Conference Paper

Investigating the Increase in Mobile Phone Evidence in Criminal Activities

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

The magnification of mobile devices in everyday life prompts the idea that these devices will increasingly have evidential value in criminal cases. While this may have been assumed in digital forensics communities, there has been no empirical evidence to support this idea. This research investigates the extent to which mobile phones are being used in criminal proceedings in the United Kingdom thorough the examination of appeal judgments retrieved from the Westlaw, Lexis Nexis and British and Irish Legal Information Institute (BAILII) legal databases. The research identified 537 relevant appeal cases from a dataset of 12,763 criminal cases referring to mobile phones for a period ranging from 1st of January, 2006 to 31st of July, 2011. The empirical analysis indicates that mobile phone evidence is rising over time with some correlations to particular crimes.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... Stuxnet used a Windows rootkit, the first ever PLC rootkit, process injection, and code hooking to damage centrifuges at the Natanz uranium enrichment plant in Iran [7,8]. When coupling this information with the increasing integration of technology into the automotive world [9], the aviation industry [10], critical infrastructure and legal environments [11][12][13][14], it stresses the need to identify methods that will discover rootkits before they can cause damage. ...
... Quadratic discriminant analysis follows a similar method, but is used for heterogeneous variance-covariance matrices [41]. The score functions for Linear (12) and Quadratic (13) Discriminant analysis are as follows: ...
... (3) Power on the Computer and log-in; (4) Open Notepad and type for 5 minutes, then close Notepad; (5) Open MS Paint and draw/type for 5 minutes, then close; (6) Open calculator and perform random calculations for 5 minutes, then close; (7) Open Control Panel and navigate through various files for 5 minutes, then close; (8) Open MS Paint and draw/type for 5 minutes, then close; (9) Open Notepad and type for 5 minutes, then close; (10) Open Word Pad and type for 5 minutes, then close; (11) Open MS Paint and draw/type for 5 minutes, then close; (12) Open Control Panel and navigate through various files for 5 minutes, then close; (13) Open Word Pad and type for 5 minutes, then close; (14) Power off the computer and stop the multimeter from recording. ...
Article
With the increased assimilation of technology into all aspects of everyday life, rootkits pose a credible threat to individuals, corporations, and governments. Using various techniques, rootkits can infect systems and remain undetected for extended periods of time. This threat necessitates the careful consideration of real-time detection solutions. Behavioral detection techniques allow for the identification of rootkits with no previously recorded signatures. This research examines a variety of machine learning algorithms, including Nearest Neighbor, Decision Trees, Neural Networks, and Support Vector Machines, and proposes a behavioral detection method based on low yield CPU power consumption. The method is evaluated on Windows 7, Windows 10, Ubuntu Desktop, and Ubuntu Server operating systems along with employing four different rootkits. Relevant features within the data are calculated and the overall best performing algorithms are identified. A nested neural network is then applied that enables highly accurate data classification. Our results present a viable method of rootkit detection that can operate in real-time with minimal computational and space complexity.
... Stuxnet used a Windows rootkit, the first ever PLC rootkit, process injection, and code hooking to damage centrifuges at the Natanz uranium enrichment plant in Iran [7,8]. When coupling this information with the increasing integration of technology into the automotive world [9], the aviation industry [10], critical infrastructure and legal environments [11][12][13][14], it stresses the need to identify methods that will discover rootkits before they can cause damage. ...
... Quadratic discriminant analysis follows a similar method, but is used for heterogeneous variance-covariance matrices [43]. The score functions for Linear (12) and Quadratic (13) Discriminant analysis are as follows: ...
... (3) Power on the Computer and log-in; (4) Open Notepad and type for 5 minutes, then close Notepad; (5) Open MS Paint and draw/type for 5 minutes, then close; (6) Open calculator and perform random calculations for 5 minutes, then close; (7) Open Control Panel and navigate through various files for 5 minutes, then close; (8) Open MS Paint and draw/type for 5 minutes, then close; (9) Open Notepad and type for 5 minutes, then close; (10) Open Word Pad and type for 5 minutes, then close; (11) Open MS Paint and draw/type for 5 minutes, then close; (12) Open Control Panel and navigate through various files for 5 minutes, then close; (13) Open Word Pad and type for 5 minutes, then close; (14) Power off the computer and stop the multimeter from recording. ...
Article
With the increased assimilation of technology into all aspects of everyday life, rootkits pose a credible threat to individuals, corporations, and governments. Using various techniques, rootkits can infect systems and remain undetected for extended periods of time. This threat necessitates the careful consideration of real-time detection solutions. Behavioral detection techniques allow for the identification of rootkits with no previously recorded signatures. This research examines a variety of machine learning algorithms, including Nearest Neighbor, Decision Trees, Neural Networks, and Support Vector Machines, and proposes a behavioral detection method based on low yield CPU power consumption. The method is evaluated on Windows 7, Windows 10, Ubuntu Desktop, and Ubuntu Server operating systems along with employing four different rootkits. Relevant features within the data are calculated and the overall best performing algorithms are identified. A nested neural network is then applied that enables highly accurate data classification. Our results present a viable method of rootkit detection that can operate in real-time with minimal computational and space complexity.
... This condition shrinks the number of the app's users as it is only accessible for the adherents of the centre. However, it helps to lessen making random and anonym accounts by non-good willing people who may access sensitive details of the users [22]. Thanks to technological advances, the authentication methods are becoming more sophisticated and not easily broken which can crowd out the social and traditional login, still however widely used in the mobile apps. ...
... Donors and centres' locations are displayed on a map that can be visualized and optimized based on the real-time location data of the user to identify the nearest centres or donors. Since GPS services operates with users' personal information, malicious implications as well as privacy and anonymization concerns can be major issues that need to be addressed to prevent the misuse of data [22]. ...
Conference Paper
Unpaid blood donation is a selfless act of citizenship and the usage of gamification elements in blood donation apps can enhance the donors’ experience, especially among youth. This paper analyses the functionalities and explores gamification elements of the existing blood donation apps in the mobile market. A search in Google Play, Apple Apps store, Blackberry App World, and Windows Mobile App store was performed to select 10 gamified BD apps with three duplicates out of 801 pinpointed. The results show that the majority of the blood donation apps selected do not support multiple languages and that the predominant authentication methods are traditional and social logins. Moreover, all the apps were intended for more than one purpose among helping users to find donors and blood centres, track their records and check their eligibility to donate. Most apps installed include notification features and built-in geolocation services to instantly inform the users of donation need in nearby locations. Badges and redeemable points were the most recurrent gamification elements in the blood donation apps selected. There is a need for better incentives in order to not only retain the potential donors but also to recruit non-willing ones.
... Pairing the growing concerns about risk with the impact that residual data appears to have, in legal context, serves to escalate interest in risk mitigation solutions [13][14][15]. Hence, this interest has prompted previous work in databases and proposed frameworks [16,17] for assessing risk. ...
... Base TVA schema[15]. ...
Conference Paper
Full-text available
The prolific integration of technology into medical environments is continuously generating new attack vectors. This continuous amalgamation of technology into the medical field prompted the idea that risk assessment models can be utilized to identify cyber security vulnerabilities in medical settings. This research presents an initial investigation into the application of risk assessment frame works, i.e., STRIDE, Common Vulnerabilities and Exposures, and a Common Vulnerability Scoring System to identified networked medical devices that are currently employed in an operational medical simulation lab. The contribution of this research is twofold and culminates in a novel proof-of-concept system known as MedDevRisk. First, it demonstrates an approach to incorporating existing threat models into a relational database schema based on Threat-Vulnerability-Asset (TVA) relationships. Second, it provides an initial empirical analysis of the risk associated with networked medical devices along with providing the foundation for future research.
... Thus, mobile phone devices contain a great deal of digital evidence for digital investigation processes [12]. The purpose of extracting digital evidence from mobile phone devices is to use it in court proceedings, as these devices are now frequently used in criminal activities [13]. The extracted evidence from mobile phones has played a significant role in forensics investigation in recent years and many murderer convictions have been partly based on evidence gathered from the mobile phones of the perpetrators or their victims [14]. ...
