Efficient Evidence Reduction Technique for Mobile Forensics based on Digital Evidence Object (DEO) Model

Arif Rahman Hakim; Lisa Saputri

doi:10.52436/1.jutif.2025.6.4.4999

Authors

Arif Rahman Hakim Rekayasa Keamanan Siber, Politeknik Siber dan Sandi Negara, Indonesia
Lisa Saputri Badan Siber dan Sandi Negara, Indonesia

DOI:

https://doi.org/10.52436/1.jutif.2025.6.4.4999

Keywords:

Android, DEO Model, Digital Evidence, Digital Investigation, Mobile Forensics

Abstract

The Android operating system (OS) is currently the most widely used platform on smartphones, making it a critical source of digital evidence in cybercrime investigations. With its vast array of applications and features, Android OS generates and stores a significant amount of data, much of which may be relevant to criminal activities. Mobile forensics plays a crucial role in identifying and analyzing this information to produce scientifically valid evidence. However, the process of acquiring and examining data from a smartphone’s internal storage typically results in large and complex datasets that can hinder timely forensic analysis. To address this challenge, this paper proposes the implementation of the DEO Model using Python to reduce the volume of digital evidence obtained from Android-based smartphones. The DEO Model employs a structured filtering approach, narrowing the dataset to only those objects relevant to a predefined scenario. This is achieved by applying DEO parameters based on the 5W category theory (Why, When, Where, What, Who), resulting in an optimal and focused dataset. The findings demonstrate that the Python-based DEO Model significantly accelerates the mobile forensic process, and effectively reduces dataset size while both maintaining the evidence integrity and the scenario relevance. The model achieves a very low False Positive Rate (FPR) of 0,00072, indicating a minimal risk of mismatches during the object reduction process. Therefore, the findings confirm the validity and accuracy of the digital evidence obtained. This research highlights the potential of the Python-based DEO Model to enhance the efficiency of forensic investigations on Android smartphones.

Downloads

Download data is not yet available.

References

D. Kim and S. Lee, “Study of identifying and managing the potential evidence for effective Android forensics,” Forensic Sci. Int. Digit. Investig., vol. 33, p. 200897, Jun. 2020, doi: 10.1016/j.fsidi.2019.200897.

H. Alatawi, K. Alenazi, S. Alshehri, S. Alshamakhi, M. Mustafa, and A. Aljaedi, “Mobile forensics: A review,” presented at the 2020 International Conference on Computing and Information Technology (ICCIT-1441), IEEE, 2020, pp. 1–6.

C. M. da Silveira et al., “Methodology for forensics data reconstruction on mobile devices with android operating system applying in-system programming and combination firmware,” Appl. Sci., vol. 10, no. 12, p. 4231, 2020.

C. Anglano, M. Canonico, and M. Guazzone, “The android forensics automator (anfora): A tool for the automated forensic analysis of android applications,” Comput. Secur., vol. 88, p. 101650, 2020.

X. Zhao, “Survey: The Evolution and Future of Android Software Development,” vol. 1, no. 1, 2024, doi: 10.71080/dlpr.v1i1.64.

C. Vaishali, V. Thirumalaiswamy, and M. Thillaichidambaram, “Introduction to Digital Forensics,” in AI and Emerging Technologies, CRC Press, 2025, pp. 27–35.

M. Moreb, S. Salah, and B. Amro, “A novel framework for mobile forensics investigation process,” Int. J. Comput. Digit. Syst., vol. 16, no. 1, pp. 125–136, 2024.

T. Sutikno, “Mobile forensics tools and techniques for digital crime investigation: a comprehensive review,” Int. J. Inform. Commun. Technol., vol. 13, no. 2, p. 321, 2024, doi: 10.11591/ijict.v13i2.pp321-332.

M. Al-Fayoumi, M. Al-Fawa’reh, Q. A. Al-Haija, and A. Alakailah, “Towards Detecting Digital Criminal Activities Using File System Analysis,” in Proceedings of Data Analytics and Management, A. Swaroop, Z. Polkowski, S. D. Correia, and B. Virdee, Eds., Singapore: Springer Nature Singapore, 2024, pp. 531–550.

