Mobile forensic triage for damaged phones using M_Triage
Mobile forensics triage is a useful technique in a digital forensics investigation for recovering lost or purposely deleted and hidden files from digital storage. It is particularly useful, especially when solving a very sensitive crime, for example, kidnapping, in a timely manner. However, the exis...
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English English |
| Published: |
2016
|
| Subjects: | |
| Online Access: | http://eprints.uthm.edu.my/814/ http://eprints.uthm.edu.my/814/1/24p%20YUSOOF%20MOHAMMED%20HASHEEM.pdf http://eprints.uthm.edu.my/814/2/YUSOOF%20MOHAMMED%20HASHEEM%20WATERMARK.pdf |
| _version_ | 1848887300914675712 |
|---|---|
| author | Mohammed Hasheem, Yusoof |
| author_facet | Mohammed Hasheem, Yusoof |
| author_sort | Mohammed Hasheem, Yusoof |
| building | UTHM Institutional Repository |
| collection | Online Access |
| description | Mobile forensics triage is a useful technique in a digital forensics investigation for recovering lost or purposely deleted and hidden files from digital storage. It is particularly useful, especially when solving a very sensitive crime, for example, kidnapping, in a timely manner. However, the existing mobile forensics triage tools do not consider performing a triage examination on damaged mobile phones. This research addressed the issues of performing triage examination on damaged Android mobile phones and reduction of false positive result generated by the current mobile forensics triage tools. Furthermore, the research addressed the issues of ignoring possible evidence residing in a bad block memory location. In this research a new forensics triage tool called M_Triage was introduced by extending Decode’s framework to handle data retrieval challenges on damaged Android mobile phones. The tool was designed to obtain evidence quickly and accurately (i.e. valid address book, call logs, SMS, images, and, videos, etc.) on Android damaged mobile phones. The tool was developed using C#, while back end engines was done using C programming and tested using five data sets. Based on the computational time processing comparison with Dec0de, Lifter, XRY and Xaver, the result showed that there was 75% improvement over Dec0de, 36% over Lifter, 28% over XRY and finally 71% over Xaver. Again, based on the experiment done on five data sets, M_Triage was capable of carving valid address book, call logs, SMS, images and videos as compared to Dec0de, Lifter, XRY and Xaver. With the average improvement of 90% over DEC0DE, 30% over Lifter, 40% over XRY and lastly 61% over Xaver. This shows that M_Triage is a better tool to be used because it saves time, carve more relevant files and less false positive result are achieved with the tool. |
| first_indexed | 2025-11-15T19:52:12Z |
| format | Thesis |
| id | uthm-814 |
| institution | Universiti Tun Hussein Onn Malaysia |
| institution_category | Local University |
| language | English English |
| last_indexed | 2025-11-15T19:52:12Z |
| publishDate | 2016 |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | uthm-8142021-09-01T07:55:15Z http://eprints.uthm.edu.my/814/ Mobile forensic triage for damaged phones using M_Triage Mohammed Hasheem, Yusoof HV8073-8079.35 Investigation of crimes. Examination and identification of prisoners Mobile forensics triage is a useful technique in a digital forensics investigation for recovering lost or purposely deleted and hidden files from digital storage. It is particularly useful, especially when solving a very sensitive crime, for example, kidnapping, in a timely manner. However, the existing mobile forensics triage tools do not consider performing a triage examination on damaged mobile phones. This research addressed the issues of performing triage examination on damaged Android mobile phones and reduction of false positive result generated by the current mobile forensics triage tools. Furthermore, the research addressed the issues of ignoring possible evidence residing in a bad block memory location. In this research a new forensics triage tool called M_Triage was introduced by extending Decode’s framework to handle data retrieval challenges on damaged Android mobile phones. The tool was designed to obtain evidence quickly and accurately (i.e. valid address book, call logs, SMS, images, and, videos, etc.) on Android damaged mobile phones. The tool was developed using C#, while back end engines was done using C programming and tested using five data sets. Based on the computational time processing comparison with Dec0de, Lifter, XRY and Xaver, the result showed that there was 75% improvement over Dec0de, 36% over Lifter, 28% over XRY and finally 71% over Xaver. Again, based on the experiment done on five data sets, M_Triage was capable of carving valid address book, call logs, SMS, images and videos as compared to Dec0de, Lifter, XRY and Xaver. With the average improvement of 90% over DEC0DE, 30% over Lifter, 40% over XRY and lastly 61% over Xaver. This shows that M_Triage is a better tool to be used because it saves time, carve more relevant files and less false positive result are achieved with the tool. 2016-07 Thesis NonPeerReviewed text en http://eprints.uthm.edu.my/814/1/24p%20YUSOOF%20MOHAMMED%20HASHEEM.pdf text en http://eprints.uthm.edu.my/814/2/YUSOOF%20MOHAMMED%20HASHEEM%20WATERMARK.pdf Mohammed Hasheem, Yusoof (2016) Mobile forensic triage for damaged phones using M_Triage. Doctoral thesis, Universiti Tun Hussein Onn Malaysia. |
| spellingShingle | HV8073-8079.35 Investigation of crimes. Examination and identification of prisoners Mohammed Hasheem, Yusoof Mobile forensic triage for damaged phones using M_Triage |
| title | Mobile forensic triage for damaged phones using M_Triage |
| title_full | Mobile forensic triage for damaged phones using M_Triage |
| title_fullStr | Mobile forensic triage for damaged phones using M_Triage |
| title_full_unstemmed | Mobile forensic triage for damaged phones using M_Triage |
| title_short | Mobile forensic triage for damaged phones using M_Triage |
| title_sort | mobile forensic triage for damaged phones using m_triage |
| topic | HV8073-8079.35 Investigation of crimes. Examination and identification of prisoners |
| url | http://eprints.uthm.edu.my/814/ http://eprints.uthm.edu.my/814/1/24p%20YUSOOF%20MOHAMMED%20HASHEEM.pdf http://eprints.uthm.edu.my/814/2/YUSOOF%20MOHAMMED%20HASHEEM%20WATERMARK.pdf |