Pieterse, HeloiseOlivier, MariusVan Heerden, Renier P2017-10-102017-10-102017-08Pieterse, H., Olivier, M. and Van Heerden, R. P. 2017. Evaluating the authenticity of smartphone evidence. Advances in Digital Forensics XIII, pp. 41-61. DOI: 10.1007/978-3-319-67208-3_3978-3-319-67207-6https://link.springer.com/chapter/10.1007/978-3-319-67208-3_3DOI: 10.1007/978-3-319-67208-3_3https://www.researchgate.net/publication/319390469_Evaluating_the_Authenticity_of_Smartphone_Evidencehttp://hdl.handle.net/10204/9651Copyright: 2017 International Federation for Information Processing (IFIP). Due to copyright restrictions, the attached PDF file only contains the abstract of the full text item. For access to the full text item, kindly consult the publisher's website.The widespread use and rich functionality of smartphones have made them valuable sources of digital evidence. Malicious individuals are becoming aware of the importance of digital evidence found on smartphones and may be interested in deploying anti-forensic techniques to alter evidence and thwart investigations. It is, therefore, important to establish the authenticity of smartphone evidence. This chapter focuses on digital evidence found on smartphones that has been created by smartphone applications and the techniques that can be used to establish the authenticity of the evidence. In order to establish the authenticity of the evidence, a better understanding of the normal or expected behavior of smartphone applications is required. This chapter introduces a new reference architecture for smartphone applications that models the components and the expected behavior of applications. Seven theories of normality are derived from the reference architecture that enable digital forensic professionals to evaluate the authenticity of smartphone evidence. An experiment conducted to examine the validity of the theories of normality indicates that the theories can assist forensic professionals in identifying authentic smartphone evidence.enSmartphone forensicsEvidenceAuthenticityReference architectureBook ChapterPieterse, H., Olivier, M., & Van Heerden, R. P. (2017). Evaluating the authenticity of smartphone evidence., <i>Worklist;19451</i> Springer. http://hdl.handle.net/10204/9651Pieterse, Heloise, Marius Olivier, and Renier P Van Heerden. "Evaluating the authenticity of smartphone evidence" In <i>WORKLIST;19451</i>, n.p.: Springer. 2017. http://hdl.handle.net/10204/9651.Pieterse H, Olivier M, Van Heerden RP. Evaluating the authenticity of smartphone evidence.. Worklist;19451. [place unknown]: Springer; 2017. [cited yyyy month dd]. http://hdl.handle.net/10204/9651.TY - Book Chapter AU - Pieterse, Heloise AU - Olivier, Marius AU - Van Heerden, Renier P AB - The widespread use and rich functionality of smartphones have made them valuable sources of digital evidence. Malicious individuals are becoming aware of the importance of digital evidence found on smartphones and may be interested in deploying anti-forensic techniques to alter evidence and thwart investigations. It is, therefore, important to establish the authenticity of smartphone evidence. This chapter focuses on digital evidence found on smartphones that has been created by smartphone applications and the techniques that can be used to establish the authenticity of the evidence. In order to establish the authenticity of the evidence, a better understanding of the normal or expected behavior of smartphone applications is required. This chapter introduces a new reference architecture for smartphone applications that models the components and the expected behavior of applications. Seven theories of normality are derived from the reference architecture that enable digital forensic professionals to evaluate the authenticity of smartphone evidence. An experiment conducted to examine the validity of the theories of normality indicates that the theories can assist forensic professionals in identifying authentic smartphone evidence. DA - 2017-08 DB - ResearchSpace DP - CSIR KW - Smartphone forensics KW - Evidence KW - Authenticity KW - Reference architecture LK - https://researchspace.csir.co.za PY - 2017 SM - 978-3-319-67207-6 T1 - Evaluating the authenticity of smartphone evidence TI - Evaluating the authenticity of smartphone evidence UR - http://hdl.handle.net/10204/9651 ER -