An overall assessment of Mobile Internal Acquisition Tool

The smartphone market provides a great variety of manufacturers and models causing a strong (and mandatory) heterogeneity of the hardware tools adopted to retrieve smartphone contents in a forensically sound way. Thus, in order to lighten the burden for already overtaxed police operators, with possible increase of forensics productivity, we already identified, in a previous work, a new Mobile Equipment (ME) acquisition paradigm. In fact, it's possible to avoid the practical problems related to the USB/mobile phone plug heterogeneity, currently used by the mobile forensics tools, through the use of the MMC/SD slot, part of the hardware equipment of the target ME. This solution overcomes the problems related to the acquisition through the cables, simply relying on a piece of software installed stored into the SD/MMC. The contribution of this paper enriches the methodology already presented by the authors and presents some fundamental properties of the Mobile Internal Acquisition Tool (MIAT) in order to assess the performance with respect to the state of the art of the mobile forensics tools. The results of the assessment encourage the adoption of this tool, since integrity, performances and operational methodology mostly overall benefit from this approach, while, in the worst case, remain at the same level of the state of the art COTS. Finally, this tool, intended to be released under an Open Source license, proposes the paradigm where the acquisition source code is in the public domain, while the analysis and presentation are left to self-made/proprietary tools.