U.S. flag

An official website of the United States government, Department of Justice.

Targeted Forensic Data Extraction from Mobile Devices (TFDEMD)

NCJ Number
300697
Date Published
December 2019
Length
74 pages
Author(s)
Sudhir Aggarwal; Tathagata Mukherjee; Umit Karabiyik; Hong Mei Chi
Agencies
NIJ
Annotation

This is the Final Report of a project that developed three software systems that facilitate the selective extraction of data from iOS and Android Smartphones.

Abstract

The first 2 years of the project were spent developing the prototype system for selective data extraction from mobile phones (TDES Version 3.5). The third year of the project focused on the development of a variation of the TDES system to support law enforcement agencies in collecting relevant data after a mass incident (TDES-MI Version 1.0). The third year was spent in extension work that developed an iOS Schema Evolution Analysis System (SEAS Version 1.0) designed to support third-party iOS developers in understanding changes in the iOS database schemas for native application and to assist in needed code changes when Apple updates/upgrades the iOS versions. This report includes user manuals for TDES (Android and iOS) and TDES-MI). The TDES system’s primary objective is to capture from mobile phones only what is needed for a forensic investigation. Part of the screening and marking phase supports bookmarking of the data so that only relevant data are extracted. Hashing is supported to ensure that data are not changed during the export process. To provide supporting evidence that processes only do what is intended, the project has been developing logging capabilities for the system to provide an evidentiary trail regarding what the system does step-by-step. As part of preparing for a trial in which the data are presented, a detailed report is provided for the investigator regarding all the data collected. 14 figures

Date Created: April 15, 2021