MoLIFE: Methodology, Technologies, and Challenges for Mobile Live Intelligent Forensics Examination

📅 2026-07-08
📈 Citations: 0
Influential: 0
📄 PDF
🤖 AI Summary
Traditional mobile forensics faces significant challenges due to device data protection mechanisms—such as restricted access to superuser directories—that hinder the acquisition of critical evidence while preserving its integrity. This work proposes MoLIFE, a novel methodology that establishes a real-time intelligent forensic framework for mobile devices grounded in NIST SP800-101. MoLIFE represents the first systematic integration of emerging technologies, including artificial intelligence, blockchain, and quantum computing, to enable non-invasive, state-preserving data collection and analysis. Preliminary experiments on the Android platform demonstrate that MoLIFE effectively supports both proactive threat prevention and post-incident forensic investigation while maintaining the device’s original state, thereby exhibiting strong technical feasibility and innovative potential.
📝 Abstract
Nowadays, mobile forensics is less explored in Digital Forensics case analysis due to the increase in data protection mechanisms implemented by tech companies (i.e., Google for Android and Apple for iOS). For example, the physical acquisition or analysis of specific directories under super-user protection would corrupt the evidence; access to such data is protected, and bypassing this protection requires either privilege escalation or custom ROM installation, leading to the modification of the device state. At the same time, the demand for mobile technologies and their respective communication systems is increasing exponentially, exposing numerous security threats and risks. For that reason, this paper presents a Mobile Live Intelligent Forensics Examination (MoLIFE), a novel Digital Forensics (DF) methodology for data acquisition and analysis of mobile devices. The proposed methodology is based on NIST SP800-101 for the DF process. MoLIFE can be integrated with new and emerging technologies by exploiting their power (e.g., AI, blockchain, quantum computing). MoLIFE can also be used to prevent cyber threats and incidents, as well as DF post-mortem analysis, offering examples of applying the MoLIFE methodology and good practices for the future. To prove the technical feasibility of the methodology, a small case study on Android devices data acquisition via the mDT will be presented. As the methodology is based on new and emerging technologies, it depends on their limitations that would be overcome in a few years.
Problem

Research questions and friction points this paper is trying to address.

mobile forensics
data protection
evidence integrity
privileged data access
digital forensics
Innovation

Methods, ideas, or system contributions that make the work stand out.

Mobile Forensics
Live Forensics
AI Integration
NIST SP800-101
Non-invasive Acquisition
S
Silvia Lucia Sanna
University of Cagliari, Dept of Electrical and Electronic Engineering, Via Marengo, 2, Cagliari, 09123, Italy
C
Cristina Alcaraz
University of Malaga, NICS Lab, Campus de Teatinos s/n, Malaga, 29071, Spain
A
Alessandro Sanna
University of Cagliari, Dept of Electrical and Electronic Engineering, Via Marengo, 2, Cagliari, 09123, Italy
G
Giorgio Giacinto
University of Cagliari, Dept of Electrical and Electronic Engineering, Via Marengo, 2, Cagliari, 09123, Italy; Interuniversity National Consortium for Informatics, CINI, Via Ariosto, 25, Rome, 00185, Italy
Javier Lopez
Javier Lopez
Professor of Computer Science, University of Malaga
Security