Evaluating factors responsible for inconsistencies in mobile devices digital forensic evidence extraction process model

Abstract

The proliferation of mobile devices has revolutionized life in the 21 st century ranging from the way people socialize to the modes of doing business. Mobile devices contain substantial amounts of private data that in event of crime or security investigations when adduced before any court of law can aid in resolving a number of undetermined causes. However, mobile digital forensics research is still faced with several challenges. Most existing mobile devices digital forensic evidence extraction models are vendor-specific and thus anchored on specific device platforms such as Android, Windows, Apple iOS, and Blackberry. Additionally, these models contain various process inconsistencies and lack specified technical documentation. Further, the growing demand for mobile devices and crime-related occurrences affecting them has strained and exposed the existing models. A number of questions thus remain unanswered into the factors responsible for these inconsistencies and the lack of a unified model that can be applied across these four operating system platforms. A mixed-method approach involving a survey was used in this study where respondents were drawn from ICT practitioners, law enforcement agencies, researchers and the business community. This study highlights several factors that contribute to digital evidence extraction process model inconsistencies which include policy, extraction methods, nature of data, device type, data type, and extraction tools among others. The study proposes systematic documentation of every step followed during evidence extraction from mobile devices so as to avert the inconsistencies.