Integrated examination and analysis model for improving mobile cloud forensic investigation
Advanced forensic techniques become inevitable to investigate the malicious activities in Cloud-based Mobile Applications (CMA). It is challenging to analyse the casespecific evidential artifact from the Mobile Cloud Computing (MCC) environment under forensically sound conditions. The Mobile Cloud I...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English English |
| Published: |
2022
|
| Subjects: | |
| Online Access: | https://etd.uum.edu.my/10209/1/s902016_01.pdf https://etd.uum.edu.my/10209/2/s902016_02.pdf https://etd.uum.edu.my/10209/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my.uum.etd.10209 |
|---|---|
| record_format |
eprints |
| spelling |
my.uum.etd.102092023-01-11T00:20:46Z https://etd.uum.edu.my/10209/ Integrated examination and analysis model for improving mobile cloud forensic investigation Alnajjar, Ibrahim Ali Mohammad QA299.6-433 Analysis Advanced forensic techniques become inevitable to investigate the malicious activities in Cloud-based Mobile Applications (CMA). It is challenging to analyse the casespecific evidential artifact from the Mobile Cloud Computing (MCC) environment under forensically sound conditions. The Mobile Cloud Investigation (MCI) encounters many research issues in tracing and fine-tuning the relevant evidential artifacts from the MCC environment. This research proposes an integrated Examination and Analysis (EA) model for a generalised application architecture of CMA deployable on the public cloud to trace the case-specific evidential artifacts. The proposed model effectively validates MCI and enhances the accuracy and speed of the investigation. In this context, proposing Forensic Examination and Analysis Methodology using Data mining (FED) and Forensic Examination and analysis methodology using Data mining and Optimization (FEDO) models address these issues. The FED incorporates key sub-phases such as timeline analysis, hash filtering, data carving, and data transformation to filter out case-specific artifacts. The Long Short-Term Memory (LSTM) assisted forensic methodology decides the amount of potential information to be retained for further investigation and categorizes the forensic evidential artifacts for the relevancy of the crime event. Finally, the FED model constructs the forensic evidence taxonomy and maintains the precision and recall above 85% for effective decision-making. FEDO facilitates cloud evidence by examining the key features and indexing the evidence. The FEDO incorporates several sub-phases to precisely handle the evidence, such as evidence indexing, crossreferencing, and keyword searching. It analyses the temporal and geographic information and performs cross-referencing to fine-tune the evidence towards the casespecific evidence. FEDO models the Linearly Decreasing Weight (LDW) strategy based Particle Swarm Optimization (PSO) algorithm on the case-specific evidence to improve the searching capability of the investigation across the massive MCC environment. FEDO delivers the evidence tracing rate at 90%, and thus the integrated EA ensures improved MCI performance. 2022 Thesis NonPeerReviewed text en https://etd.uum.edu.my/10209/1/s902016_01.pdf text en https://etd.uum.edu.my/10209/2/s902016_02.pdf Alnajjar, Ibrahim Ali Mohammad (2022) Integrated examination and analysis model for improving mobile cloud forensic investigation. Doctoral thesis, Universiti Utara Malaysia. |
| institution |
Universiti Utara Malaysia |
| building |
UUM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Utara Malaysia |
| content_source |
UUM Electronic Theses |
| url_provider |
http://etd.uum.edu.my/ |
| language |
English English |
| topic |
QA299.6-433 Analysis |
| spellingShingle |
QA299.6-433 Analysis Alnajjar, Ibrahim Ali Mohammad Integrated examination and analysis model for improving mobile cloud forensic investigation |
| description |
Advanced forensic techniques become inevitable to investigate the malicious activities in Cloud-based Mobile Applications (CMA). It is challenging to analyse the casespecific evidential artifact from the Mobile Cloud Computing (MCC) environment under forensically sound conditions. The Mobile Cloud Investigation (MCI) encounters many research issues in tracing and fine-tuning the relevant evidential artifacts from the MCC environment. This research proposes an integrated Examination and Analysis (EA) model for a generalised application architecture of CMA deployable on the public cloud to trace the case-specific evidential artifacts. The proposed model effectively validates MCI and enhances the accuracy and speed of the investigation. In this context, proposing Forensic Examination and Analysis Methodology using Data mining (FED) and Forensic Examination and analysis methodology using Data mining and Optimization (FEDO) models address these issues. The FED incorporates key sub-phases such as timeline analysis, hash filtering,
data carving, and data transformation to filter out case-specific artifacts. The Long Short-Term Memory (LSTM) assisted forensic methodology decides the amount of potential information to be retained for further investigation and categorizes the forensic evidential artifacts for the relevancy of the crime event. Finally, the FED model constructs the forensic evidence taxonomy and maintains the precision and recall above 85% for effective decision-making. FEDO facilitates cloud evidence by examining the key features and indexing the evidence. The FEDO incorporates several sub-phases to precisely handle the evidence, such as evidence indexing, crossreferencing, and keyword searching. It analyses the temporal and geographic information and performs cross-referencing to fine-tune the evidence towards the casespecific evidence. FEDO models the Linearly Decreasing Weight (LDW) strategy based Particle Swarm Optimization (PSO) algorithm on the case-specific evidence to improve the searching capability of the investigation across the massive MCC environment. FEDO delivers the evidence tracing rate at 90%, and thus the integrated EA ensures improved MCI performance. |
| format |
Thesis |
| author |
Alnajjar, Ibrahim Ali Mohammad |
| author_facet |
Alnajjar, Ibrahim Ali Mohammad |
| author_sort |
Alnajjar, Ibrahim Ali Mohammad |
| title |
Integrated examination and analysis model for improving mobile cloud forensic investigation |
| title_short |
Integrated examination and analysis model for improving mobile cloud forensic investigation |
| title_full |
Integrated examination and analysis model for improving mobile cloud forensic investigation |
| title_fullStr |
Integrated examination and analysis model for improving mobile cloud forensic investigation |
| title_full_unstemmed |
Integrated examination and analysis model for improving mobile cloud forensic investigation |
| title_sort |
integrated examination and analysis model for improving mobile cloud forensic investigation |
| publishDate |
2022 |
| url |
https://etd.uum.edu.my/10209/1/s902016_01.pdf https://etd.uum.edu.my/10209/2/s902016_02.pdf https://etd.uum.edu.my/10209/ |
| _version_ |
1755875153048240128 |
| score |
13.211869 |