assignment : Research Proposal Question: Propose a research about mobile forensic ( Mobile apps watcher – rating of trustworthiness level based on profile of the authors, company, Operating Systems,...

Table of Contents
2Project Objective
2Project Summary
5Literature review
5Introduction
6Mobile Device Forensic
8Storage
9Types of Evidences
10iPhone
11Environments
12Android
14Application framework
15Mobile app watcher
16Extraction tools
20Research Methodology
20Introduction
21Research design
26Limitations
26Conclusion
26Benefits of the Project
26Socio-economic
29Works Cited
Project Objective
The research aims at investigating mobile forensic for mobile app watcher. The paper will find check for validity of trustable reviews done by mobile app watcher. It will not based on app analytics field. It will be rather based on the ease of extracting of data stored on mobile device. Mobile app watcher rate mobile device apps on the basis of mobile’s capability to store data as securely as possible. This means extraction tool will need to sharp enough to retrieve data in unaltered form. Hence, our analysis is based on the capability of data extraction tools.
Project Summary
Mobile forensics is a fairly new field in the area of digital forensics. Being a new field, there hasn't been much development in this respect. At the same time, the world of mobile phones is moving at an increasing speed and the technology powering this is changing its face every rapidly. Be it a phone call, sms, text messaging, conference call or any other related forms of communication mobile phones have positioned themselves as one of the best devices for communication.
In fact with the oncoming of a new sub-category of mobile phones which are Smartphones, the technological life cycle has further shortened. Since the advent of Smartphones such as iPhone and Android, the usage of phones have plunged beyond than what they were initially designed to do. Most of these phones can perform functions identical to a computer such as internet browsing, email communications, word processing and are extendible in functionality just like the computers by installing over a hundreds of thousands of applications which are available for them, known more commonly as “Apps”. This makes the investigation process even more challenging when it comes to mobile devices.
Owing to the fact that phones are becoming a default and a necessary tool that is carried by most of the individuals in the world and the growing affinity towards these devices in performing various day to day tasks, it tends to carry a lot of information about an individual. Since over a period of time mobile phones can carry a lot of potential information about the owner of the phone, it can become the prima facie evidence in criminal cases. Hence it has given rise to a new field in Digital Forensics called “Mobile device Forensics” Mobile device forensics is nothing but study of tools and procedures to enable recovery of evidences from mobile devices in forensically sound conditions. Mobile devices can carry a variety of information which is personal to the individual such as contacts, photos, calendars and reminders, notes, schedules, videos, emails, message logs, location history, social networking messages, web browsing information, contacts etc. Mobile devices can include a variety of things under the term such as Smartphones, Cellphones, Tablets and PDA’s. However we will use the term specifically for Smartphones in this research paper.
Compared to a computer, forensic investigation of a mobile phone is much more complex and at the same time, the tools and technologies available for it are at a nascent stage. Also, the rate at which the sales of smartphones are growing, it would eventually overthrow the cellphone and thereafter very soon cellphones would cease to exist.  In this report, we’ll be majorly focusing on the smartphones as its next evolution of a mobile phone and it’s both challenging and particularly interesting compared to a regular cellphone. The report would give an overview about the two of the most popular smartphones in use today which are iPhone and Android. It would explain both of their system architecture. Thereafter it would explain the types of evidences which can be recovered from a Smartphone.
Then we, defined “mobile app watcher”. It is not related to web analytics in anyway. It analyzes apps and give “trustworthy” rating to them. Our research will establish a relationship between mobile app watcher field and mobile forensic. We shall see how a small “data” term is the most important information stored on the mobile and being used by mobile app watcher as a basis of rating to the mobile apps and devices. But to analyze it, data is to be extracted first.
The report would also explain the most common data acquisition tools and give a functional overview of them explaining what kind of data each of the tools can acquire.
Thereafter report explains the five different types of data acquisition methods which are Manual method, logical method involving software tools, and then three physical data acquisition methods which are Micro-chip, Hex Dump and NAND Flash. The manual and logical methods are not forensically sound data acquisition technique while other methods are highly technical in nature requiring a forensic investigator to have a thorough understanding of mobile hardware. Given that nearly 86% percent of the population is owning a cellphone and many of these are Smartphone owners who are growing exponentially, the area of mobile forensics can no longer be the underdog of digital forensics. It would sooner or later grow into more importance than digital forensics concerning computers since the affinity towards Smartphones are growing, the smartphones would tend to carry more personal data than their personal computer such as SMS, Instant Messages, Call logs, Social Networking Messages, Personal Notes and Browsing history making it more of an important piece of evidence in digital forensics.
Research Methodology section depicts the methodology chosen to carry out this research. It starts with discussion over why descriptive methodology was used. What benefits will it bring to the research. Then, the whole design process is defined. It starts with defining what type of data is required to be collected, from which device it is collected, why that particular device was chosen, how analysis is carried out.
In the end the whole research is concluded with the results.
Literature review
Introduction
In 1940s, computers used to be a size of huge rooms and consumed much power approximately equal to the several hundred modern personal computers (Penn Computing, 2010).  A mobile device can perform many functions like that of a personal computer. Smartphone is an emerging sub-category of Smartphone of mobile device. It is a hybrid structure of cellular phone and PDA (Portable Digital Assistant) (Mislan). The tasks performed by a Smartphone include: calling and SMS (Short Message Service). The usage of mobile phones are growing rapidly and it is increasingly becoming the default medium of communication for many people around the world. It is used by approximately 6 billion people or 86% of population globally wherein 1/6th of those people which is 1 billion have access to mobile internet.
