Mobile Forensics Process Models

Requirement

Write report about a proposed Smartphone Forensic Process Model.

Solution

Abstract

The paper tries to understand the Smartwatch forensic process model and tries to look into the methodology and operating systems that are being used in the contemporary smartwatches. There are various forensic models such as integrated digital investigation model, generic computer investigation model, smartwatch forensic investigation process model, forensic investigation process model for windows mobile devices, and others. These models have been briefed in the paper and tried to come up with the understanding of the reliable methods that can be successfully -used I the investigations.
The paper has specifically focused on various smartwatch forensic methodologies and models that are used by investigators while making some sense out the device. Moreover, the paper tries to look into the various phases that are imperative for the investigation which begins from the planning phase and institution of concerned team members and then following predefined procedures to collect the proper evidences and analysing the same to reach the intended or non-intended results related to the crime. 
The paper tried to justify the methods that are used the reason behind the use of such method or models for the forensic investigation of the smartwatch. There are various tools and techniques that are used to retrieve the information from the smartwatch for the investigation that have been discussed to some extent to get a clear picture of the study. From the study it can be stated that, following a certain stated process helps in coming up with the requisite solutions. 

Do you find it difficult to write an engineering assignment? Don't worry, allassignmenthelp.com is here to help you. We make perfect electrical assignments and you will get the best grades. Whether you need aerospace engineering assignment help or agriculture engineering assignment help. We can assist you with all assignments.

Introduction

Smart watch is the device that brings the digital amazing device on your wrist. It maintains a persistent connectivity with your mobile device. It runs all the applications and play sorts of digital media with having a full-fledged digital tools and techniques (Lyons, 2016). Digital media which is easily can audit through this device were audio tracks or radio connection via Bluetooth headphones. In this, it also may have a touchscreen sensor which allows the functioning of installed applications on your phone like calculator, thermometer, compass and many more applications.
These watches directly connected with your devices which also not having an internet facility. Just like a smartphone, it covers a range of internet accessibility with the potential capabilities with proper synchronization. Just with the Bluetooth connection, it can connected with your phone and easily operate the calls and messages or social media updates like notifications via smart watch (Marks, 2013). As on 18th march 2014, the company Google comes up with the official announcement with the technology that one can wear it with a new operating system of wearable devices. The updates on smart watch also include the various notifications like from Gmail, Google Calendar, Google now cards, etc. It makes a hand free feature for the generation; this makes one easy to handle the technological devices.

Important features of the device as follows:

  • Notifications: all the notifications of smart phone, will appear on smart watch.

  • Read email or messages: whole of the message will appear on smart watch, in this the user easy to access by replying just through the way of SMS or voice.

  • Browsing: it allows the voice search using smart watch.

  • Camera: this application on smart phone allows the user to view their images through this smart watch.

  • Calendar: all the details of upcoming events will easily display on the screen.

  • Music control: the user can control their music list via smart watch without taking out the phone from the pocket.

  • Fitness tracking: it shows the real time of one’s running time, or heart activity or any other health issues.

  • Map: this display the user’s current position via smart watch. Weather alerts: it shows the weather forecast or information as per the location.

  • Methodology: It includes the various tools and methods which enhance the technology with its advance features:

  • Acquisition: Depicting the digital forensic investigation with the vast evidence on each and every important task with the aim of targeting the appropriate audience. In this, they create the bit by bit investigation of the images with imaging an original data in it in order to verify its functioning and also activate with the proper protection mode.

  • Image analysis: It comprises of cache images, data images, system images. It forecasts the full analysis on its working images in order to make it visible with the proper wordings and the graphics (Lim et al, 2015). It inserts the proper coding of each and every task which helps in formulate the functioning of the data work.

  • Hardware it includes such as: MIPS (Microprocessors without interlocked pipeline stages) it consists of its own set of instructions or the processors. The microprocessors without interlocked pipeline stages run different applications with the support of java software. This processor makes the smart watch more efficient in working. 