... Additionally, it has been suggested that members of the legal profession need to increase their level of understanding and knowledge of mobile phone forensic terminology, techniques and procedures [13]. Moreover, it has been claimed that a major issue in law enforcement agencies in many countries is the lack of knowledge management [23]. ...
Article
Full-text available
With the rapid development of technology, mobile phones have become an essential tool in terms of crime fighting and criminal investigation. However, many mobile forensics investigators face difficulties with the investigation process in their domain. These difficulties are due to the heavy reliance of the forensics field on knowledge which, although a valuable resource, is scattered and widely dispersed. The wide dispersion of mobile forensics knowledge not only makes investigation difficult for new investigators, resulting in substantial waste of time, but also leads to ambiguity in the concepts and terminologies of the mobile forensics domain. This paper developed an approach for mobile forensics domain based on metamodeling. The developed approach contributes to identify common concepts of mobile forensics through a development of the Mobile Forensics Metamodel (MFM). In addion, it contributes to simplifying the investigation process and enables investigation teams to capture and reuse specialized forensic knowledge, thereby supporting the training and knowledge management activities. Furthermore, it reduces the difficulty and ambiguity in the mobile forensics domain. A validation process was performed to ensure the completeness and correctness of the MFM. The validation was conducted using two techniques for improvements and adjustments to the metamodel. The last version of the adjusted metamodel was named MFM 1.2.
... Thus, mobile phone devices contain a great deal of digital evidence for digital investigation processes [12]. The purpose of extracting digital evidence from mobile phone devices is to use it in court proceedings, as these devices are now frequently used in criminal activities [13]. The extracted evidence from mobile phones has played a significant role in forensics investigation in recent years and many murderer convictions have been partly based on evidence gathered from the mobile phones of the perpetrators or their victims [14]. ...
... Additionally, it has been suggested that members of the legal profession need to increase their level of understanding and knowledge of mobile phone forensic terminology, techniques and procedures [13]. Moreover, it has been claimed that a major issue in law enforcement agencies in many countries is the lack of knowledge management [23]. ...
Article
Full-text available
With the rapid development of technology, mobile phones have become an essential tool in terms of crime fighting and criminal investigation. However, many mobile forensics investigators face difficulties with the investigation process in their domain. These difficulties are due to the heavy reliance of the forensics field on knowledge which, although a valuable resource, is scattered and widely dispersed. The wide dispersion of mobile forensics knowledge not only makes investigation difficult for new investigators, resulting in substantial waste of time, but also leads to ambiguity in the concepts and terminologies of the mobile forensics domain. This paper developed an approach for mobile forensics domain based on metamodeling. The developed approach contributes to identify common concepts of mobile forensics through a development of the Mobile Forensics Metamodel (MFM). In addion, it contributes to simplifying the investigation process and enables investigation teams to capture and reuse specialized forensic knowledge, thereby supporting the training and knowledge management activities. Furthermore, it reduces the difficulty and ambiguity in the mobile forensics domain. A validation process was performed to ensure the completeness and correctness of the MFM. The validation was conducted using two techniques for improvements and adjustments to the metamodel. The last version of the adjusted metamo-del was named MFM 1.2.
... Smartphones have surpassed the ownership level of personal computers and have become a main element of crime scene investigations (Umale, Deshmukh, & Tambhakhe, 2014). McMillan, Glisson, and Bromby (2013) A segment of applications that has gone largely unnoticed by the research community is that of mapping applications. Paralleled with the increase in smartphone adoption as navigation devices has been the decrease in the use of hand-held navigation devices like Garmins (Statista, 2012). ...
... Much of this drop was accredited to the increasing ubiquity of smartphones and the usage of the mapping applications on them replacing Global Positioning System (GPS) devices. McMillan et al. (2013) conducted a survey which found that calls and Short Message Service (SMS) data held the most evidential importance during investigations; however, user and application data were also found to be of high importance. Much of the work in the mobile forensics domain has focused on discovering these types of data on various Operating Systems (Hoog, 2011;Casey, Bann, & Doyle, 2010;Simão, Sícoli, Melo, Deus, & Sousa Júnior, 2011). ...
Article
The use of smartphones as navigation devices has become more prevalent. The ubiquity of hand- held navigation devices such as Garmins or Toms Toms has been falling whereas the ownership of smartphones and their adoption as GPS devices is growing. This work provides a comprehensive study of the most popular smartphone mapping applications, namely Google Maps, Apple Maps, Waze, MapQuest, Bing, and Scout, on both Android and iOS. It details what data was found, where it was found, and how it was acquired for each application. Based on the findings, the work allowed for the construction of a tool capable of parsing the data from all of the aforementioned applications as well as creating maps of the locations attained. It was discovered that much data relating to the user’s navigation history, be it addresses, latitude longitude points, etc., were stored on the user’s device. It was also found that in almost all cases, discerning whether the user had actually traveled to a destination from the mapping application data was not possible.
... Une fois que des numéros d'intérêt sont détectés, des hypothèses peuvent être émises sur l'identité de leur utilisateur, notam-ment par des demandes auprès des opérateurs, des recherches dans les bases de données des polices ou par l'analyse de médias sociaux en ligne par exemple. La trace téléphonique peut également contribuer à localiser l'utilisateur d'un téléphone ou localiser un suspect sur les lieux d'une activité litigieuse, à partir de la position d'une antenne activée par un téléphone dont il serait l'utilisateur, ou par le biais de localisations présentes dans les extractions de son téléphone (Delle Donne et Fortin, 2018 ;McMillan, Glisson et Bromby, 2013). ...
... En 2013, McMillan et ses collaborateurs reportaient déjà que l'apparition de traces téléphoniques dans les jugements de tribunaux était de plus en plus fréquente depuis 2008. Dans cette étude, McMillan et al. (2013) indiquaient que les traces téléphoniques étaient exploitées afin d'établir les relations entre plusieurs individus et de confronter les déplacements du téléphone, par géolocalisation, à la version des faits du suspect. ...
... Voice recognition is one of the biometric authentications that uniquely identify individuals based on their voice behavioral characteristics. Recently, Voice recognition technology is gaining popularity in the forensic field as it plays a valuable part in preventing and solving crimes and terrorism (European Commission, 2018), as most crimes are planned and executed using cell phone calls (McMillan et al., 2013) hence, providing traces of metadata. Metadata integrated with voice recognition technology can help prevent crimes and quickly identify the criminal's location. ...
... The use of mobile phone networks in detecting criminals is acquiring increasing importance in fighting crime and insecurity (Ferrara et al., 2014) and provide evidential value in criminal cases (McMillan et al., 2013) through providing traces in the form of metadata such as cell towers, GPS, and voice to the cell service providers (Newnam, 2013). There are numerous Voice Recognition commercial software solutions that can be integrated into Mobile Service Providers' networks without violating privacy policy. ...
Article
Full-text available
Over the years, insecurity and crime have been significant issues in Nigeria. While the country successfully dealt with the past insecurity challenges conventionally, the government has failed to contain the new insecurity and crime challenges, especially that of the well-known Boko Haram lingering for over a decade now. This is due to various reasons, mainly the use of the same outdated, futile strategy. Several researchers have proposed numerous ways of tackling such insecurity challenges, mostly via a conventional approach; however, very few researchers proposed a more technological approach towards combating the insecurity challenges. In this paper, we discussed some modern technologies and how they can be applied to fight the new insecurities and crimes in Nigeria. We proposed the use of a Central Database as a backbone model serving as a central point of reference for all law enforcement agencies. Various modern technologies such as Facial recognition surveillance, Automatic plate number recognition, GIS and Crime Mapping, and Voice recognition are proposed to be integrated and used to identify and predict criminal activities, thus, mitigating the nation's prolonged insecurity and terrorism vulnerabilities.
