Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

A Practical Hands-on Approach to Database ForensicsDatabase Forensics for Analyzing Data Loss in Delayed Extraction Cases

A Practical Hands-on Approach to Database Forensics: Database Forensics for Analyzing Data Loss... [This chapter focusses on the examination of seized iPhones for the data loss when the extraction is delayed. For law enforcement today, very few crimes are committed without having some nexus to a mobile device, and as such, mobile devices play a critical evidentiary role for investigations. More recently, law enforcement digital forensic labs have had the ability to purchase advanced digital forensic solutions that support accessing and extracting data from locked devices. When an iPhone has been left idle for a period of time, and the user is not interacting with the device, the phone will enter a state of clean up or vacuuming. This chapter presents multiple extractions from different locked After-First-Unlock (AFU) iPhones. A comparative analysis of the data extractions from each device was conducted to establish any reductions in the reported number of artifacts. When decreases were identified, the source database or file system storage location was examined in order to confirm the data loss. Additional timeline and log analysis also formed part of this analysis, in an effort to determine if a cause of the data loss could be identified.] http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png

A Practical Hands-on Approach to Database ForensicsDatabase Forensics for Analyzing Data Loss in Delayed Extraction Cases

Part of the Studies in Big Data Book Series (volume 116)
Moser, Katherine; Choo, Kim-Kwang Raymond; Le-Khac, Nhien-An
Springer Journals — Oct 22, 2022
Download PDF
57 pages

Loading next page...
 
/lp/springer-journals/a-practical-hands-on-approach-to-database-forensics-database-forensics-uMyirU7tKf
Publisher
Springer International Publishing
Copyright
© The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG 2022
ISBN
978-3-031-16126-1
Pages
175 –232
DOI
10.1007/978-3-031-16127-8_6
Publisher site
See Chapter on Publisher Site

Abstract

[This chapter focusses on the examination of seized iPhones for the data loss when the extraction is delayed. For law enforcement today, very few crimes are committed without having some nexus to a mobile device, and as such, mobile devices play a critical evidentiary role for investigations. More recently, law enforcement digital forensic labs have had the ability to purchase advanced digital forensic solutions that support accessing and extracting data from locked devices. When an iPhone has been left idle for a period of time, and the user is not interacting with the device, the phone will enter a state of clean up or vacuuming. This chapter presents multiple extractions from different locked After-First-Unlock (AFU) iPhones. A comparative analysis of the data extractions from each device was conducted to establish any reductions in the reported number of artifacts. When decreases were identified, the source database or file system storage location was examined in order to confirm the data loss. Additional timeline and log analysis also formed part of this analysis, in an effort to determine if a cause of the data loss could be identified.]

Published: Oct 22, 2022

There are no references for this article.