Windows Phone 7: Implications for Digital Forensic Investigators

aut.embargoNoen_NZ
aut.thirdpc.containsNoen_NZ
aut.thirdpc.permissionNoen_NZ
aut.thirdpc.removedNoen_NZ
dc.contributor.advisorCusack, Brian
dc.contributor.authorLe, Yung
dc.date.accessioned2012-05-07T21:48:55Z
dc.date.available2012-05-07T21:48:55Z
dc.date.copyright2012
dc.date.created2012
dc.date.issued2012
dc.date.updated2012-05-07T04:40:41Z
dc.description.abstractWindows Phone 7 (WP7) is the latest smart phone Operating System (OS) from Microsoft (MS) replacing the previous MS smart phone OS Windows Mobile (WM) 6.5. WP7 was redesigned completely and was not based on a previous version, unlike WM6 which was based on WM5 and so on. Because WP7 was redesigned and not based on WM, WP7 has many differences compared with WM in terms of underlying hardware and software as well as the user interface and how the phone communicates with a PC. Much research has been done on WM forensics and as a result forensics tools and techniques for WM have been established. Due to the changes implemented in WP7, the established WM forensic tools and techniques may be unable to work with WP7. Literature on WM forensics and WP7 were reviewed and identified the compatibility of the WM forensic tools and techniques with WP7 was not known, and hence leaving a gap between the WM forensics literature and WP7. The research question of "What forensic data can be extracted from a WP7 phone using current tools and techniques used to extract forensic data from WM phones?" and a hypothesis was defined. A methodology was defined in order to conduct the research to answer the research question and test the hypothesis. The research was conducted in five phases. Phase one uses the literature review and the reviews of similar published studies to establish the current WM forensic tools and techniques, and what data can be extracted from a WM phone using the WM forensic tools and techniques. Phase two used the data extracted from the WM phone as a template to generate test data which was loaded onto a WP7 phone. Phase three applied the established WM forensic tools and techniques to the WP7 phone in order to extract the test data from the phone. Phase four compared the results of the data extracted from the WP7 phone with the data extracted from the WM phone. Phase five evaluated the compatibility of the WM forensic tools and techniques based on the results from Phase four. The research findings showed that of the WM forensic tools and techniques tested, only one tool was able to successfully acquire any data from the WP7 phone. However the data acquired from the WP7 phone is much less than what could be acquired from a WM phone using the same tool. The remaining WM forensic tools and techniques tested were either unable to acquire data from the WP7 phone or yielded inconclusive results. Based on the research findings, the majority of the WM forensic tools and techniques are not able to extract any data from WP7, and the WM forensic tool which can extract data from WP7 is able to extract much less data than from WMen_NZ
dc.identifier.urihttps://hdl.handle.net/10292/4123
dc.language.isoenen_NZ
dc.publisherAuckland University of Technology
dc.rights.accessrightsOpenAccess
dc.subjectWindows Phoneen_NZ
dc.subjectWP7en_NZ
dc.subjectWindows Phone forensicsen_NZ
dc.subjectWP7 forensicsen_NZ
dc.subjectWindows Mobileen_NZ
dc.subjectWindows Mobile forensicsen_NZ
dc.titleWindows Phone 7: Implications for Digital Forensic Investigatorsen_NZ
dc.typeThesis
thesis.degree.discipline
thesis.degree.grantorAuckland University of Technology
thesis.degree.levelMasters Theses
thesis.degree.nameMaster of Forensic Information Technologyen_NZ
Files
Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
LeY.pdf
Size:
2.59 MB
Format:
Adobe Portable Document Format
Description:
Whole thesis
License bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
license.txt
Size:
897 B
Format:
Item-specific license agreed upon to submission
Description:
Collections