Skip to Main content Skip to Navigation
Conference papers

Evaluating the Authenticity of Smartphone Evidence

Abstract : The widespread use and rich functionality of smartphones have made them valuable sources of digital evidence. Malicious individuals are becoming aware of the importance of digital evidence found on smartphones and may be interested in deploying anti-forensic techniques to alter evidence and thwart investigations. It is, therefore, important to establish the authenticity of smartphone evidence.This chapter focuses on digital evidence found on smartphones that has been created by smartphone applications and the techniques that can be used to establish the authenticity of the evidence. In order to establish the authenticity of the evidence, a better understanding of the normal or expected behavior of smartphone applications is required. This chapter introduces a new reference architecture for smartphone applications that models the components and the expected behavior of applications. Seven theories of normality are derived from the reference architecture that enable digital forensic professionals to evaluate the authenticity of smartphone evidence. An experiment conducted to examine the validity of the theories of normality indicates that the theories can assist forensic professionals in identifying authentic smartphone evidence.
Document type :
Conference papers
Complete list of metadata

Cited literature [29 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Friday, February 23, 2018 - 3:50:54 PM
Last modification on : Sunday, November 22, 2020 - 12:52:02 PM
Long-term archiving on: : Friday, May 25, 2018 - 5:55:02 AM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Heloise Pieterse, Martin Olivier, Renier Heerden. Evaluating the Authenticity of Smartphone Evidence. 13th IFIP International Conference on Digital Forensics (DigitalForensics), Jan 2017, Orlando, FL, United States. pp.41-61, ⟨10.1007/978-3-319-67208-3_3⟩. ⟨hal-01716408⟩



Record views


Files downloads