Glisson, W.B., Storer, T. and Buchanan-Wollaston, J. (2013) An empirical comparison of data recovered from mobile forensic toolkits. Digital Investigation, 10(1), pp. 44-55. (doi: 10.1016/j.diin.2013.03.004)
Full text not currently available from Enlighten.
Abstract
Mobile devices are increasingly being used as a source of digital evidence in criminal investigations. Mobile forensic toolkit manufacturers have responded to this trend by developing recovery methods capable of extracting evidence from the ever growing range of mobile device models. However, there is a considerable amount of concern as to the reliability of evidence produced from forensic software, with a number of authors documenting difficulties verifying evidence when it is obtained. This paper reports on a comparison of results produced by a selection of software based recovery methods available in three mobile device forensic toolkits. The results provide the first empirical evidence that there is considerable variation in results between toolkits in terms of the proportion of data recovered from different devices by different toolkits. In addition, the results demonstrate that a forensics investigator will face serious challenges verifying the results of one recovery method using the results produced by another.
| Item Type: | Articles |
|---|---|
| Status: | Published |
| Refereed: | Yes |
| Glasgow Author(s) Enlighten ID: | Storer, Dr Tim and Glisson, Dr William |
| Authors: | Glisson, W.B., Storer, T., and Buchanan-Wollaston, J. |
| College/School: | College of Arts > School of Humanities > Information Studies College of Science and Engineering > School of Computing Science |
| Journal Name: | Digital Investigation |
| ISSN: | 1742-2876 |
| ISSN (Online): | 1873-202X |
| Published Online: | 15 March 2013 |
University Staff: Request a correction | Enlighten Editors: Update this record
Deposit and Record Details
Deposit and Record Details