ABSTRACT
The discipline of mobile forensics (MF) has undoubtedly shown significant growth during the past few years. Research has advanced from data acquisition techniques to evidence representation methodologies, advanced evidence parsing, and data analysis automation. As technology evolves and functionalities of mobile devices extend to other environments (cloud, Internet of Things, wearable devices, enterprise mobility management with bring your own device [BYOD] support), the probability of their involvement in crimes increases, with their portability and the data types they are storing being potential causes among others. Mobile devices nowadays serve multiple purposes simultaneously, varying from personal use to performance of business transactions, thus exchanging and saving big data quantities. Such a combination of data variety and quantity is rendering the extraction of conclusions during a forensic investigation more difficult than it used to be when mobile devices were not interoperating with many different environments.
In this chapter, we are proposing a high-level outline of a multivariate inference system consisting of mobile forensic data from various sources, such as the devices themselves, cloud services, and different sensors. We are using logical rules so as to combine different data features and reach conclusions based on real-life scenarios. Moreover, we are testing two different fuzzy system membership functions in order to define the more suitable for our system. To the best of our knowledge, this is the very first attempt toward the creation of a semi-automatic fuzzy inference system, which uses forensically acquired data. Previous automation attempts in the field are related to text clustering and classification of network attacks based on their severity and the number of network nodes involved. Neither binary nor text values are convenient for forensic data representation purposes. On the one hand, binary state representations are limited and cannot depict a situation at its whole. On the other hand, text-based solutions are semantics-associated, which, despite being useful, are out of the scope of this chapter and have been researched extensively. We are using the approach of assigning fuzzy values of different scaling to text variables with fixed values and then proceed to rule generation. The goal of the presented system is not to replace human expertise, but to facilitate investigations by acting as an experienced advisor, by using information to the maximum possible extent. Forensic data analysis upon post-criminal activity is actually an auditing procedure aiming to discover the guilty entities, by observing data usage patterns, which can be used as feed for detection methods in intrusion detection systems (IDSs) and serve for continuous performance improvement. However, this cooperation is not unidirectional. IDS logging also offers forensic mechanisms useful insights toward investigation discoveries.
