Forensic Triage of Mobile Devices

Ramsay, B. (2014). Forensic Triage of Mobile Devices (MSc ASDF Dissertation). Edinburgh Napier University (Buchanan, W., Macfarlane, R.).



Mobile phones are becoming more complicated and contain more data than ever before. With the amount of online activity now being attributed to mobile devices increasing each year it is becoming more likely that digital evidence found within criminal enquiries will be present on a mobile device than ever before. This situation has caused additional workload to already overworked Police Forensic Computer Units.
This thesis considers whether it is time to apply some of the research into device triage that has already been applied to computers and consider whether they can be used within the mobile platform domain. A number of triage systems were researched and a core set of functionality was suggested for inclusion within a proof of concept triage based tool.
A number of test platforms were considered and the Android operating system was chosen for development. The triage tool was then developed for this platform with the functionality that had been considered for inclusion.
Although a number of issues were uncovered during the implementation of this tool mainly in relation to the performance and resource limitations of the device. These limitations were mitigated or removed completely and a successful implementation of the tool was completed.
The tool was then tested using a number of real world based scenarios so that its performance could be evaluated properly.
The final tool did show that it was possible to develop a triage based tool that could be used on a mobile platform to discount or mark for inclusion devices based on user specified criteria. This tool was able to perform quite complicated computation even on these smaller devices.
