Quantifying Relevance of Mobile Digital Evidence as They Relate to Case Types: A Survey and a Guide for Best Practices

Authors

Shahzad Saleem, National University of Science and Technology, Islamabad
Ibrahim Baggili, University of New HavenFollow
Oliver Popov, Stockholm University

Author URLs

Professor Baggili's faculty profile

Professor Baggili's web page

Document Type

Article

Publication Date

2014

Subject: LCSH

Cyber forensics, Computer forensics, Mobile device forensics

Disciplines

Computer Engineering | Computer Sciences | Electrical and Computer Engineering | Forensic Science and Technology | Information Security

Abstract

In this work, a survey was conducted to help quantify the relevance of nineteen types of evidence (such as SMS) to seven types of digital investigations associated with mobile devices (MD) (such as child pornography). 97 % of the respondents agreed that every type of digital evidence has a different level of relevance to further or solve a particular investigation. From 55 serious participants, a data set of 5,772 responses regarding the relevance of nineteen types of digital evidence for all the seven types of digital investigations was obtained. The results showed that (i) SMS belongs to the most relevant type of digital evidence for all the seven types of investigations, (ii) MMS belongs to the most relevant type of digital evidence for all the types of digital investigations except espionage and eavesdropping where it is the second most relevant type of digital evidence, (iii) Phonebook and Contacts is the most relevant type of digital evidence for all types of digital investigations except child pornography, (iv) Audio Calls is the most relevant type of digital evidence for all types of digital investigations except credit card fraud and child pornography and (v) Standalone Files are the least relevant type of digital evidence for most of the digital investigations. The size of the response data set was fairly reasonable to analyze and then define; by generalization, relevance based best practices for mobile device forensics, which can supplement any forensics process model, including digital triage. For the reliability of these best practices, the impact of responses from the participants with more than five years of experience was analyzed by using one hundred and thirty three (133) instances of One-Way ANOVA tests. The results of this research can help investigators concentrate on the relevant types of digital evidence when investigating a specific case, consequently saving time and effort.

Comments

Creative Commons License This work is licensed under a Creative Commons Attribution 4.0 International License. http://creativecommons.org/licenses/by/4.0/

(c) 2006-2015 Association of Digital Forensics, Security and Law

Dr. Baggili was appointed to the University of New Haven's Elder Family Endowed Chair in 2015.

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Repository Citation

Saleem, Shahzad; Baggili, Ibrahim; and Popov, Oliver, "Quantifying Relevance of Mobile Digital Evidence as They Relate to Case Types: A Survey and a Guide for Best Practices" (2014). Electrical & Computer Engineering and Computer Science Faculty Publications. 10.
https://digitalcommons.newhaven.edu/electricalcomputerengineering-facpubs/10

Publisher Citation

Saleem, S., Baggili, I., & Popov, O. (2014). Quantifying relevance of mobile digital evidence as they relate to case types: A survey and a guide for best practices. Journal of Digital Forensics, Security and Law, 9(3), 19-50.