This is the Final Report of a project that developed three software systems that facilitate the selective extraction of data from iOS and Android Smartphones.
The first 2 years of the project were spent developing the prototype system for selective data extraction from mobile phones (TDES Version 3.5). The third year of the project focused on the development of a variation of the TDES system to support law enforcement agencies in collecting relevant data after a mass incident (TDES-MI Version 1.0). The third year was spent in extension work that developed an iOS Schema Evolution Analysis System (SEAS Version 1.0) designed to support third-party iOS developers in understanding changes in the iOS database schemas for native application and to assist in needed code changes when Apple updates/upgrades the iOS versions. This report includes user manuals for TDES (Android and iOS) and TDES-MI). The TDES system’s primary objective is to capture from mobile phones only what is needed for a forensic investigation. Part of the screening and marking phase supports bookmarking of the data so that only relevant data are extracted. Hashing is supported to ensure that data are not changed during the export process. To provide supporting evidence that processes only do what is intended, the project has been developing logging capabilities for the system to provide an evidentiary trail regarding what the system does step-by-step. As part of preparing for a trial in which the data are presented, a detailed report is provided for the investigator regarding all the data collected. 14 figures