... For example, storing and subsequently sampling from a large number of dynamic, online communities that form on social networks such as Twitter, Flickr, etc. ([3], [4], [5]), that could help advertisers determine where to target their products. Or storing and retrieving all call records associated with specific locations in crime-related investigations [6]. We note that other compact structures, such as sketches, have been used as compact storage structures from which samples can later be obtained [7, 8, 9]. ...
... For example, storing and subsequently sampling from a large number of dynamic, online communities that form on social networks such as Twitter, Flickr, etc. ([3],[4],[5]), that could help advertisers determine where to target their products. Or storing and retrieving all call records associated with specific locations in crime-related investigations[6]. We note that other compact structures, such as sketches, have been used as compact storage structures from which samples can later be obtained[7,8,9]. ...
Article
Full-text available
In this paper, we address the problem of sampling from a set and reconstructing a set stored as a Bloom filter. To the best of our knowledge our work is the first to address this question. We introduce a novel hierarchical data structure called BloomSampleTree that helps us design efficient algorithms to extract an almost uniform sample from the set stored in a Bloom filter and also allows us to reconstruct the set efficiently. In the case where the hash functions used in the Bloom filter implementation are partially invertible, in the sense that it is easy to calculate the set of elements that map to a particular hash value, we propose a second, more space-efficient method called HashInvert for the reconstruction. We study the properties of these two methods both analytically as well as experimentally. We provide bounds on run times for both methods and sample quality for the BloomSampleTree based algorithm, and show through an extensive experimental evaluation that our methods are efficient and effective.
... Hoog stated that digital forensic investigators and security engineers have faced difficulties dealing with mobile crimes due to the lack of knowledge management [7]. Members of the legal profession need to increase their level of understanding and knowledge of mobile forensic concepts, terminologies, techniques and procedures [8]. Moreover, the major issues in law enforcement agencies in many countries is the lack of knowledge management in the field of MF [9]. ...
... Recent research by Berman et al. [25] and McMillan et al. [26] indicate that the introduction of GPS and mobile device artefact evidence is escalating and impacting court cases. Hence, the legal relevance, from an evidentiary value perspective, is, generally, based on the ability to locate and extract residual data in a forensically sound manner. ...
Article
Full-text available
Mobile technologies can be, and have been, exploited in terrorist activities. In this paper, we highlight the importance of mobile forensics in the investigation of such activities. Specifically, using a series of controlled experiments on Android and Windows devices, we demonstrate how mobile forensics techniques can be used to recover evidentiary artefacts from client devices. There are three simulation scenarios, namely: (1) information propagation, (2) information concealment and (3) communications. The experiments used three popular cloud apps (Google Drive, Dropbox, and OneDrive), five communication apps (Messenger, WhatsApp, Telegram, Skype and Viber), and two email apps (GMail and Microsoft Outlook). The evidential data was collected and analysed using mobile forensics and network packet analyser tools. The correlation of evidence artefacts would support to infer illegal use of mobile devices. This study also highlights the extent of acquired evidence between Android and Windows devices, in which Android presents more evidentiary value.
... Research by Hoog mentioned that digital forensic investigators and security engineers have face difficulties dealing with mobile phone crimes due to the lack of knowledge [11]. Furthermore, [12] stated that the members of the legal profession need to increase their level of understanding and knowledge of mobile phone forensics terminology, techniques and procedures. In [13] mentioned that the major issues in law enforcement agencies in many countries is the lack of knowledge management. ...
... he integration of apps on mobile devices, software used on Internet of Things (IoT) devices, along with the need to improve functionality in numerous business applications, continue to motivate interest in the area of database forensics. Coupling this information with increasing interest in residual data in legal environments (Berman et al., 2015;McMillan et al., 2013), necessitates research in this relatively understudied area. Database forensics is a branch of digital forensics that uses database content, metadata, log files, data files, and memory data to create timelines, establish relationships and recover relevant data (Khanuja and Adane, 2012b). ...
Article
Full-text available
Database forensics is a domain that uses database content and metadata to reveal malicious activities on database systems in an Internet of Things environment. Although the concept of database forensics has been around for a while, investigation of cyber crime activities and cyber breaches in an Internet of Things environment would benefit from the development of a common investigative standard that unifies knowledge in the domain. Therefore, this paper proposes Common Database Forensic Investigation Processes (CDBFIP) using a Design Science Research (DSR) approach. The proposed process comprises four phases, namely: I) Identification, II) Artefact collection, III) Artefact analysis, and IV) the Documentation and Presentation process. It allows reconciliation of the concepts and terminologies of all common database forensic investigation processes; hence, it facilitates the sharing of knowledge on database forensic investigation among domain newcomers, users, and practitioners.
... As the importance of residual data continues to escalate in legal context [37,38], one of the main challenges in forensic investigation continues to be validation and verification of data. It is important that data acquired by investigators from the computers are authentic and reliable. ...
Conference Paper
Digital forensic investigators today are faced with numerous problems when recovering footprints of criminal activity that involve the use of computer systems. Investigators need the ability to recover evidence in a forensically sound manner, even when criminals actively work to alter the integrity, veracity, and provenance of data, applications and software that are used to support illicit activities. In many ways, operating systems (OS) can be strengthened from a technological viewpoint to support verifiable, accurate, and consistent recovery of system data when needed for forensic collection efforts. In this paper, we extend the ideas for forensic-friendly OS design by proposing the use of a practical form of computing on encrypted data (CED) and computing with encrypted functions (CEF) which builds upon prior work on component encryption (in circuits) and white-box cryptography (in software). We conduct experiments on sample programs to provide analysis of the approach based on security and efficiency, illustrating how component encryption can strengthen key OS functions and improve tamper-resistance to anti-forensic activities. We analyze the tradeoff space for use of the algorithm in a holistic approach that provides additional security and comparable properties to fully homomorphic encryption (FHE).
... II. RELATED WORK Researchers are continuously demonstrating that devices are at risk in a medical context [27]- [29]. Coupling these activities with research indicating that there is increasing interest in residual data in a general legal context [30], [31] stimulates governmental, practitioner and academic interest in appropriate regulatory issues and medical investigation capabilities. However, a growing number of researchers are arguing that, due to their size and complexity, relative to traditional medical systems, medical cyber-physical systems present several development challenges [2], [5], [10], [11], [32]. ...
Article
Full-text available
The synthesis of technology and the medical industry has partly contributed to the increasing interest in Medical Cyber-Physical Systems (MCPS). While these systems provide benefits to patients and professionals, they also introduce new attack vectors for malicious actors (e.g. financially-and/or criminally-motivated actors). A successful breach involving a MCPS can impact patient data and system availability. The complexity and operating requirements of a MCPS complicates digital investigations. Coupling this information with the potentially vast amounts of information that a MCPS produces and/or has access to is generating discussions on, not only, how to compromise these systems but, more importantly, how to investigate these systems. The paper proposes the integration of forensics principles and concepts into the design and development of a MCPS to strengthen an organization's investigative posture. The framework sets the foundation for future research in the refinement of specific solutions for MCPS investigations.
... II. RELATED WORK Researchers are continuously demonstrating that devices are at risk in a medical context [27]- [29]. Coupling these activities with research indicating that there is increasing interest in residual data in a general legal context [30], [31] stimulates governmental, practitioner and academic interest in appropriate regulatory issues and medical investigation capabilities. However, a growing number of researchers are arguing that, due to their size and complexity, relative to traditional medical systems, medical cyber-physical systems present several development challenges [2], [5], [10], [11], [32]. ...
... Hoog stated that digital forensic investigators and security engineers have faced difficulties dealing with mobile crimes due to the lack of knowledge management [7]. Members of the legal profession need to increase their level of understanding and knowledge of mobile forensic concepts, terminologies, techniques and procedures [8]. Moreover, the major issues in law enforcement agencies in many countries is the lack of knowledge management in the field of MF [9]. ...
