Mobile Forensics " triaging " : new directions for methodology

Over the past few years Mobile Forensics, the branc h of Digital Forensics that deals with gathering, retrieving, iden tifyi g, storing and documenting mobile phone’s evidence with probative value in cou rt, has become more and more specialized. Nowadays, specific extraction tools have been devel oped in order to acquire and store phone’s content and digital evidence, in comp liance with forensic methods. A new approach to Mobile Forensics could therefore tak advantage of mixing up features of the aforementioned extraction tools wit h capabilities of “Data Mining” and “Machine Learning” theory with the aim of defin ing a methodology to quickly analyze the extracted data and provide a classifica tion. This paper aims at explaining some interesting resu lts based on the Mobile Forensics “Triaging” concept and the adoption of self -knowledge classification algorithms for predicting and classifying device usage profiles (i.e. base, medium or expert). In order to give new perspectives to the actual wor k procedures of the Italian Police cybercrime unit, the adopted methodology has b een extensively discussed with specialists, aiming to find a viable methodology to identify the most interesting mobile devices from an investigative point of view by analyzing the device owner’s usage profile, a relevant parameter to consider during forensic i vestigations.