Forensic data acquisition from cloud-of-things devices: windows Smartphones as a case study

被引:28
作者
Cahyani, Niken Dwi Wahyu [1 ,2 ]
Martini, Ben [1 ]
Choo, Kim-Kwang Raymond [1 ]
Al-Azhar, A. K. B. P. Muhammad Nuh [3 ]
机构
[1] Univ South Australia, Informat Assurance Res Grp, Adelaide, SA, Australia
[2] Telkom Univ, Informat Dept, Bandung, Indonesia
[3] Police Forens Lab Ctr, Comp Forens Lab, Jakarta, Indonesia
关键词
cloud-of-things forensics; data acquisition; windows device forensics; mobile forensic tool; digital evidence;
D O I
10.1002/cpe.3855
中图分类号
TP31 [计算机软件];
学科分类号
081205 [计算机软件];
摘要
The continued amalgamation of cloud technologies into all aspects of our daily lives and the technologies we use (i.e. cloud-of-things) creates business opportunities, security and privacy risks, and investigative challenges (in the event of a cybersecurity incident). This study examines the extent to which data acquisition from Windows phone, a common cloud-of-thing device, is supported by three popular mobile forensics tools. The effect of device settings modification (i.e. enabling screen lock and device reset operations) and alternative acquisition processes (i.e. individual and combined acquisition) on the extraction results are also examined. Our results show that current mobile forensic tool support for Windows Phone 8 remains limited. The results also showed that logical acquisition support was more complete in comparison to physical acquisition support. In one example, the tool was able to complete a physical acquisition of a Nokia Lumia 625, but its deleted contacts and SMSs could not be recovered/extracted. In addition we found that separate acquisition is needed for device removable media to maximize acquisition results, particularly when trying to recover deleted data. Furthermore, enabling flight-mode and disabling location services are highly recommended to eliminate the potential for data alteration during the acquisition process. These results should provide practitioners with an overview of the current capability of mobile forensic tools and the challenges in successfully extracting evidence from the Windows phone platform. Copyright (C) 2016 John Wiley & Sons, Ltd.
引用
收藏
页数:16
相关论文
共 29 条
[1]
Forensic-by-Design Framework for Cyber-Physical Cloud Systems [J].
Ab Rahman, Nurul Hidayah ;
Glisson, William Bradley ;
Yang, Yanjiang ;
Choo, Kim-Kwang Raymond .
IEEE CLOUD COMPUTING, 2016, 3 (01) :50-59
[2]
[Anonymous], 2014, NIST SPECIAL PUBLICA, P800
[3]
Android mobile VoIP apps: a survey and examination of their security and privacy [J].
Azfar, Abdullah ;
Choo, Kim-Kwang Raymond ;
Liu, Lin .
ELECTRONIC COMMERCE RESEARCH, 2016, 16 (01) :73-111
[4]
Forensic imaging of embedded systems using JTAG (boundary-scan) [J].
Breeuwsma, MF .
DIGITAL INVESTIGATION, 2006, 3 (01) :32-42
[5]
Windows Mobile LiveSD Forensics [J].
Canlar, Eyup S. ;
Conti, Mauro ;
Crispo, Bruno ;
Di Pietro, Roberto .
JOURNAL OF NETWORK AND COMPUTER APPLICATIONS, 2013, 36 (02) :677-684
[6]
Casadei F., 2006, INT J DIGIT EVIDENCE, V5, P1
[7]
Casey E, 2011, DIGITAL EVIDENCE COM, P2
[8]
Introduction to Windows Mobile Forensics [J].
Casey, Eoghan ;
Bann, Michael ;
Doyle, John .
DIGITAL INVESTIGATION, 2010, 6 (3-4) :136-146
[9]
The cyber threat landscape: Challenges and future research directions [J].
Choo, Kim-Kwang Raymond .
COMPUTERS & SECURITY, 2011, 30 (08) :719-731
[10]
Organised crime groups in cyberspace: a typology [J].
Choo, Kim-Kwang Raymond .
TRENDS IN ORGANIZED CRIME, 2008, 11 (03) :270-295