Conference Paper
Full-text available
With the rapid development of technology, mobile devices have become an essential tool in terms of crime fighting and criminal investigation. However, many mobile forensics investigators face difficulties with the forensics investigation process in their domain. The difficulties are due to the heavy reliance of the forensics field on knowledge as a valuable resource, a resource that is scattered and widely dispersed. Wide dispersion of mobile forensics knowledge not only makes investigation difficult for new investigators, resulting in substantial waste of time, but also leads to confusion in concepts and terminologies of mobile forensics domain. This paper proposes a common concept for the mobile forensics domain based on the concepts extraction process. The proposed concepts contribute to simplifying the investigation process and enables investigation teams to capture and reuse specialized forensic knowledge, thereby reducing the conceptual and terminological confusion in the mobile forensics domain.
... The continued introduction of new technology, like cloud computing environments (Cahyani et al. 2016;Grispos et al. 2014a;Kynigos et al. 2016), and the necessity to keep policies, standards and procedures up-to-date, as well as fit for purpose continues to make this challenging from a corporate perspective (Grispos et al. 2013). This is further complicated for corporations by the continued introduction and escalating impact of residual data in legal environments (Berman et al. 2015;McMillan et al. 2013). The PricewaterhouseCoopers (2017) report on the Global State of Information Security highlights a growing interest by organizations in threat intelligence. ...
Conference Paper
Full-text available
Reports and press releases highlight that security incidents continue to plague organizations. While researchers and practitioners' alike endeavor to identify and implement realistic security solutions to prevent incidents from occurring, the ability to initially identify a security incident is paramount when researching a security incident lifecycle. Hence, this research investigates the ability of employees in a Global Fortune 500 financial organization, through internal electronic surveys, to recognize and report security incidents to pursue a more holistic security posture. The research contribution is an initial insight into security incident perceptions by employees in the financial sector as well as serving as an initial guide for future security incident recognition and reporting initiatives.
... An increasing amount of criminal activity uses mobile devices (McMillan, Glisson, and Bromby, 2013). Devices do provide ways to erase user information from secondary storage and criminals will likely use them. ...
Article
Full-text available
Mobile devices usually provide a “factory-reset” tool to erase user-specific data from the main secondary storage. 9 Apple iPhones, 10 Android devices, and 2 BlackBerry devices were tested in the first systematic evaluation of the effectiveness of factory resets. Tests used the Cellebrite UME-36 Pro with the UFED Physical Analyzer, the Bulk Extractor open-source tool, and our own programs for extracting metadata, classifying file paths, and comparing them between images. Two phones were subjected to more detailed analysis. Results showed that many kinds of data were removed by the resets, but much user-specific configuration data was left. Android devices did poorly at removing user documents and media, and occasional surprising user data was left on all devices including photo images, audio, documents, phone numbers, email addresses, geolocation data, configuration data, and keys. A conclusion is that reset devices can still provide some useful information to a forensic investigation.
... The changing landscape results in the need to develop innovative managerial, technological and strategic solutions. Increasing mobile device sales; increasing digital evidence requests in legal environments [1,18,22,23]; increasing generation and storage of digital transactions through CoT or Internet-of-Things (IoT) [7,14]; the applicability of organizational policies, standards and procedures in rapidly evolving environments [6,8]; and the development of cyber-physical attacks [2,5,9,10,17], all highlight the broad societal impacts of technology that encourage data intensive environments. ...
... The continued amalgamation of mobile devices into businesses environments and personal activities raises concerns about risk [16,27]. Coupling this concern with the growing impact that mobile device residual data appears to be having in legal environments escalates interest in understanding how to mitigate this risk [10,18]. Hence, the popularity of the Android mobile platform has prompted increased research interest in detecting malicious Android applications. ...
... As the proliferation of 3D printers escalates, it stands to reason that the number and various types of attacks will increase. Recent research indicates that the introduction and impact of residual data extracted from digital devices is continuing to escalate in legal atmospheres [4,19]. This situation emphasizes the necessity to understand how a devise can be compromised along with effective mitigation strategies for the production product and the intellectual property. ...
... Smartphone is a cellular telephone with an advanced mobile operating system, which combine features of a personal computer operating system and typically having a touchscreen interface. The combination functionality and the storage space equipped in smartphone make smartphone become part of peoples' daily lives and often carried wherever a person goes, which can be used to determine a person's whereabouts at a particular time [1]. In cases that involve crimes predominately carried out using smartphone, especially Android, such as sexual predators, information from the smartphone alone can prove the suspect's guilt or innocence. ...
Article
Full-text available
This study aims to design and develop an interactive system that can visualize evidence collected from Android smartphone data. This project is developing to support forensic investigator in investigating the security incidents particularly involving Android smartphone forensic data. The used of smartphone in crime was widely recognized. Several types of personnel information are stored in their smartphones. When the investigator analyses the image data of the smartphone, the investigator can know the behaviour of the smartphone’s owner and his social relationship with other people. The analysis of smartphone forensic data is cover in mobile device forensic. Mobile device forensics is a branch of digital forensics relating to recovery of digital evidence from a mobile device under forensically sound condition. The digital investigation model used in this project is the model proposed by United States National Institute of Justice (NIJ) which consists four phases, which are collection phase, examination phase, analysis phase and presentation phase. This project related with analysis phase and presentation phase only. This paper introduces Visroid, a new tool that provides a suite of visualization for Android smartphone data.
... As this proliferation continues, it can be reasoned that the amount of risk increases due to an increasing attack surface and the introduction of new technology. Recent research indicates that residual data extracted from mobile devices is having an increasing impact in legal environments [3,16]. The escalating amalgamation of ambulatory medical devices into the healthcare industry forces a need to understand the risk that these devices present to organizations. ...
Conference Paper
Full-text available
The continued integration of technology into all aspects of society stresses the need to identify and understand the risk associated with assimilating new technologies. This necessity is heightened when technology is used for medical purposes like ambulatory devices that monitor a patient’s vital signs. This integration creates environments that are conducive to malicious activities. The potential impact presents new challenges for the medical community. Hence, this research presents attack graph modeling as a viable solution to identifying vulnerabilities, assessing risk, and forming mitigation strategies to defend ambulatory medical devices from attackers. Common and frequent vulnerabilities and attack strategies related to the various aspects of ambulatory devices, including Bluetooth enabled sensors and Android applications are identified in the literature. Based on this analysis, this research presents an attack graph modeling example on a theoretical device that highlights vulnerabilities and mitigation strategies to consider when designing ambulatory devices with similar components.
... According to Klick and colleagues 2012, mobile phones increase the chances of catching and punishing offenders in many ways. Because the mobile phones' features allows victims and witnesses alike to create, store and transmit crime-related information, and the mobile phone data can also serve as forensic evidence that facilitates police investigations (McMillan et al. 2013), the "identification, apprehension, prosecution, and conviction all presumably become even more likely" (Klick et al. 2012, p. 246). In contrast to Klick et al. (2012), a study conducted by Orrick and Piquero (2015), presents a statistically significant negative relationship between mobile phone ownership and property crime rates, but a very weak relationship to violent crimes. ...
Article
Full-text available
Objectives In this study, we investigate the relationship between mobile networks and crime by exploiting the temporal and spatial properties of crime and the exogenous occurrence of mobile network outages (MNOs) in San Francisco, (CA) from 5th March 2017 to the 24th March 2018. Methods We exploit the occurrence of unpredictable and exogenous MNOs to identify how mobile phone usage affects crime. Further, we make use of established macro-level determinants such as weather conditions (temperature, precipitations), public holidays and events, to isolate and quantify how MNOs impact the total amount of crime, violent and property crime, as well other individual major crime categories such as robbery, burglary, theft, vehicle break-ins. Results Based on the results of our empirical analysis, we confirm a statistically significant but complex relationship between mobile phone usage and crime. The complexity of this relationship is due to the fact that, depending on the area under investigation (i.e., very dangerous districts vs. zip code areas with rather moderate levels of crime), the crime type assessed (i.e., violent versus property crime), or the coincidence of MNOs with events, the MNOs can sometimes foster and sometimes discourage crime. Conclusions This study highlights the necessity of extending the study of crime with a technological dimension of other emerging technologies (e.g., augmented reality and location-based mobile games) on crime. Further, it supports the notion that (1) the maintenance of mobile network infrastructures might be a matter of public interest; and (2) in some cases, mobile phones can be a useful and cost-effective crime reduction measure which is worth to be considered in the process of extending the government's catalog of crime countermeasures.
