Theses and Dissertations

Issuing Body

Mississippi State University

Advisor

Dampier, David A.

Committee Member

Vaughn, Rayford

Committee Member

Swan, J. Edward, II

Committee Member

Dandass, Yoginder

Date of Degree

12-15-2012

Document Type

Dissertation - Open Access

Major

Computer Science

Degree Name

Doctor of Philosophy

College

James Worth Bagley College of Engineering

Department

Department of Computer Science and Engineering

Abstract

A properly conducted forensic examination is one of the most fundamental aspects of a digital investigation. Examiners are obligated to obtain the skills necessary to use forensic tools and methodologies and rely on sound judgment when analyzing a digital device. Anytime during this process, the quality of the methods, skills, and expertise of the examiner may be challenged, thus, placing the forensic value of the evidence collected during the process in jeopardy. In order to combat the potential challenges posed as a result of the forensic examination process, the digital forensics community must ensure that suitable protocols are used throughout the analysis process. Currently, there is no standard methodology forensic examiners use to analyze a digital device. Examiners have made use of a model derived from the Digital Forensic Research Workshop in 2001 and the application of ad-hoc techniques has become routine. While these approaches may reveal potential data of evidentiary value when applying them to digital devices, their core purpose specifically involves the analysis of computers. It is not clear how effective these methods have been when examining other digital technologies, in particular Small Scale Digital Devices (SSDDs). Due to these mitigating factors, it is critical to develop standard scientifically sound methodologies in the area of digital forensics that allow us to evaluate various digital technologies while considering their distinctive characteristics. This research addresses these issues by introducing the concept of an extendable forensic process model applicable to smartphones regardless of platform. The model has been developed using the property of invariance to construct a core components list which serves as the foundation of the proposed methodology. This dissertation provides a description of the forensic process, the models currently used, the developed model, and experiments to show its usefulness.

URI

https://hdl.handle.net/11668/18981

Download

Share

COinS