Study on Constructing Digital Evidence Forensics Standard Operating Procedures for Mobile Device - Extraction and Analysis of Digital Evidence on Smartphone

• Main Authors: Fang,Yen-Fei, 方彥霏
• Other Authors: Lin,I-Long
• Format: Others
• Language: zh-TW
• Published: 2016
• Online Access: http://ndltd.ncl.edu.tw/handle/qrh62j

碩士 === 國立宜蘭大學 === 多媒體網路通訊數位學習碩士在職專班 === 104 === As Internet technology improves, mobile communications protocols mature and intelligent diversification and the popularity of mobile phones, change the habits of people using their cell phones, cell phone is no longer a traditional phone, smart phone, you can use communications software to communicate, surf the Web page associated with the transaction and storage of personal information ( Such as photos, notes, etc ), It's like computer action. Convenience of mobile phones, making it dependent on deepening, even those tools of crime, smart phone as the computer there are a lot of electromagnetic records, these records are digital evidence forensic value. In view of this, traditional methods of forensic equipment and will not be enough to gather digital evidence in the mobile phone. About digital evidence, and selection and use of forensic tools, is the main professional and examiner must have basic knowledge. Digital evidence collection, analysis, extraction process, you must use the standard digital forensics process in order to enhance its credibility and effectiveness. According to the scholars of this study by Professor I-Lon Lin 's Digital Evidence Forensics Standard Operating Procedure (DEFSOP), To constructing Digital Evidence Forensics Standard Operating Procedure for Mobile Device (DEFSOP For Mobile Device ). With the ISO 27037:2012 and ISO 27041:2015 analysis than to verify DEFSOP Rigorous and availability through the example DEFSOP For Mobile Device integrity and effectiveness. Mobile phone forensics operations, data extraction has some software tools can be used, under the multiple tools of interaction uses, extract the necessary evidence is not a problem, more difficult question is how to properly manage all these digital evidence, its maximum effectiveness. This study selected forensics tool for Android provides the ADB and the Cellebrite UFED through digital evidence forensics software extraction, classification and identification of data availability and validity of cross-analysis, comparison of reducing crime facts. The results of this study contribute: First, this study suggests that the Digital Evidence Forensics Standard Operating Procedure for Mobile Device (DEFSOP For Mobile Device) prototype, and three real cases to prove the four stages theory concepts, phases of preparation, action and reporting, provides event investigation and forensics officers followed standard operating procedures. Second, this study used forensic tools ADB and UFED , Through the comparative analysis of the advantages and disadvantages, operation and presentation of results, provide event investigation forensic tools reference you can follow. Three, an event-handling standards, this paper studies the international funding ISO 27041:2015 and use Cellebrite UFED Forensic tool test for China's first research master's thesis.