... Previous research indicates that digital evidence is becoming increasingly important in a variety of legal situations [7][8][9]. Hence, it is only a matter of time before medical device data becomes prominent in civil and criminal cases. Support for these predictions is already evident in criminal cases in the United States. ...
... The need for mobile security increases as consumers migrate toward mobile devices as their main form of communication. Research indicates that mobile devices are not only being introduced into legal context, but they are also being used to profile individual activities and as a proxy for cloud activities [1][2][3][4][5]. Coupling this information with market statistics indicating that the number of downloaded applications will reach 258.2 billion by 2022 [6] emphasizes corporate mobile device security concerns [7,8]. ...
... The continuous integration of technology in medical settings is creating an environment where medical devices are potentially at risk from a security perspective [22]. Complicating matters, research indicates that residual data from mobile and GPS devices are used in civil and criminal legal contexts and that there are legal issues around conducting cloud investigations [23][24][25]. The potential critical impact on human life, coupled with legal implications, encourages discussions by researchers on the security implications of technology in hospital environments [26][27][28]. ...
... The problem arises when users, namely the CS do not all have smartphones and not all are used to using smartphones. According to research that has been done, smartphone use can increase the activity of an organization [1][2][3][4]. On the other hand, it is strengthened by research on the use of Information Technology which is very important for the development of an organization [5]. ...
Conference Paper
The hybrid model has helped researchers solve problems found. In studies that measure the use of information systems, mixed models are very effective to use. Apart from the hardware and software side, a special hybrid model for measuring the use of information systems is also used for measurement from the user side. This study combines two models that are used to determine what factors are related to the readiness and usability of the use of information systems. The results of this study there are factors that influence the use of information systems, namely: innovation on efficiency, ease of learning about system usability, optimism on efficiency, optimism on efficiency, optimism on reliability, and optimism on satisfaction. The researcher assessed that the use of information systems ensured that innovation and optimism were important in using information systems. To further strengthen this research, of course, other studies must try to apply it to different objects with different characteristics of respondents' profiles. The profile of respondents is very important and influences the results, so it is recommended to consider the selection of respondents. Further research needs to be done again, in the hope of improving the model so that it makes a major contribution to the world of research.
... Then, five aspects of data acquisition during forensics are presented: Manual Acquisition, Logical Acquisition, Hex Dump Analysis, Chip-Off and Micro Read. Next research about third-party applications on Apple [5],case analysis [6,7,8,9,10]. The most of the research was based on all the methods mentioned, such as Pasquale Stirparo [11] with others studied the static information storage of the evidence, and then analyse the data extraction method. ...
... No (0) Low (0), medium (1), high (2) 10 Sleeping hours (SH) -the amount of sleeping hours Lack of sleep from a teenager leads to criminal adults (McMillan et al., 2013). ...
Article
Criminologists and psychologists around the world are finding new initiatives to identify criminals and understand crime scenes. This work focuses on predicting the occurrence of crimes for a released prisoner, based on crime propensity prediction, using a supervised machine learning technique. This original research is intended to design and develop a new dataset of 30 attributes that exists nowhere and is exclusively created to define prisoners so as to differentiate them by their propensity to crime using psychological and behavioural factors obtained from jails and assorted sources. The research incorporates an analysis of seven search methods, in tandem with seven subset evaluation techniques, to undertake feature selection, and nine classification algorithms for the classification of prisoners. It is found that the wolf search algorithm, used with the correlation-based feature subset evaluation technique and radial basis function classifier, performs best providing 97.8% precision, 97.5% recall and low error values.
... Previous research indicates that digital evidence is becoming increasingly important in a variety of legal situations [7][8][9]. Hence, it is only a matter of time before medical device data becomes prominent in civil and criminal cases. Support for these predictions is already evident in criminal cases in the United States. ...
Preprint
The integration of medical devices in everyday life prompts the idea that these devices will increasingly have evidential value in civil and criminal proceedings. However, the investigation of these devices presents new challenges for the digital forensics community. Previous research has shown that mobile devices provide investigators with a wealth of information. Hence, mobile devices that are used within medical environments potentially provide an avenue for investigating and analyzing digital evidence from such devices. The research contribution of this paper is twofold. First, it provides an empirical analysis of the viability of using information from smartphone applications developed to complement a medical device, as digital evidence. Second, it includes documentation on the artifacts that are potentially useful in a digital forensics investigation of smartphone applications that interact with medical devices.
... The purpose of this investigation is to recover digital evidence from a mobile device using forensically sound conditions so that evidence is admissible in a legal context (Ayers et al., 2014). Research indicates that residual digital data, in general, continues to be a concern and plays an escalating role in legal environments (Berman et al., 2015;Brown et al., 2018;Damopoulos et al., 2012;Graves et al., 2020;McMillan et al., 2013). Hence, organizations require trained and qualified individuals to conduct investigations on various mobile devices, including smartphones. ...
Article
Realistic case studies are essential to training successful digital forensics examiners. However, the generation of realistic datasets is time-consuming and resource taxing. This paper presents a technical solution that populates Android emulators with realistic mobile forensic data. The emulator's data can be extracted into a raw disk image that is usable in mobile forensic training scenarios. In addition, the tool allows a user to populate the Android emulators with custom text messages, phone contacts, phone calls, and files. This population task is achieved by utilizing the Android Debug Bridge, Android Content Providers, SQLite databases, and the NodeJS runtime environment. This paper presents the software design and development, the requirements and limitations, and the testing process implemented in this research. The contribution of this paper is twofold. First, it identifies potential data and mechanisms to generate Android mobile forensic datasets using customized data population. Second, it creates a foundation for future research on the topic of mobile forensic emulators for training purposes. This article is categorized under: • Digital and Multimedia Science > Mobile Forensics • Crime Scene Investigation > Education and Formation Abstract This article describes a piece of software that has been developed to automatically populate android emulators with phone contacts, text messages, call logs, image files, sound files, video files, and other files, for the purposes of mobile forensics training.
... Smartphones are playing an increasingly important role in investigating both cyber and physical crimes, as they are pervasive devices and they capture both online and offline activities of their owners. For instance, even several years ago when smartphones were not as pervasive as today, the number of crimes that involve mobile-phone evidence increased 10% per year on average from 2006 to 2011 [33]. In 2017, a visiting scholar at University of Illinois Urbana-Champaign was kidnapped. ...
Conference Paper
Crimes, both physical and cyber, increasingly involve smartphones due to their ubiquity. Therefore, digital evidence on smartphones plays an increasingly important role in crime investigations. Digital evidence could reside in the memory and permanent storage of a smartphone. While we have witnessed significant progresses on memory forensics recently, identifying evidence in the permanent storage is still an underdeveloped research area. Most existing studies on permanent-storage forensics rely on manual analysis or keyword-based scanning of the permanent storage. Manual analysis is costly, while keyword matching often misses the evidentiary data that do not have interesting keywords. In this work, we develop a tool called EviHunter to automatically identify evidentiary data in the permanent storage of an Android device. There could be thousands of files on the permanent storage of a smartphone. A basic question a forensic investigator often faces is which files could store evidentiary data. EviHunter aims to answer this question. Our intuition is that the evidentiary data were produced by apps; and an app's code has rich information about the types of data the app may write to a permanent storage and the files the data are written to. Therefore, EviHunter first pre-computes an App Evidence Database (AED) via static analysis of a large number of apps. The AED includes the types of evidentiary data and files that store them for each app. Then, EviHunter matches the files on a smartphone's permanent storage against the AED to identify the files that could store evidentiary data. We evaluate EviHunter on benchmark apps and 8,690 real-world apps. Our results show that EviHunter can precisely identify both the types of evidentiary data and the files that store them.
... The pervasiveness of mobile device residual data [14], the security implications associated with mobile devices [15], and inherent Bluetooth capabilities in many of these devices is prompting interest from both academicians and practitioners. Coupling this information with research that indicates mobile device residual data, in general, is increasingly being used in a legal context heightens the necessity to understand relevant Bluetooth vulnerabilities [16,17]. ...
