. Lee, and K. Lee. 2013. A study of user data integrity during acquisition of android devices. Digital Investigation 10: S3–S11. https://doi.org/10.1016/j.diin.2013.06.001.
Stahl, B., M. Carroll-Mayer, D. Elizondo, K. Wakunma, and Y. Zheng. 2012. Intelligence techniques in computer security and forensics: At the boundaries of ethics and law. Computational Intelligence for Privacy and Security 394: 237–258.
StatCounter. 2020. Desktop vs. mobile vs. tablet market share worldwide. https://gs.statcounter.com/platform-market-share/desktop-mobile-tablet. Accessed 26 Dec 2020.
Tamma, R., O. Skulkin, H. Mahalik, and S. Bommisetty. 2018. Practical mobile forensics, 10. Birmingham: Packt Publishing Ltd.
Tassone, C., B. Martini, K.K.R. Choo, and J. Slay. 2013. Mobile device forensics: A snapshot. Trends and Issues in Crime and Criminal Justice 460: 1–7.
Umale, M.N., A.B. Deshmukh, and M.D. Tambhakhe. 2014. Mobile phone forensics challenges and tools classification: A review. International Journal on Recent and Innovation Trends in Computing and Communication 2 (3): 622–626. https://doi.org/10.17762/ijritcc.v2i3.3022.
Yakovlev, A.N., and A.S. Danilova. 2018. JTAG and chip-off technologies in computer forensics. Theory and Practice of Forensic Science 13 (3): 109–115. https://doi.org/10.30764/1819-2785-2018-13-3-109-115.
Funding
This study was not funded by any agency or institution. Both first and second authors have not received any kind of financial assistance for the study and preparation of this paper.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
On behalf of all authors, the corresponding author states that there is no conflict of interest.
Ethical approval
This paper does not contain any studies with human participants or animals performed by any of the authors. The study complies all other ethical standards.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Glossary
- Chain of custody
-
The chronological documentation showing the seizure, custody, control, transfer, analysis and disposition of evidence.
- Desoldering
-
A process of removal of solder and components from a circuit board. The reverse process of soldering is desoldering.
- Destructive mobile forensic technique
-
An advanced mobile forensic technique which not only requires disassembly of the mobile device but separating memory chip from printed circuit board causing irreversible and permanent damage to the smartphone. Such mobile device may no longer function as before.
- Disk forensics
-
A branch of digital forensics dealing with the identification, preservation, examination and analysis of information from digital storage media like hard disks, USB devices, CD, DVD, flash drives, floppy disks, etc.
- Flash box
-
A mobile phone service device mainly used to recover user data from dead or faulty mobile phones. Flash box allows analysts low-level access to phone’s flash memory without installing any software on the device.
- Flash memory
-
An electronic non-volatile and rewritable computer memory storage chip.
- Forensic copy
-
Same as forensic image.
- Forensic imaging
-
A process of making special type of copy of the original electronic evidence, containing all the data found in the original, but encapsulated in a tamper-proof forensic file format.
- Invasive mobile forensic technique
-
An advanced mobile forensic technique which requires disassembly of the mobile device to acquire data, but allows reassembly of device enabling it to function normally.
- Printed circuit board (PCB)
-
A board that has lines and pads that electrically connect various points together. It is the foundational structure of most modern electronic devices.
- Write protection
-
A hardware device or software that allows investigators to examine media while preventing data writes from occurring on the subject media.
Rights and permissions
About this article
Cite this article
Shetty, A.A., Murthy, K.V. Standardisation of investigative process in invasive and destructive techniques of mobile forensics in India. Secur J 35, 1183–1197 (2022). https://doi.org/10.1057/s41284-021-00319-w
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1057/s41284-021-00319-w