Figure 24: No detection

According to the mvt project, “Any matches will be highlighted in the terminal output as well as saved in the output folder using a “_detected” suffix to the JSON file name.” So far, mvt has not detected any suspicious activity on this mobile device(IPhone).

Limitations of investigation

Although the research may have been conducted successfully, it will not be wise to undermine the limitations of this research. Some of the limitations are:

  1. Non-rooted and non-jailbroken devices are and may be prone to illegal steps of investigation. Even though, technically sound, ethical reasons may limit the research.
  2. Authorization from any device or app owner will be needed. This may not always be feasible and may put the investigation to a halt or even a stop.
  3. Manual analysis and investigations may effect the performance of investigations as it is highly unlikely to analyze thousands of processes and hundreds of downloaded APKs.
  4. Encryption and backing up of devices are needed to be conducted with highest caution as to prevent data tampering and compromise the digital data gathering process – acquisition. This in turn is very likely to further contaminate the whole digital forensics process and investigation.