Full Text

1. Introduction

Smartphones are the most advanced technologies which exist today and are gaining popularity with the release of new versions having large memory and new functionalities. Microsoft’s Windows, Google’s Android and Apple’s IOS are today the leading players in the phone market (Becker et al., 2012). These devices contain a vast amount of information, including commercial, location as well as personal information which is useful from forensics perspective. We have seen various cases where mobile device today serves as an important evidence for gaining valuable insights about suspects and activities of victims. There are various existing tools today, which are capable of extracting sufficient information from a variety of smartphones. The most popular among them is the Open Source AFLogical tool.

Mobile Forensics is a relatively new field, and it differs much from computer-related forensic methods. New mobiles enhanced with hardware and software capabilities make it more challenging to develop a standard procedure for digital investigation. Some of the early works to standardize the process of forensic investigation include ASTM International (2009) and Best Practices for Mobile Phone Forensics by SWGDE (2009). Works done by Jansen and Ayers (2007) standardizes the sequence of actions that an investigation must have which consists of acquisition, examination, analysis and reporting of retrieved data (Barmpatsalou et al., 2013). The proposed approach uses similar processing for data extraction. Further guidelines that mobile-related forensic studies must follow are mentioned in ACPO (2007). The most important point is that the data on the device should not be modified/altered during the investigation process to make it presentable before the law court.

Very few works on forensics have been done on the recent releases, i.e. Jellybean and Kitkat version of Android. The change in memory architecture and the additional functionalities could provide us with a substantially large amount of information compared to earlier one. In this paper, we have tested two most popular tools on the two Android devices which have Jellybean version 4.2 and Gingerbread 2.3.6. Also, a device which has custom ROM Jellybean 4.3 as the Operating System (OS) has been used to evaluate the outputs on all types of operating system. We have introduced our own method of logical acquisition of data based on underlying Linux Kernel, evaluated...