A. Almuqren, H. Alsuwaelim, M. H. Rahman, and A. A. Ibrahim, “A Systematic Literature Review on Digital Forensic Investigation on Android Devices,” Procedia Comput. Sci., vol. 235, pp. 1332–1352, 2024.

R. Ayers, W. Jansen, and S. Brothers, “Guidelines on mobile device forensics (NIST Special Publication 800-101 Revision 1),” NIST Spec Publ, vol. 1, no. 1, p. 85, 2014.

M. R. Setyawan, “Perbandingan Tools Forensik Dalam Analisis Bukti Digital Pada Aplikasi Skype Menggunakan Framework NIST,” J. Mahajana Inf., vol. 8, no. 2, pp. 80–88, 2023, doi: 10.51544/jurnalmi.v8i2.4580.

S. Grigaliunas, J. Toldinas, A. Venckauskas, N. Morkevicius, and R. Damaševičius, “Digital evidence object Model for situation awareness and decision making in digital forensics investigation,” IEEE Intell. Syst., vol. 36, no. 5, pp. 39–48, 2020.

Š. Grigaliūnas and J. Toldinas, “Habits attribution and digital evidence object Models based tool for cybercrime investigation,” Balt. J. Mod. Comput., vol. 8, no. 2, pp. 275–292, 2020.

A. M. Wazarkar, “Python: A Quintessential approach towards Data Science,” Int. J. Res. Appl. Sci. Eng. Technol., vol. 9, pp. 3018–3024, 2021, doi: 10.22214/IJRASET.2021.35683.

M. A. Kabir and M. Ahmed, “Python for Data Analytics: A Systematic Literature Review of Tools, Techniques, and Applications,” Acad. J. Sci. Technol. Eng. Math. Educ., vol. 4, no. 04, pp. 10–69593, 2024.

N. Kishore and P. Raina, “Digital Forensics in Mobile Phones: An Overview of Data Acquisition Techniques and its Challenges,” pp. 108–125, 2024, doi: 10.2174/9789815238990124010010.

H. H. Lwin, W. P. Aung, and K. K. Lin, “Comparative Analysis of Android Mobile Forensics Tools,” 2020, doi: 10.1109/ICCA49400.2020.9022838.

J. Fonseca-Bustos, K. A. Ramírez-Gutiérrez, and C. Feregrino-Uribe, “A robust self-supervised image hashing method for content identification with forensic detection of content-preserving manipulations.,” Neural Netw., vol. 177, p. 106357, 2024, doi: 10.1016/j.neunet.2024.106357.

M. Farnan, J. Pratt, and M. Shakiba, “Digital Forensic Tools: Comparison of Autopsy TSK and Forensic Explorer,” pp. 1–5, 2024, doi: 10.1109/iciteics61368.2024.10625076.

A. K. Singh and O. P. Rai, “Exploring the role of forensic science in modern law enforcement: Challenges and opportunities,” Int. J. Crim. Common Statut. Law, vol. 4, no. 1, pp. 122–126, 2024, doi: 10.22271/27899497.2024.v4.i1b.75.

J. Mau, “Category theory for structural characterization,” pp. 15–44, 2024, doi: 10.1515/9783111341996-003.

K. A. Lakshmi, P. B. Honnavali, and S. Rajashree, “Ensure the Validity of Forensic Evidence by Using a Hash Function,” Springer, Singapore, 2021, pp. 341–346. doi: 10.1007/978-981-15-7345-3_28.

A. Harika, P. Sharma, K. Aravinda, A. Nagpal, Praveen, and A. Albawi, “Efficient Data Sampling and Reduction Methods in Large-Scale Forensic Analysis,” pp. 1–7, 2024, doi: 10.1109/otcon60325.2024.10687910.

N. Richetelli, L. Hammer, and J. A. Speir, “Forensic Footwear Reliability: Part III-Positive Predictive Value, Error Rates, and Inter-Rater Reliability.,” J. Forensic Sci., vol. 65, no. 6, pp. 1883–1893, 2020, doi: 10.1111/1556-4029.14552.