Ontology-based forensic analysis of mobile devices

A critical part of investigating any digital device in digital forensics is the analysis phase. The analysis phase has been known to be a time-intensive process. The time required to analyze the data is mainly influenced by the volume of storage capacity as well as the complexity of data under investigation. Given that these two factors are at constant growth rates, the need for advanced forensic methods and tools to address these issues becomes crucial. The main contribution of this research is to design and develop a new framework which will assist the investigator to automatically analyze the content of a mobile device with a minimum human interaction. The adopted approach utilizes Ontologies as a form of knowledge representation for the mobile device domain. These Ontologies define fundamental concepts in that domain and the relations between them. By organizing the evidence objects that are extracted from mobile devices in such a model, a network of interconnected evidence objects is formed which will enhance the process of analyzing data and locating relevant evidence to the investigation.