The involvement of mobile devices in many criminal incidents has prompted forensic investigators to value their evidential importance. It has also prompted researchers in digital forensic investigation to investigate new techniques that overcome the challenges posed during their forensic examination. The tight coupling between mobile devices and individuals, as well as the high computation capabilities and storage capacities of these devices have led to a great deal of personal data stored in a single location. In addition, the involvement of these devices in organized crime raises another serious challenge in the correlation of artifacts that are gathered from several mobile devices. From the latter challenge, new impediments have emerged that are particularly associated with the analysis phase of the forensic investigation process. One of these impediments is the large volume of data that needs to be analyzed. The fact that this data is gathered from several mobile devices makes the analysis more problematic, as the investigator could be overwhelmed with the amount of the available data. Moreover, the investigator must be characterized by being skillful in performing cross analysis between different artifacts from different mobile devices, which is a skill that requires many years of experience. Another impediment that results from the analysis of multiple mobile devices content is the diversity of their underlying operating systems which, in turn, leads to different ways of structuring the data. Therefore, adopting a method for performing analysis in one mobile device might not adapt properly with another. To overcome these challenges, performing automated forensic analysis is imperative. The system should facilitate an intelligent analysis environment by which the ability to identify relevant evidence from the vast irrelevant data becomes feasible. Therefore, in this dissertation, we explore techniques from the Semantic Web field and employ them in a system that assists the investigator in analyzing content acquired from mobile devices. The system utilizes a set of ontologies that model mobile devices contents. It identifies concepts from the content and establishes connections between these concepts via the relationships modeled in the ontologies. The result is interconnected evidence objects stored in a database called the knowledge base. To identify relevant evidence objects from the knowledge base, we utilize the initial information that is usually available about the investigation case. A reasoning service is proposed that makes use of the system's ontologies along with some defined reasoning rules to best utilize the initial information in this process. Furthermore, a more detailed analysis of the communication data between contacts of the examined mobile devices (which forms a network) is conducted. To achieve this, an algorithm is proposed that also utilizes the available initial information about some suspects to identify other important suspects in the network. Indexing Terms: Digital forensics, Forensic Analysis, Ontology, Reasoning.
| Date of Award | Dec 2015 |
|---|
| Original language | American English |
|---|
| Supervisor | Thomas Martin (Supervisor) |
|---|
- Digital forensics
- Forensic Analysis
- Ontology
- Reasoning.
Ontological Modeling of Mobile Device
Content for Digital Forensics Analysis
Alzaabi, M. (Author). Dec 2015
Student thesis: Doctoral Thesis