A comparison of forensic evidence recovery techniques for a windows mobile smart phone |
| |
| Authors: | George Grispos Tim Storer William Bradley Glisson |
| |
| Affiliation: | aSchool of Computing Science, University of Glasgow, Lilybank Gardens, Glasgow G12 8QQ, Scotland, UK;bSchool of Humanities, University of Glasgow, University Gardens, Glasgow G12 8QQ, Scotland, UK |
| |
| Abstract: | Acquisition, decoding and presentation of information from mobile devices is complex and challenging. Device memory is usually integrated into the device, making isolation prior to recovery difficult. In addition, manufacturers have adopted a variety of file systems and formats complicating decoding and presentation.A variety of tools and methods have been developed (both commercially and in the open source community) to assist mobile forensics investigators. However, it is unclear to what extent these tools can present a complete view of the information held on a mobile device, or the extent the results produced by different tools are consistent.This paper investigates what information held on a Windows Mobile smart phone can be recovered using several different approaches to acquisition and decoding. The paper demonstrates that no one technique recovers all information of potential forensic interest from a Windows Mobile device; and that in some cases the information recovered is conflicting. |
| |
| Keywords: | Windows mobile Digital forensics Smart phone File carver Physical acquisition Logical acuquisition |
| 本文献已被 ScienceDirect 等数据库收录! |
|