... Smartphones are playing an increasingly important role in investigating both cyber and physical crimes, as they are pervasive devices and they capture both online and offline activities of their owners. For instance, even several years ago when smartphones were not as pervasive as today, the number of crimes that involve mobile-phone evidence increased 10% per year on average from 2006 to 2011 [33]. In 2017, a visiting scholar at University of Illinois Urbana-Champaign was kidnapped. ...
Preprint
Crimes, both physical and cyber, increasingly involve smartphones due to their ubiquity. Therefore, digital evidence on smartphones plays an increasingly important role in crime investigations. Digital evidence could reside in the memory and permanent storage of a smartphone. While we have witnessed significant progresses on memory forensics recently, identifying evidence in the permanent storage is still an underdeveloped research area. Most existing studies on permanent-storage forensics rely on manual analysis or keyword-based scanning of the permanent storage. Manual analysis is costly, while keyword matching often misses the evidentiary data that do not have interesting keywords. In this work, we develop a tool called EviHunter to automatically identify evidentiary data in the permanent storage of an Android device. There could be thousands of files on the permanent storage of a smartphone. A basic question a forensic investigator often faces is which files could store evidentiary data. EviHunter aims to answer this question. Our intuition is that the evidentiary data were produced by apps; and an app's code has rich information about the types of data the app may write to a permanent storage and the files the data are written to. Therefore, EviHunter first pre-computes an App Evidence Database (AED) via static analysis of a large number of apps. The AED includes the types of evidentiary data and files that store them for each app. Then, EviHunter matches the files on a smartphone's permanent storage against the AED to identify the files that could store evidentiary data. We evaluate EviHunter on benchmark apps and 8,690 real-world apps. Our results show that EviHunter can precisely identify both the types of evidentiary data and the files that store them.
... LITERATURE REVIEW The pervasiveness of mobile device residual data [14][15][16], the security implications associated with mobile devices [17][18][19], and inherent Bluetooth capabilities in many of these devices is prompting interest from both academicians and practitioners. Coupling this information with research that indicates mobile device residual data, in general, is increasingly being used in a legal context heightens the necessity to understand relevant Bluetooth vulnerabilities [20,21]. ...
Preprint
Full-text available
The proliferation of Bluetooth mobile device communications into all aspects of modern society raises security questions by both academicians and practitioners. This environment prompted an investigation into the real-world use of Bluetooth protocols along with an analysis of documented security attacks. The experiment discussed in this paper collected data for one week in a local coffee shop. The data collection took about an hour each day and identified 478 distinct devices. The contribution of this research is two-fold. First, it provides insight into real-world Bluetooth protocols that are being utilized by the general public. Second, it provides foundational research that is necessary for future Bluetooth penetration testing research.
... As a matter of fact, law enforcement is much more likely to encounter a suspect with a mobile device in his possession than a PC or laptop, hence the rise in demand for the analysis of mobile devices has seen a spike in the last decade. Recent studies have revealed that mobile phone devices are potentially a growing facilitator in criminal activity (McMillan et al. 2013). Modern mobile devices are rich sources of evidence, wherein an investigator can acquire a wealth of information to take the investigation to its logical conclusion. ...
Article
Full-text available
Aside from the primary objective of finding potential digital evidence, preserving the integrity of the evidence and maintaining proper chain of custody are also equal priorities for an investigator to ensure admissibility of evidence in the court of law. Advanced mobile forensic techniques pose a serious challenge in achieving the latter due to the complexity of the process and possibility of alteration in the state of the device during data acquisition. Hence efforts are made to understand the critical issues faced by the investigators while employing advanced mobile forensic techniques, which may be invasive or destructive. A standardised investigative process is presented in this paper which may act as a guide to investigators, prosecutors and judicial officers dealing with digital evidence in India.
... The archived information contains the identities of cell towers that handle the communication, and the tower locations are already known. CDR data contains tremendous amount of digital footprints for virtually all subscribers of the network, and it has been extensively used in criminal investigation (McMillan et al., 2013;Kumar et al., 2017), the study of human mobility (Zhang et al., 2014;Becker et al., 2013;Gonzalez et al., 2008), and urban and transportation planning (Becker et al., 2011;Wang et al., 2010;Iqbal et al, 2014). It's worth noting that location information contained in CDR data are not the locations of cellphone users, rather they are the locations of nearby cellphone tower that handled the user's wireless communication. ...
Article
Full-text available
One major source of uncertainty in accurately estimating human exposure to air pollution is that human subjects move spatiotemporally, and such mobility is usually not considered in exposure estimation. How such mobility impacts exposure estimates at the population and individual level, particularly for subjects with different levels of mobility, remains under-investigated. In addition, a wide range of methods have been used in the past to develop air pollutant concentration fields for related health studies. How the choices of methods impact results of exposure estimation, especially when detailed mobility information is considered, is still largely unknown. In this study, by using a publicly available large cell phone location dataset containing over 35 million location records collected from 310,989 subjects, we investigated the impact of individual subjects’ mobility on their estimated exposures for five chosen ambient pollutants (CO, NO2, SO2, O3 and PM2.5). We also estimated exposures separately for 10 groups of subjects with different levels of mobility to explore how increased mobility impacted their exposure estimates. Further, we applied and compared two methods to develop concentration fields for exposure estimation, including one based on Community Multiscale Air Quality (CMAQ) model outputs, and the other based on the interpolated observed pollutant concentrations using the inverse distance weighting (IDW) method. Our results suggest that detailed mobility information does not have a significant influence on mean population exposure estimate in our sample population, although impacts can be substantial at the individual level. Additionally, exposure classification error due to the use of home-location data increased for subjects that exhibited higher levels of mobility. Omitting mobility could result in underestimation of exposures to traffic-related pollutants particularly during afternoon rush-hour, and overestimate exposures to ozone especially during mid-afternoon. Between CMAQ and IDW, we found that the IDW method generates smooth concentration fields that were not suitable for exposure estimation with detailed mobility data. Therefore, the method for developing air pollution concentration fields when detailed mobility data were to be applied should be chosen carefully. Our findings have important implications for future air pollution health studies.
Article
The pervasive nature of social media suggests it would increasingly appear as evidence in the courtroom as it has increasingly documented daily life. This research examines the use of such evidence through the review of appellate judgments. It has identified 5,189 appeal cases in federal and state jurisdictions for the period from 1 October 2000 to 30 September 2017. California was used for the state jurisdictional analysis and the Ninth Circuit Court of Appeals, which includes California, was used for the federal. In 2017, there was a 350% increase in Ninth Circuit cases using social media evidence as compared to the first cases in 2010. There was a 3933% increase in the California state cases from the first cases in 2007. Photos/images evidence were used the most in State criminal cases and all Federal cases, while posts evidence was used the most in State civil cases.
Article
Digital evidence is increasingly popular in criminal proceedings - not only to those commonly referred to as 'cybercrimes'. The credibility criteria of such evidence are in theory governed by a set of basic principles developed within forensic science. According to current theoretical definitions, 'digital evidence' includes any information of probative value stored or transmitted in the form of digital data. It is expected that all digital evidence should be acquired and examined in a forensically sound manner. However, an empirical study based on polish criminal cases' files analysis shows that certain digital forensic guidelines on digital evidence are often ignored in practice, and information of digital origin are often presented only as printouts. A re-evaluation of current theoretical definition of 'digital evidence' is proposed based on a distinction between digital evidence in 'general' (sensu largo) and 'technical' (sensu stricto) sense.
Article
Full-text available
Digital evidence is increasingly popular in criminal proceedings - not only those commonly referred to as ‘cybercrimes’. The credibility criteria of such evidence are in theory governed by a set of basic principles developed within forensic science. According to current theoretical definitions, ‘digital evidence’ includes any information of probative value stored or transmitted in form of digital data. It is often accepted that all digital evidence should be acquired and examined in a forensically sound manner. However, an empirical study based on polish criminal cases’ files analysis shows that digital forensic guidelines on digital evidence are often ignored in practice, and information of digital origin is often presented only as a printout. A re-evaluation of the current theoretical definition of ‘digital evidence’ is proposed based on a distinction between evidence of general digital origin (sensu largo) and digital evidence gathered and examined in a techical, forensically sound manner (sensu stricto).
