Digital Forensics and Cyber Crime. 4th International Conference, ICDF2C 2012, Lafayette, IN, USA, October 25-26, 2012, Revised Selected Papers

Research Article

Evaluating and Comparing Tools for Mobile Device Forensics Using Quantitative Analysis

Download56 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-39891-9_17,
        author={Shahzad Saleem and Oliver Popov and Oheneba Appiah-Kubi},
        title={Evaluating and Comparing Tools for Mobile Device Forensics Using Quantitative Analysis},
        proceedings={Digital Forensics and Cyber Crime. 4th International Conference, ICDF2C 2012, Lafayette, IN, USA, October 25-26, 2012, Revised Selected Papers},
        proceedings_a={ICDF2C},
        year={2013},
        month={10},
        keywords={Digital Forensics Mobile Device Forensics and tools e-Evidence Evaluation Confidence Interval Hypothesis Testing and Quantitative Analysis},
        doi={10.1007/978-3-642-39891-9_17}
    }
    
  • Shahzad Saleem
    Oliver Popov
    Oheneba Appiah-Kubi
    Year: 2013
    Evaluating and Comparing Tools for Mobile Device Forensics Using Quantitative Analysis
    ICDF2C
    Springer
    DOI: 10.1007/978-3-642-39891-9_17
Shahzad Saleem1,*, Oliver Popov1,*, Oheneba Appiah-Kubi1,*
  • 1: Stockholm University
*Contact email: shahzads@dsv.su.se, popov@dsv.su.se, okak@dsv.su.se

Abstract

In this paper we have presented quantitative analysis technique to measure and compare the quality of mobile device forensics tools while evaluating them. For examiners, it will provide a formal mathematical base and an obvious way to select the best tool, especially for a particular type of digital evidence in a specific case. This type of comparative study was absent in both NIST’s evaluation process and our previous work (Evaluation of Some Tools for Extracting e-Evidence from Mobile Devices). We have evaluated UFED Physical Pro 1.1.3.8 and XRY 5.0. To compare the tools we have calculated Margin of Error and Confidence Interval (CI) based on the proportion of successful extractions from our samples in different scenarios. It is followed by hypothesis testing to further strengthen the CI results and to formally compare the accuracy of the tools with a certain level of confidence.