Mobile health applications digital evidence taxonomy with knowledge sharing approach for digital forensics readiness

Abstract

M-health is the current application that capable to monitor and detect human biological change and used the Internet as a platform to transfer and receive the data from the cloud providers. However, the advancement of Internet of Things (IoT) technology poses a great challenge for digital forensic experts in order to preserve, acquire and analyse digital evidence. Digital evidence taxonomy is one technique in digital forensics that facilitates digital forensics readiness and integration with knowledge sharing approach is necessary to allow digital forensics experts to share their knowledge. Therefore, this research was carried out that consists three phases, namely (1) initial phase, (2) intermediate phase and (3) final phase. In the initial phase, a systematic literature review was conducted to identify any potential gaps from the existing studies. Subsequently, digital evidence taxonomy in the IoT forensics layers was adopted, which consisted of three artefact categories to represent the IoT forensics layers. In the intermediate phase, 34 top rating m-health apps were used as a case study to validate the digital evidence taxonomy. From the analysis of the result, various types of information for forensic investigation were acquired, such as type of outdoor activity, activity timestamp, client IP address and date accessed. In the final phase, the M-Health Digital Evidence Taxonomy System (MDETS) was developed as a proof of concept to demonstrate the integration of digital evidence taxonomy with the knowledge-sharing approach to facilitate digital forensic readiness. Interviews were used as the instrument tool to evaluate knowledge sharing in terms of people, process and technology elements in enabling digital forensic readiness. The results from the interviews support that knowledge sharing facilitates digital forensic readiness in terms of people, process and technology elements. As a conclusion, the integration of digital evidence taxonomy with the knowledge-sharing approach gives the opportunity for the digital forensic community to enhance the existing approach or procedure to increase the findings of a digital forensic investigation and make digital forensic readiness more proactive within the organisation