Search papers, labs, and topics across Lattice.
This paper introduces MoLIFE, a novel methodology for Mobile Live Intelligent Forensics Examination that addresses the challenges posed by advanced data protection mechanisms in mobile devices. By integrating emerging technologies such as AI and blockchain, MoLIFE provides a framework for effective data acquisition and analysis while maintaining the integrity of evidence. A case study demonstrates its application in acquiring data from Android devices, highlighting its potential to enhance digital forensics practices in the face of evolving security threats.
MoLIFE redefines mobile forensics by enabling secure data acquisition without compromising evidence integrity, even in the face of stringent data protection measures.
Nowadays, mobile forensics is less explored in Digital Forensics case analysis due to the increase in data protection mechanisms implemented by tech companies (i.e., Google for Android and Apple for iOS). For example, the physical acquisition or analysis of specific directories under super-user protection would corrupt the evidence; access to such data is protected, and bypassing this protection requires either privilege escalation or custom ROM installation, leading to the modification of the device state. At the same time, the demand for mobile technologies and their respective communication systems is increasing exponentially, exposing numerous security threats and risks. For that reason, this paper presents a Mobile Live Intelligent Forensics Examination (MoLIFE), a novel Digital Forensics (DF) methodology for data acquisition and analysis of mobile devices. The proposed methodology is based on NIST SP800-101 for the DF process. MoLIFE can be integrated with new and emerging technologies by exploiting their power (e.g., AI, blockchain, quantum computing). MoLIFE can also be used to prevent cyber threats and incidents, as well as DF post-mortem analysis, offering examples of applying the MoLIFE methodology and good practices for the future. To prove the technical feasibility of the methodology, a small case study on Android devices data acquisition via the mDT will be presented. As the methodology is based on new and emerging technologies, it depends on their limitations that would be overcome in a few years.