Incorporating Mobile Forensic Tools into a Comprehensive Toolkit (Nugget)
DOI:
https://doi.org/10.70619/vol5iss3pp20-29Keywords:
Mobile Forensics, Digital Investigations, Standardization, Nugget, InteroperabilityAbstract
Mobile devices have become an essential part of everyday life, playing a crucial role in various activities. Their widespread use provides digital forensic investigators with valuable insights when analyzing cases. Given the vast amount of data stored on mobile devices, their significance in digital forensic investigations has grown substantially. However, forensic investigators face major challenges due to the diversity of tools and lack of standardization in data representation. To address these challenges, Nugget a Domain-Specific Language (DSL) for digital forensics was developed. Nugget provides a structured approach to defining forensic computations while abstracting technical implementation details. It enables investigators to describe operations on digital evidence without needing to manage the underlying execution. Despite its benefits, Nugget initially lacked support for mobile forensic investigations. This study aimed to enhance Nugget’s capabilities by integrating mobile forensic tools and extending its language to support mobile data analysis. Widely accessible forensic tools that support command-line execution on Android and iOS platforms were selected for integration. The implementation involved expanding Nugget’s grammar, incorporating forensic tool outputs via RPC, and validating the framework using forensic corpora. Key findings show that the integration improved the interoperability of forensic tools, reduced inconsistencies in data handling, and enhanced investigative workflows. Comparative analysis with traditional approaches revealed increased accuracy and decreased processing time. This research successfully extended Nugget to support mobile forensic investigations, creating a unified and standardized framework for analyzing mobile data. The proposed solution not only addresses current gaps in forensic tool integration but also lays the groundwork for future enhancements, including greater automation and compatibility with additional tools.
References
Edgar, T. W. (2017). Research Methods for Cyber Security. Cell phone & email forensics investigation cracks NYC. Elsevier Inc. Forensicon Inc.
Fowler, M. (2010). Domain Specific Languages. Addison¬-Wesley Professional.
Garfinkel, S. (2012). Lessons learned writing digital forensics tools and managing a 30TB digital evidence corpus. Digital Investigation. The Proceedings of the Twelfth Annual DFRWS Conference.
Garfinkel, S. F. (2009). Bringing science to digital forensics with standardized forensic corpora. Digital Investigation, 6, S2–S11.
Kothari, C. R. (2004). Research methodology methods and techniques (2nd ed. New Age.
Levine, B. N. (2009).). DEX: Digital evidence provenance supporting re¬producibility and comparison. Digital Investigation,The Proceedings of the Ninth Annual DFRWS Conference.-6,-S48–S56-.
Lillis, D. B. (2016). Current Challenges and Fu¬.
Mikhaylov, I. &. (2016). Chip-¬off technique in mobile forensics.
Mikhaylov, I. &. (2016). Chip¬off technique in mobile forensics. from https://www.digitalforensics.com/blog/chip¬off¬technique¬ in¬mobile¬ forensics.
Murphy, C. A. (2011). Developing Process for Mobile Device Forensics.
Omondi, M. (February 3, 2019). Kenol ceo’s phone seized in insider trading probe.
Parr, T. (2014). The Pragmatic Programmers, LLC. The definitive ANTLR 4 reference.
Raghavan, S. (2013). Digital forensic research: Current state of the art. CSI Transactions.
Roussev, V. B. (2016). Digital forensic science: Issues, methods, and challenges. Morgan & Claypool: Retrieved from https: / / ieeexplore . ieee . org / document/7809443.
Skulkin, O. T. (2018). Learning Android Forensics (2nd ed.). Packt.
Stelly, C. &. (2018). Nugget: A digital forensics language. In DFRWS 2108.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Asengewe Aude Michèle, Dr. KN Jonathan
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