  • ARM cortex M: In this, RISC (reduced instruction set computer). It offers the ultra-low chipest wearables. It comprises of M7 series with the powerful consumption and the good performance.

  • ARM Cortex A: this focuses on graphs and central processing unit. But, its poor battery life is the biggest disadvantage.

  • X86: It is Intel x86, but smart watches may use in future wearables.

Operating system
Mediatek's linklt operating system: It operated in 2014, it’s a open source of operating system. The linklt operating system is present a aster system on a chip (soc) with a proper designing. The chip is very much efficient and also is smaller than the smart phone chips. It comprises of advantages like low power consumption, low cost, etc. its battery live up to 4 days with its normal using, but it also possess a disadvantage of poor quality of graphics.
It is also a open source operating system, providing a wide community with the various alternatives for the device. This system of operating based on firefox  operating system. It works through the web based technologies which includes HTML5, Java Script, etc. further planning of the development of the smart watches includes operating system such as Firefox OS, Android, iOS, Windows Phone, etc. this operating system is designed to run the application at a lower value of cost.
Watch os: This represents the Apple watch which is designed to pair with their own products like listed as iOS 8.2 devices; mainly it covers specifications of iPhones. It makes it run an applications on smart phone as well as smart watch itself (Dempsey, 2015). Thus, the Apple watches were expensive in its all fields. But, it offers a good battery life as if compared to other sets of android wearable devices.
Linux- derivative
It derived a linux OS wearables. It supports in a virtual manner with all of its chipsets which includes ARM Cortex M, ARM Cortex A, MIPS, etc. it offers a long lasting good battery life with the proper coding in manufacturing the customized operating system. From Linux, many companies like Android, Tizen and many more steal a code for their own purpose or usage.
Pebble os
It is developed by the Pebble Technology Corporation. It’s a real time operating system which is embedded with OS versions. This makes a easy connection or support with the Android wearables. It also offers a long battery life with more than 6000 applications available on it.
Webos
This is developed by the Palm, their aim is to run on smart phones, but it considers the wearables devices which is developed by the LG, as LG also indulge in making a Android based smart watches. This device is based on web technologies, it offers a SIM like a smart phone to insert in smart watch for functioning of its data.

Literature Review

Nonappearance of solid procedure models to guide Mobile Forensics in the industry.
(Ramabhadran, 2011) expressed that "approach and strategy are to a great degree basic in advanced criminology examinations". Hitherto, there has been more than ten sorts of systematic PC forensic models have been suggested, for example, Process Model, Incident Response Process Model, Law Enforcement Process Model, The Integrated Digital Investigation Mode, The Enhanced Digital Investigation Process Model, Requirement Based Computer Forensics Process, Level Computer Forensics Model, Multi-Dimension Computer Forensics Model, and Multi-Dimension Computer Forensics Model Based on Trust, Computer Forensics Model Based on Dynamic-Collection, Simulation Analysis of Forensics Model, and Model of Digital Data Forensics Based on Trusted Probability. 

Each of the above models has its solid and feeble point as far as how it states and resolves the diverse issues it faces. Hitherto, analysts have not discovered a model that can tackle all issues relating to digital forensic investigations, so research about digital investigation are as yet still classed as ongoing (Yongquan Wang and Lee. 2013). 
Furthermore, discoveries by (Scholtz, 2012) in his master degree' hypothesis demonstrate that the field of Digital criminology is missing affirmed and tried strategies to help in the examination process. In his examination, he underlines the earnestness to institutionalize procedures, to guarantee demonstrated and reliable results while leading crime scene in mobile investigation.