Tasks include personal computer functions as well as such as: emailing, web browsing, music listening etc.
In this literature, we’ll review the mobile apps watcher for iPhone and Android. The structure of both the mobile devices will be studied. We have chosen these two mobile only because former permits only approved apps to work and latter is very lenient in this perspective. In this literature, several iPhone forensics topics will be reviewed. We will study what data can be extracted from an iPhone. Another area of data extraction will also be focused which is SIM (Subscriber Identity Module) cards because they form an important digital evidence. But forensic analysis of mobile devices is not an easy job. There are many challenges attached to a robust forensic examination associated with a mobile device. Extraction tools available have many limitations making it difficult to copy the data on mobile device while maintaining its integrity. We’ll be studying the timeline of iphone hardware and software technicalities since it was released in 2007. It is also worth mentioning that iPhone operates in multiple environments: physical environment, information system environment and end user environment.
Apple iPhone is a mobile device. It even got praised by Time Magazine as the invention of year (Grossman). It was invented by Steve Jobs. Being a Smartphone, iPhone not only store data but also transmits it wirelessly over wireless, 3G and Bluetooth.  Its hardware chipsets that supports cellular and wireless communication protocols.  There are many cellular network providers at every operating location. iPhone transmits data wirelessly to a cellular provider.
Mobile Device Forensic
(Glossary) gives a definition to mobile as - “A small computing device that is
easily portable and can be used in various environments”. Mobile devices have many sub-classifications which includes: PDAs, gaming console (handheld), GPS (Global Positioning System) navigations, eBook readers, cellphones, and smartphones. iPhone falls under Smartphone sub-classification.  (There are sub classifications. PDA. (Mislan) states “Essentially, a mobile device can do much of what a computer or laptop can do, just on a smaller scale”.  In the recent years, research on mobile devices forensics has emerged out as an important field as researchers understand the value of data stored on a mobile device. (Mislan) studied the type of evidence that can be recovered from a mobile device. We’ll study following type of evidences in this literature: call history, SMS, contacts and data found on a PDA which includes audio files. email and browsing history. iPhone stores data which can be used as digital evidence. Difficulty arises in getting a forensic copy of evidence which is stored on iPhone for carrying out analysis because of limitations lying in existing extraction tools. They could not get a logical copy of the data.  The base component of  a Smartphone used for cellular communication is the SIM card. Though many analyses have already been done on SIM card but it still forms a relevant piece of evidence in iPhone forensic research. cellular communication. (Casadei) studied a forensic tool for examining SIM cards known as SIMbrush. He also outlined what type of evidence can be extracted from a SIM card as well as studied on limitations of SIM card forensics.
Forensic examiners trying to extract digital evidence from a mobile device often faces big challenges. These challenges occur because of the difference in making of mobile device.  “The cumulative experience of building several prototypes leads us to believe that mobile devices in the future will continue to integrate more function and cost less” (Narayanaswami, 2005). When a forensic analysis of desktop or a laptop is done, hard disk can be retrieved/removed from the system easily which does not happen in case of mobile devices. This is so because the storage components are soldered to the logic board. Then it becomes a difficult job to physically remove these components while maintaining the integrity of retrieving evidence. Now, since they cannot be removed, need to another extraction tool arises.  A forensic copy of device’s internal flash memory could be made on a removable storage if mobile device possesses a removable media (G. Me, 2008).
Storage
Manufacturers make mobile devices so that hardware components can be fit in a small space. Hardware is placed tightly, which means more difficulty in removing them. Personal computers and mobile devices have a huge difference in storing the data. former uses a magnetic hard disk as it is cost-effective. But modern mobile devices do not it as they contain moving parts which can cause damage if falls down. Internal flash memory uses a floating gate of transistor for storing data. This is done by storing electrical changes in floating gate of the transistor (Marcel Breeuwsma)  Seeing this, we can say solid storage is required for mobile devces as it doesn’t include moving parts.
Maintaining Integrity
Many different techniques are available in maintaining the integrity while extracting data from a mobile device. (C. Malinowski, 2007) studied about the analysis of best practices associated with maintenance of data’s integrity. His analysis is not limited to mobile devices, still they are valid.  Hash value calculation is valid only when the extraction method does not make any change to input data .
(Danker, 2009) states, “Minimal research has been performed on how mobile phones forensic tools report hash values for individual objects”. (Danker, 2009) found that MMS message hash value changes when it is transmitted. Dankel performed another test to prove that hash values do change. He followed a simple but effective methodology. It contains two steps: In first step initial MD5 (Message Digest) value of file was calculated. then the file was transmitted over the transmission medium and then again MD5 value was calculated to see whether it has changed.
There is one more investigation which finds it difficult to implement on mobile device is disk imaging. (Ridder, 2009) studied the risks associated with imaging softwares. They allow someone to hide data which one does not want examiner to notice. Hence, Forensic tools should be tested prior to use.
Types of Evidences
In Mobile device forensics, the data which is extracted from...