FAP

Abstract

The forensic investigation of data stored on mobile devices is a common option to analyze and solve cyber-crime cases. The analysis of the installed applications extracts and collects information to clarify unknown conditions and might provide additional details. Unfortunately, some applications store messages encrypted. So, the information is only readable in the app, which sometimes require online access to start and display these messages. The demanded online access is a predicament; whereas the start of the app or the download of these messages provides new information to solve the case, the danger of remote wiping during the online connection is high. Available environments to facilitate an online access and simultaneously block other connections are available, but they fail during a forensic investigation. In this paper a novel approach for a forensic access point (FAP) is proposed. The design of FAP focuses on the implementation of an isolated environment, which allows the connection of the device and specific online services considering current requirements. The architecture is evaluated by a proof-of-concept (PoC), which proves the usability in a forensically sound manner.