Abstract
The widespread use and rich functionality of smartphones have made them valuable sources of digital evidence. Malicious individuals are becoming aware of the importance of digital evidence found on smartphones and may be interested in deploying anti-forensic techniques to alter evidence and thwart investigations. It is, therefore, important to establish the authenticity of smartphone evidence.
This chapter focuses on digital evidence found on smartphones that has been created by smartphone applications and the techniques that can be used to establish the authenticity of the evidence. In order to establish the authenticity of the evidence, a better understanding of the normal or expected behavior of smartphone applications is required. This chapter introduces a new reference architecture for smartphone applications that models the components and the expected behavior of applications. Seven theories of normality are derived from the reference architecture that enable digital forensic professionals to evaluate the authenticity of smartphone evidence. An experiment conducted to examine the validity of the theories of normality indicates that the theories can assist forensic professionals in identifying authentic smartphone evidence.
Chapter PDF
Similar content being viewed by others
References
Al-Hadadi, M., AlShidhani, A.: Smartphone forensics analysis: A case study. International Journal of Computer and Electrical Engineering 5(6), 576–580 (2013)
Android Developers, SmsManager (2015). developer.android.com/reference/android/telephony/SmsManager.html
Android Developers, Storage Options (2016). developer.android.com/guide/topics/data/data-storage.html
Bader, M., Baggili, I.: iPhone 3GS forensics: Logical analysis using Apple iTunes Backup Utility. Small Scale Digital Device Forensics Journal 4(1) (2010)
Casey, E.: Digital Evidence and Computer Crime: Forensic Science, Computers and the Internet. Academic Press, Waltham (2011)
Cohen, F.: Digital Forensic Evidence Examination. Fred Cohen & Associates, Livermore (2009)
Curran, K., Robinson, A., Peacocke, S., Cassidy, S.: Mobile phone forensic analysis. In: Li, C., Ho, A. (eds.) Crime Prevention Technologies and Applications for Advancing Criminal Investigations. IGI Global, Hershey, Pennsylvania, pp. 250–262 (2012)
Eixelsberger, W., Ogris, M., Gall, H., Bellay, B.: Software architecture recovery of a program family. In: Proceedings of the Twentieth International Conference on Software Engineering, pp. 508–511 (1998)
Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of the Sixteenth ACM Conference on Computer and Communications Security, pp. 235–245 (2009)
Freiling, F., Spreitzenbarth, M., Schmitt, S.: Forensic analysis of smartphones: the Android Data Extractor Lite (ADEL). In: Proceedings of the ADFSL Conference on Digital Forensics, Security and Law, pp. 151–160 (2011)
Garfinkel, S.: Anti-forensics: techniques, detection and countermeasures. In: Proceedings of the Second International Conference on i-Warfare and Security, pp. 77–84 (2007)
Goadrich, M., Rogers, M.: Smart smartphone development: iOS versus Android. In: Proceedings of the Forty-Second ACM Technical Symposium on Computer Science Education, pp. 607–612 (2011)
Govindaraj, J., Verma, R., Mata, R., Gupta, G.: iSecureRing: Forensic-ready secure iOS apps for jailbroken iPhones. Poster paper presented at the IEEE Symposium on Security and Privacy (2014)
Grosskurth, A., Godfrey, M.: A reference architecture for web browsers. In: Proceedings of the Twenty-First IEEE International Conference on Software Maintenance, pp. 661–664 (2005)
Hannon, M.: An increasingly important requirement: Authentication of digital evidence. Journal of the Missouri Bar 70(6), 314–323 (2014)
Harris, R.: Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem. Digital Investigation 3(S), S44–S49 (2006)
Hassan, A., Holt, R.: A reference architecture for web servers. In: Proceedings of the Seventh Working Conference on Reverse Engineering, pp. 150–159 (2000)
International Data Corporation Research, Smartphone Growth Expected to Drop to Single Digits in 2016, Led by China’s Transition from Developing to Mature Market, According to IDC. Press Release, Framingham, Massachusetts, March 3, 2016
Iulia-Maria, T., Ciocarlie, H.: Best practices in iPhone programming: model-view-controller architecture – carousel component development. In: Proceedings of the International Conference on Computer as a Tool (2011)
Jacobs, B.: iOS from Scratch with Swift: Data Persistence and Sandboxing on iOS, Envato Tuts+, December 25, 2015. code.tutsplus.com/tutorials/ios-from-scratch-with-swift-data-persistence-and-sandboxing-on-ios-cms-25505
Joorabchi, M., Mesbah, A.: Reverse engineering iOS mobile applications. In: Proceedings of the Nineteenth Working Conference on Reverse Engineering, pp. 177–186 (2012)
Kubi, A., Saleem, S., Popov, O.: Evaluation of some tools for extracting e-evidence from mobile devices. In: Proceedings of the Fifth International Conference on the Application of Information and Communication Technologies (2011)
Lessard, J., Kessler, G.: Android forensics: Simplifying cell phone examinations. Small Scale Digital Device Forensics Journal 4(1) (2010)
Losavio, M.: Non-technical manipulation of digital data. In: Pollitt, M., Shenoi, S. (eds.) DigitalForensics 2005. ITIFIP, vol. 194, pp. 51–63. Springer, Boston (2006). doi:10.1007/0-387-31163-7_5
Miller, C.: Mobile attacks and defense. IEEE Security and Privacy 9(4), 68–70 (2011)
Pieterse, H., Olivier, M., van Heerden, R.: Playing hide-and-seek: detecting the manipulation of android timestamps. In: Proceedings of the Information Security for South Africa Conference (2015)
Pieterse, H., Olivier, M., van Heerden, R.: Reference architecture for Android applications to support the detection of manipulated evidence. SAIEE Africa Research Journal 107(2), 92–103 (2016)
Prasad, A.: Android to rule smartphone market with 85% share in 2020 says IDC report, International Business Times, March 5, 2016
Sporea, I., Aziz, B., McIntyre, Z.: On the availability of anti-forensic tools for smartphones. International Journal of Security 6(4), 58–64 (2012)
Thomson, L.: Mobile devices: New challenges for admissibility of electronic evidence. Scitech Lawyer 9(3) (2013)
Verma, R., Govindaraj, J., Gupta, G.: Preserving dates and timestamps for incident handling in android smartphones. In: Peterson, G., Shenoi, S. (eds.) DigitalForensics 2014. IAICT, vol. 433, pp. 209–225. Springer, Heidelberg (2014). doi:10.1007/978-3-662-44952-3_14
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 IFIP International Federation for Information Processing
About this paper
Cite this paper
Pieterse, H., Olivier, M., van Heerden, R. (2017). Evaluating the Authenticity of Smartphone Evidence. In: Peterson, G., Shenoi, S. (eds) Advances in Digital Forensics XIII. DigitalForensics 2017. IFIP Advances in Information and Communication Technology, vol 511. Springer, Cham. https://doi.org/10.1007/978-3-319-67208-3_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-67208-3_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-67207-6
Online ISBN: 978-3-319-67208-3
eBook Packages: Computer ScienceComputer Science (R0)