Abstract
Mobile devices such as smartphones are carried and used constantly by people in their daily lives and, therefore, play important roles in forensic investigations. As a result, digital forensic professionals are confronted with large numbers of devices with data that has to be extracted and analyzed. The education and training of forensic experts and the development and evaluation of smartphone forensic tools require copious amounts of realistic data. Unfortunately, secrecy and privacy considerations limit the availability of real digital forensic data. Smartphone datasets for training and testing are sparse and unrealistic, and knowledge about data distributions in real smartphones is limited.
This chapter presents the results of a survey of law enforcement professionals from two countries that sought to understand the typical data residing in smartphones encountered in criminal investigations, with the goal of supporting the creation of publicly-available forensic datasets. The typical data extracted from smartphones using current forensic tools is presented; this data is divided into two forensic classes, relevant and irrelevant. Additionally, the chapter discusses current problems encountered by mobile device forensic professionals and opportunities for future research.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
S. Abt and H. Baier, Are we missing labels? A study of the availability of ground truth in network security research, Proceedings of the Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, pp. 40–55, 2014.
K. Barmpatsalou, T. Cruz, E. Monteiro and P. Simoes, Current and future trends in mobile device forensics, ACM Computing Surveys, vol. 51(3), article no. 46, 2018.
J. Camacho, K. Campos, P. Cedillo, B. Coronel and A. Bermeo, Forensic analysis of mobile devices: A systematic mapping study, in Information and Communication Technologies of Ecuador, M. Botto-Tobar, L. Barba-Maggi, J. Gonzalez-Huerta, P. Villacres-Cevallos, O. Gomez and M. Uvidia-Fassler (Eds.), Springer, Cham, Switzerland, pp. 57–72, 2018.
E. Casey and C. Rose, Forensic analysis, in Handbook of Digital Forensics and Investigation, E. Casey (Ed.), Elsevier, Burlington, Massachusetts, pp. 21–62, 2010.
European Parliament and Council, Regulation (EU) 2016/679, Official Journal of the European Union, vol. 59(L 119), pp. 1–88, 2016.
S. Garfinkel, Digital forensics research: The next 10 years, Digital Investigation, vol. 7(S), pp. S64–S73, 2010.
P. Goncalves, K. Dolovs, M. Stebner, A. Attenberger and H. Baier, Revisiting the Dataset Gap Problem – On Availability, Assessment and Perspectives of Mobile Forensic Corpora, Unpublished Manuscript, Cyber Defense Research Institute, Bundeswehr University, Munich, Germany, 2021.
C. Grajeda, F. Breitinger and I. Baggili, Availability of datasets for digital forensics – And what is missing, Digital Investigation, vol. 22(S), pp. S94–S105, 2017.
D. Lillis, B. Becker, T. O’Sullivan and M. Scanlon, Current challenges and future research areas for digital forensic investigations, Proceedings of the Eleventh Annual Conference on Digital Forensics, Security and Law, 2016.
X. Lin, Chapter 9: File carving, in Introductory Computer Forensics, Springer, Cham, Switzerland, pp. 211–233, 2018.
L. Luciano, I. Baggili, M. Topor, P. Casey and F. Breitinger, Digital forensics in the next five years, Proceedings of the Thirteenth International Conference on Availability, Reliability and Security, article no. 46, 2018.
M. Meuser and U. Nagel, The expert interview and changes in knowledge production, in Interviewing Experts, A. Bogner, B. Littig and W. Menz (Eds.), Palgrave Macmillan, London, United Kingdom, pp. 17–42, 2009.
A. Mylonas, V. Meletiadis, B. Tsoumas, L. Mitrou and D. Gritzalis, Smartphone forensics: A proactive investigation scheme for evidence acquisition, in Information Privacy and Research, D. Gritzalis, S. Furnell and M. Theoharidou (Eds.), Springer, Berlin Heidelberg, Germany, pp. 249–260, 2012.
D. Pawlaszczyk and C. Hummert, Making the invisible visible – Techniques for recovering deleted SQLite data records, International Journal of Cyber Forensics and Advanced Threat Investigations, vol. 1(1-3), pp. 27–41, 2021.
K. Woods, C. Lee, S. Garfinkel, D. Dittrich, A. Russell and K. Kearton, Creating realistic corpora for security and forensic education, Proceedings of the Sixth Annual Conference on Digital Forensics, Security and Law, 2011.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 IFIP International Federation for Information Processing
About this paper
Cite this paper
Goncalves, P., Attenberger, A., Baier, H. (2022). Smartphone Data Distributions and Requirements for Realistic Mobile Device Forensic Corpora. In: Peterson, G., Shenoi, S. (eds) Advances in Digital Forensics XVIII. DigitalForensics 2022. IFIP Advances in Information and Communication Technology, vol 653. Springer, Cham. https://doi.org/10.1007/978-3-031-10078-9_3
Download citation
DOI: https://doi.org/10.1007/978-3-031-10078-9_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-10077-2
Online ISBN: 978-3-031-10078-9
eBook Packages: Computer ScienceComputer Science (R0)
