A Forensically Sound Adversary Model for Mobile Devices
This work addresses the need for adaptable forensic tools for mobile devices, but it is incremental as it builds on existing forensic principles with a specific focus on Android.
The paper tackled the problem of forensic investigations on mobile devices by proposing an adversary model that integrates forensic soundness constraints, and demonstrated its effectiveness by successfully extracting forensic information from six popular cloud apps on Android devices.
In this paper, we propose an adversary model to facilitate forensic investigations of mobile devices (e.g. Android, iOS and Windows smartphones) that can be readily adapted to the latest mobile device technologies. This is essential given the ongoing and rapidly changing nature of mobile device technologies. An integral principle and significant constraint upon forensic practitioners is that of forensic soundness. Our adversary model specifically considers and integrates the constraints of forensic soundness on the adversary, in our case, a forensic practitioner. One construction of the adversary model is an evidence collection and analysis methodology for Android devices. Using the methodology with six popular cloud apps, we were successful in extracting various information of forensic interest in both the external and internal storage of the mobile device.