  • The Integrated Digital Investigation Model as proposed by (Carrier and Spafford, 2003)

  • Generic Computer Investigation Model proposed by (Yunus et al., 2011)

  • Smartwatch Forensic Investigation Process Model as proposed by (Archit et al., 2012)

  • Forensic Investigation Process Model for Windows Mobile Devices as Proposed by (Anup, 2011)

  • Symbian Smartwatch Process Model as Proposed by (Xian, 2009)

  • The Forensic Process Model

  • The Abstract Digital Forensic Model

  • Digital Forensic Research Workshop 2001

  • Systematic Digital Forensic Investigation Model 

Investigation process

There are only a few recommended and proposed research models available, however it would be very much an overwhelming activity to survey every one of these in depth. The models addressed in this report all follow a sequential process.  The goal is to distinguish and extricate the stages in the research models as opposed to selecting which model is the best.
Digital Forensics  Research  Workshop (DFRWS) Investigative Model (2001)
In  2001,  the first  Digital  Forensics  Research  Workshop  (DFRWS)  suggested  a  broad purpose digital forensics investigation process encompassing 6 phases (G. Palmer, 2001).

Figure 1: DFRWS Investigative Model

The DFRWS Investigative model began with an Identification stage, in which profile discovery, framework observing, review examination, and so forth, were performed. It is instantly trailed by the Preservation stage, including assignments, for example, setting up an appropriate case administration and guaranteeing an adequate chain of care. This stage is pivotal in order to guarantee that the information gathered is free from defilement. The following stage is known as Collection, in which significant information is being gathered in light of the affirmed routines using different recuperation strategies. Taking after this stage are two vital stages, in particular, Examination stage and Analysis stage. In these two stages, errands, for example, proof following, confirmation acceptance, recuperation of concealed/encoded information, information mining, course of events, and so on, were performed. The last stage is Presentation. Errands identified with this stage are documentation, master confirmation, and so on.

Abstract Digital Forensics Model (ADFM)

Enlivened by DFRWS investigative model, Reith, Carr and Gunsch (2002), suggested an improved model known as Abstract Digital Forensic Model. In this model, the creator presented three extra stages, therefore increasing the quantity of stages to nine.

The 3 important stages presented in this model were Preparation, Approach Strategy and Returning Evidence. In Preparation stage, actions such as, making apparatus, distinguishing methods and getting organisation backing, are carried out. The approach Strategy is accustomed with the target which strengthens the procurement of uncorrupted confirmation and therefore minimizes any contrary effect to the victim and encompassing individuals.  At the Returning of Evidence stage, specifically guarantees that evidence is securely returned to the legitimate proprietor or appropriately arrange.
The first stage in ADFM is the Identification stage, whereby the undertaking to perceive and decide which type of occurrence is performed. Once the occurrence is discovered, the following stage, Preparation, is directed, and trailed by the Approach Strategy stage. Physical and computerized information gained must be appropriately confined, secured and safeguarded. There is additionally a need to pay consideration on an appropriate chain of guardianship. These errands are performed under Preservation stage. The Collection stage involves information extraction and duplication. Distinguishing the proof, finding the potential confirmation from the information gathered and utilizing a methodical methodology are directed in the Examination stage. The errand of decision making of the vast majority of evidence and reaching a resolution, taking into account the verification which under takes place in the Analysis stage. In the accompanying stage, Presentation stage, the discoveries are outlined and exhibited. The examination procedures is finished with the completing of Returning Evidence stage.  Angelopoulou and Vidalis in 2013 explain that the need for this model can be seen an institutionalized procedure that encompasses all types of e-crime.
Integrated Digital Investigation Process (IDIP)
This examination procedure was proposed by Carrier and Spafford in 2003, with the aim to join the different accessible investigative procedures into one incorporated model. The creators present the idea of an advanced crime which suggests the virtual environment where the crime was committed using programming or digital equipment to be proof of an offense.