Article
This study investigated the accuracy of 3G and 4G follow-on GPRS (General Packet Radio Service)/mobile data CDRs (Call Detail Records) from three UK mobile network operators (EE, Vodafone and Three). Follow-on GPRS/mobile data CDRs are currently considered to be more open to misinterpretation than voice/SMS CDRs as uncertainties exist regarding the correspondence between the timestamp and the Cell ID presented within the CDRs. Consequently, follow-on GPRS/mobile CDRs may be disregarded during criminal investigations, potentially losing valuable intelligence and evidence. To assess the accuracy of follow-on GPRS/mobile data CDRs, connected mode RF (Radio Frequency) surveys were conducted while simultaneously producing follow-on GPRS/mobile data CDRs in a travelling vehicle. This allowed a comparison of the start Cell ID presented in the CDR and the Cell ID that provided coverage to the device at the start time of the CDR to assess the correspondence between the timestamp and the Cell ID presented within the CDRs, and to consider the validity of the terminology used by experts. It was found that individual follow-on GPRS/mobile data CDRs cannot consistently place a device within the coverage area of the start Cell ID at the start time of the CDR. Instead, the results indicate that a terminology which places the device within the coverage area of the start Cell ID ‘at or before’ the start time of the CDR is appropriate. It is crucial that follow-on GPRS/mobile data CDRs are analysed with this consideration in mind so to interpret the evidence correctly.
Chapter
The U.S. Next Generation Air Transportation System (NextGen) is designed to increase the capacity, safety and efficiency of the air traffic control via the integration of past experiences and advances in technology. However, the system is expected to greatly increase the amount and types of data generated as well as the knowledge to be managed. Additionally, as with all new technology, U.S. NextGen opens the specter of the potential impacts created by cyberattacks. Given this, it appears logical to view the U.S. NextGen system from the lens of Big Data. This study evaluates the U.S. NextGen system using the five differentiated qualitative characteristics of big data: Volume, Velocity, Variety, Veracity and Value. The results indicate that U.S. NextGen system has several big data challenges that must be addressed in order to obtain its maximal potential.
Article
Data from mobile phones are regularly used in the investigation of crime and court proceedings. Previously published research has primarily addressed technical issues or provided operational manuals for using forensic science evidence, rather than analysing human factors and the implementation of forensic tools in investigation settings. Moreover, previous research has focused almost entirely on western countries, and there is a dearth of research into the uses of forensic evidence in China. In this study, a review was carried out of court sentencing documents referring to mobile phone evidence in China over the period 2013-2018. Automated content analysis was used to identify the specific evidence types utilised and the sentencing outcome for each case. Results show that mobile phone evidence was used in 3.3% of criminal proceedings. Among various data types mentioned in criminal proceedings, call records sustained as the most frequently used type of data. After which, instant messaging tools (e.g. WeChat) are an increasing proportion of all mobile phone evidence, from 1% in 2015 to 25% in 2018. For cases that utilised mobile phone data, the analysis of instant messaging and online transaction tools is routine, with little variation in the use of each application (WeChat, Alipay, QQ) for investigations of different types of crime. However, in the majority of criminal cases, mobile phone data function as subsidiary evidence and posed limited impacts on verdict reached. The current findings indicate that a large amount of mobile phone evidence is transformed into other evidence formats or filtered out directly before court proceedings.
Article
Full-text available
The mobile or cell phone has become the 21 st century icon. It is ubiquitous in the modern world, as an on-the-go talking device, an internet portal, a social networking platform, a personal organizer, and even a mobile bank. In the information age, it has become an important social accessory. Since it is relatively easy to use, portable and affordable, its diffusion continues to surpass that of other ICTs. Research increasingly suggests cell phone usage to be addictive, compulsive and habitual. Students are among the heavy users of mobile technologies, and accordingly, a 33-item questionnaire measuring addictive and habitual behaviour was administered to a sample of students. Results indicate that indeed mobile phone usage is not only habit-forming, it is also addictive; possibly the biggest non-drug addiction of the 21 st century.
Article
Full-text available
The Facebook phenomenon has revolutionised communication patterns especially among students and youths. Young adults increasingly integrate facebook into their daily lives. The commonly used features include chatting, uploading personal profiles, exchanging notes and study material. Several factors (for example, real-time interactive messaging, 3G mobile telephony, faster and cheaper Internet access) encourage social network sites (SNSs) and facebook adoption. While facebook started primarily as a social website connecting friends, many users have increasingly started using the platform for business, marketing and study purposes. However, despite the many opportunities for facilitating teaching and learning in universities, in particular promoting student instructor interaction, Facebook's usage in classrooms is still low. It was therefore deemed opportune to investigate students' perceptions of the SNS. The purposes of this study were to: (1) examine students' Facebook usage habits and (2) investigate the perceived usefulness of Facebook in education. Following the introduction of Facebook in a Business Management course, students' perceptions of Facebook were subsequently ascertained using constructs of the Rogers diffusion model. Data was collected from a sample of 194 undergraduate students using self-administered questionnaires. Findings confirm Facebook's popularity and utility in education. Results are discussed in the context of existing literature, and the paper concludes by proposing both theoretical and practical implications.
Article
Full-text available
The growth of mobile digital communication devices has seen a corresponding growth in the data created by users in the course of their mobile communications. The ease with which such data -including sensitive time-dependent location information -can be collected and stored raises clear data protection and concerns. The value such data offers to both law enforcement agencies and the private sector has complicated regulatory responses to such data protection concerns. This has lead to the contradictory situation in which mobile data is used by the law enforcement agencies and the private sector to identify individual users, yet this same information is not considered to be 'personal data'.
Article
Full-text available
Abstract—Current forensic tools for examination,of embedded systems,like mobile,phones,and,PDA’s mostly,perform,data extraction on,a logical level and,do,not consider,the type,of storage media,during,data analysis. This paper,suggests a low level approach,for the forensic examination,of flash memories,and describes three low-level data acquisition methods,for making,full memory,copies of flash memory,devices. Results are presented,of a file system study in which USB memory,sticks from 45 different make,and models,were used. For different mobile phones,is shown how,full memory,copies of their flash memories,can,be made and,which,steps are needed,to translate the extracted,data into a format,that can,be understood,by common,forensic media analysis tools. Artifacts, caused by flash specific operations like block erasing and wear leveling, are discussed and directions are given for enhanced,data recovery,and analysis on data originating from,flash memory. Index Terms—embedded systems, flash memory, physical anal-
Article
Full-text available
Observations of mobile phone use suggest that this medium facilitates existing social practices when used as a tool within, and at times outside, socially determined definitions of ‘normal’ or ‘deviant’ behavior. Written from a social construction of technology perspective, this article examines the mobile phone as a contemporary technology in the context of its use in illegal drug-dealing and the law enforcement of those practices in Canada. The relationship between illegal drug-dealing and law enforcement responses is critically analyzed, highlighting the way groups representing both sides utilize mobile phone technologies to achieve their divergent goals. Existing constitutional guidelines employed by law enforcement to support the use of mobile and wireless technologies for surveillance are considered, particularly considering the notion of privacy. The article concludes by challenging assumptions that mobile phones are primarily personal artifacts, and instead describes the inherently social nature of mobile communications, thereby calling for a re-conceptualization of current ideology on privacy.
Conference Paper
Full-text available
By understanding the past and present, the future can be predicted. This work seeks to understand how an Australian policing agency is currently receiving and analyzing sources of electronic evidence in the investigation of criminal activity. It shows how many devices are received, what kinds of device make up each analysis job, and for investigation into which crimes. From this, trends and workloads may be understood and future investments in equipment and research direction can be decided. The outcomes of this work may also allow for strategies to maximize training to non-technical staff and highlight investigative areas that may benefit from more use of electronic evidence. Finally, charting the trends in how commonly different electronic devices are analysed may allow for better handling of crime scenes and expand what is collected for different crime types. This work seeks to understand which types of crime are making most use of electronic evidence sources, to prepare for future changes in the discipline.