Place Order For A Top Grade Assignment Now

We have some amazing discount offers running for the students

Place Your Order

 
Figure 3: Integrated Digital Investigation Process

The procedure begins with a stage that requires the physical and operational foundation to be prepared to sustain any future examination. In this Readiness stage, the types of kit must be ever prepared and the faculty must be fit to utilize it adequately. This stage is without a doubt a continuous stage all through the lifecycle of an association. It comprises of 2 sub-stages in particular, Operation Readiness and Infrastructure Readiness. Instantly taking after the Readiness stage, is Deployment stage, which gives a method for an occurrence to be identified and affirmed. The two sub-stages are further presented, in particular, Detection and Notification and Confirmation and Authorization. Gathering and dissecting physical confirmation are done in Physical Crime Scene Investigation stage. The sub-stages presented are Preservation, Survey, Documentation, Search and Collection, Reconstruction and Presentation. Advanced Crime Scene Investigation is like Physical Crime Scene Investigation with exemption that it is presently concentrating on the computerized proof in computerized environment. The last stage is Review stage. These entire examination procedures are investigated to distinguish ranges of change that may bring about new strategies or new preparing prerequisites.

Enhanced Digital Investigation Process Model (EDIP)

As the name suggests, this investigative model depends on the past model, Integrated Digital Investigation Process (IDIP), as proposed via Carrier and Spafford. The Enhanced Digital Investigation Process Model, otherwise called EDIP presents one noteworthy stage known as Traceback stage. This is to empower the examiner to follow back the distance to the genuine gadgets/PC utilized by the criminal to perform the wrong doing.

The examination procedure began with Readiness stage and the assignments performed are the same as in IDIP. The second stage, Deployment stage, gives a system to an occurrence to be distinguished and affirmed. It comprises of 5 sub-stages to be specific Detection and Notification, Physical Crime Scene Investigation, Digital Crime Scene Investigation, Confirmation and lastly, Submision. Not at all like DIP, has this stage incorporated both physical and advanced wrongdoing scene examinations and presentation of discoveries to lawful elements (by means of Submission stage). In Trackback stage, finding the source wrongdoing scene, including the gadgets and area is the primary target. It is bolstered by two sub-stages specifically, Digital Crime Scene Investigation and Authorization (getting endorsement to perform examination and getting to data). Taking after Traceback stage is Dynamite stage. In this stage, examination are directed at the essential wrongdoing scene, with the reason for recognizing the potential culprit(s). Comprise of 4 sub-stages, in particular, Physical Crime Scene Investigation, Digital Crime Scene Investigation, Reconstruction and Communication. In Reconstruction sub-stage, bits of data gathered are assembled in order to build to conceivable occasions that could have happened. The Communication sub-stage is like the past Submission stage. The examination procedure finished with Readiness stage and the assignments performed are the same as in IDIP.

Generic Computer Investigation Model 

The non specific PC measurable examination model (GCFIM) (Yunus et al., 2011) is recorded as a standout amongst the latest PC criminology models. Its genesis is profoundly credited to an investigation and change of past existing models. The model recognizes the normal and shared procedures among the past models and coordinates them to shape a non specific procedure model. It is described by 5 stages as show underneath

Computer digital forensic process models 

Insinuating the writing above, it is apparent that a large portion of the procedure models today are PC computerized criminological procedure models with only a couple cell phone models. Once more, even the current cell phones procedure models are not generalizable to a degree of taking care of any wrongdoing prompted by a cell phone either as the objective or as an empowering gadget. Then again, because of the way of the cell telephone as far as where the information is put away and the and the dynamic document frameworks the cell phones exposed require best in class procedure models which have ability to help and address versatile scientific examination in the new era cell phones. Additionally, the fast innovative headway that are going on every day in the cell phone telephones industry require consistent audit of the officially distributed models to cook for the adjustments in the gadget structure keeping in mind the end goal to keep up tenable examinations.

Mobile Forensics Process Models 

There exist few studies that have been directed in the field of versatile measurable. Once more, the greater part of the models are working framework and seller subordinate. Among them incorporates Smartwatch Forensic Investigation Process Model (Archit et al., 2012), Forensic Investigation Process Model for Windows cell phones (Anup, 2011) and Process model for legal examination of Symbian cell phones (Xian et al., 2009).

To be continued..

Get Quality Assignment Without Paying Upfront

Hire World's #1 Assignment Help Company

Place Your Order