Conference Paper
Full-text available
We present a nested-lattice encoding and decoding strategy for Compress-and-Forward (CF) relaying. This complements previous work on a nested-lattice encoding and decoding scheme for Decode-and-Forward (DF) relaying, and provides an alternative to random codes for CF relaying which may be a useful coding strategy for larger networks. The proposed nested-lattice CF schemes utility is demonstrated by using it to cancel interference in a two-hop Gaussian network with a source, a relay and a destination, in which additive interference experienced at the relay and known at the destination (but not the source). The proposed scheme achieves the same rate as a CF scheme without interference, and to within 1/2 bit from the “clean” channel outer bound. We further illustrate this schemes power by discussing extensions to multi-hop networks in which one or more interference terms are known by receivers “down-the-line”.
Article
Full-text available
Acquisition, decoding and presentation of information from mobile devices is complex and challenging. Device memory is usually integrated into the device, making isolation prior to recovery difficult. In addition, manufacturers have adopted a variety of file systems and formats complicating decoding and presentation. A variety of tools and methods have been developed (both commercially and in the open source community) to assist mobile forensics investigators. However, it is unclear to what extent these tools can present a complete view of the information held on a mobile device, or the extent the results produced by different tools are consistent. This paper investigates what information held on a Windows Mobile smart phone can be recovered using several different approaches to acquisition and decoding. The paper demonstrates that no one technique recovers all information of potential forensic interest from a Windows Mobile device; and that in some cases the information recovered is conflicting.
Article
As mobile devices widely used for personal and business purpose, mobile devices loss and theft have become one big security threat. In this paper, we analyze the potential risks of mobile devices loss and theft and summarize the countermeasures that can be used to cope with such risks. Based on protection motivation theory, we propose a research framework to investigate the factors that affect users' behavior to cope with the risk of mobile devices loss and theft.
Article
Focusing on gender and age variations and using various measures of self-control and of crime/deviance, the authors' provide additional evidence concerning the strongest implications of self-control theory—that self-control interprets the main demo-graphic facts about crime/deviance and is of approximately equal import for all sub-categories of individuals. On one hand, the results are strongly supportive of the theory, showing that some measures of self-control not only predict misbehavior but they interpret the associations between gender and age and measures of crime/deviance. On the other hand, self-control does not appear to predict misbehavior equally well among various subcategories of individuals, particularly not for age groups, even failing to predict misbehavior at all for some groupings. Moreover, sup-port for the strongest claims of the theory are not robust, varying depending on how self-control and crime/deviance are measured.
As a specific form of social computing mobile phones are changing the way people use and perceive their social contexts both at work and at play. Observations of mobile phone use in urban settings suggest that this medium can facilitate existing social practices and extend our everyday activities to create a set of distinct social practices associated with this Information and Communication Technology. In particular mobile phones support users in the active production of identity, whether this identity is socially determined to be “normal” or “deviant”. Written from a Social Informatics perspective this paper examines the mobile phone as a contemporary controversial technology in the context of its use in illegal drug-dealing and the law enforcement of those practices. The relationship between illegal drug-dealing and law enforcement responses is critically analysed highlighting the way both groups utilise mobile phone technologies to achieve their divergent goals. The paper concludes by offering a perspective on the social nature of mobile communications and suggestions for further research and action.
Article
In order to address the claims that mobile phone usage is addictive, a study was undertaken to categorize mobile phone usage behaviour based on the underlying motivation. Six categories were identified: addictive, compulsive, dependent, habitual, voluntary and mandatory. A survey of 184 students found that the behaviour cannot be conclusively categorized as any specific type, although there was stronger support for mobile phone usage being categorized as dependent, voluntary or mandatory behaviour, rather than being addictive, compulsive or habitual.
Article
Cell phones are a pervasive new communication technology, especially among college students. This paper examines college students’ cell phone usage from a behavioral and psychological perspective. Utilizing both qualitative (focus groups) and quantitative (survey) approaches, the study suggests these individuals use the devices for a variety of purposes: to help them feel safe, for financial benefits, to manage time efficiently, to keep in touch with friends and family members, et al. The degree to which the individuals are dependent on the cell phones and what they view as the negatives of their utilization are also examined. The findings suggest people have various feelings and attitudes toward cell phone usage. This study serves as a foundation on which future studies will be built.
Article
Digital investigations, whether forensic in nature or not, require scientific rigor and are facilitated through the use of standard processes. Such processes can be complex in nature. A more comprehensive, generally accepted digital investigation process framework is therefore sought to enhance scientific rigor and facilitate education, application, and research. Previously proposed frameworks are predominantly single-tier, higher order process models that focus on the abstract, rather than the more concrete principles of the investigation. We contend that these frameworks, although useful in explaining overarching concepts, fail to support the inclusion of additional layers of detail needed by various framework users. We therefore propose a multi-tier, hierarchical framework to guide digital investigations. Our framework includes objectives-based phases and sub-phases that are applicable to various layers of abstraction, and to which additional layers of detail can easily be added as needed. Our framework also includes principles that are applicable in varied ways to all phases. The data analysis function intended to identify and recover digital evidence is used as an example of how the framework might be further populated and used. The framework is then applied using two different case scenarios. At its highest level, the proposed framework provides a simplified view and conceptual understanding of the overall process. At lower levels, the proposed framework provides the granularity needed to achieve practicality and specificity goals set by practitioners and researchers alike.
Conference Paper
Mobile phones have been diffusing worldwide at an astonishing rate. They provide individuals with unprecedented connectivity to information and inter-personal interaction, and thus are expected to enhance social capital. This paper sets out to present an investigation focusing on the impact of mobile phone use on individual social capital. Based on the case studies conducted in Australia and South Korea, we find that mobile communications, facilitated by mobility and portability of mobile computing, can have a positive impact on individual social capital and the degree of the impact largely depends on an individual's mobile phone use pattern. We then discuss the implications of the study and make suggestions for future research.
Article
Modern mobile phones store data in SIM cards, internal memory and external flash memory. With advanced functionality such as multimedia messaging becoming common, increasing amounts of information are now stored in internal memory. However, the forensic analysis of internal memory, including the recovery of deleted items, has been largely ignored. This paper presents two methods for imaging the internal memory of mobile phones. The methods are applied on several popular models to recover information, including deleted text messages. Full Text at Springer, may require registration or fee
Article
The robust link between age and crime has received considerable inquiry. However, the etiology of this association remains elusive. The present exposition provides a review of seminal theories on age and crime and discusses potential contributions from personality psychology in explaining this relationship. Specifically, personality development is highlighted with emphasis on patterns of change in traits from late adolescence to early adulthood in order to address the misconception within the age-crime literature that personality is only relevant to stability in antisocial behavior over time. It is theorized that age-related declines in antisocial behavior reflect normative change in key dimensions of personality. Findings from the developmental literature on personality are integrated with past biological and sociological perspectives on the age-crime curve to articulate a theory that emphasizes the co-development of personality and antisocial behavior from late adolescence to early adulthood. It is concluded that changes in personality undergird the development of antisocial behavior during this formative stage of the life-course and that personality development represents a viable theoretical framework for understanding the link between age and crime.
Mobile Phones: Admissibility of Current Forensic Procedures for Acquiring Data
  • P Mccarthy
  • J Slay
Digital Evidence on Mobile Devices
  • E Casey
  • B Turnbull
  • E Casey
Chapter 20 Digital Evidence on Mobile Devices
  • E Casey
  • B Turnbull
  • E Casey
Electrical Storm on the Horizon?
  • P Motion
  • S Warren
Mobile Phone Forensics - Asking the Right Questions
  • Tony Dearsley
Computer Forensics: Computer Crime Scene Investigation
  • J R Vacca