A Novel Framework for Gauging Information Extracted from Smartphones Using Fuzzy Logic

It‟s interesting to know that there are around 6.92 billion smartphone users all over the world, as stated by Statista website. Smartphones store a huge amount of data about their users, which can be useful for forensic investigators in case of any criminal activity. However, this information can also be manipulated by someone with malicious intent to provide false evidence to deceive forensic investigators. Our research has utilized fuzzy logic to evaluate the degree of truth or falsity of this information. Additionally, this study analyzes conversations between individuals using Excel‟s fuzzy lookup add-in to determine the percentage of truth and false in each conversation. The results were compiled into a dataset and utilized a fuzzy model created by Matlab‟s fuzzy toolbox to evaluate the information. The results indicate the percentage of truth and false in each conversation and which can be used to determine its admissibility as evidence and which not.


INTRODUCTION
According to the Numbeo database [1], Egypt's crime index was 48.53% in 2019, ranking 48th out of 144 countries.However, in 2023, the crime index rate decreased to 47%, and Egypt's ranking dropped to 65th place.Many crimes today are committed using smartphones, through features such as chats and calls.However, smartphones can also be helpful in solving crimes if investigators extract information from them [2].
Digital forensics is a subfield of forensic science that deals with analyzing and examining digital data obtained from digital devices [3].Mobile device forensics, also known as small-scale device forensics, involves collecting and scrutinizing the evidence found in small devices like smartphones, smartwatches, and tablets.Mobile devices run on operating systems such as Android, Windows Mobile, and macOS [4].
Smartphone apps have become an essential part of our daily lives.They help us communicate with our loved ones who live in different countries, locate shops, engage in social media activities, play games with friends, send instant messages, and make voice-over-internet protocol (VoIP) calls [2].The data on our smartphones often contain crucial information that can be used to solve a crime, such as photos, videos, contacts, call logs, messages, browsing history [5], text messages, and e-commerce transaction history.
There are various mobile forensic techniques and tools used to extract data from mobile devices, but some are still in development, and others require significant training to use effectively.Therefore, a mobile forensic investigator needs to be familiar with the different tools and techniques available.
In our research, fuzzy logic is used to evaluate extracted data and determine the degree of truth and falsity.This helped to identify whether the investigator could use the data as evidence or not.This paper is organized as follows: Section 2 discusses the related research and the differences between our research and others.Section 3 discusses the difference between boolean and fuzzy logic in evaluating the extracted evidence.Section 4 provides an overview of the methodology used to evaluate the extracted evidence data using the Matlab application, the fuzzy logic toolbox.Section 5 presents the result of our research, and finally, Section 6 shows the conclusion and the recommendations.

RELATED WORK
Kargaki A. et.Al (2023) [2].Attempted to extract data from Android smartphones using mobile forensics science.They found it challenging due to the security features of these devices, such as lock screens and encryption.To overcome these obstacles, they developed new techniques that bypassed the security measures.Their study proposed a new mobile forensic acquisition model.However, one of the significant challenges they encountered was the evolution of mobile devices' new security features, operating systems, and encryption techniques.As a result, forensic investigators need to keep up with the latest technology and develop new methods to extract data from smartphones.
Nguyen T. (2023) [7].This study proposed a combination method between fuzzy c-means and forensic algorithms investigation.The proposed method gives an efficient clustering technique to exploit the global solution for segmentation problems.As a result, four customer groups are created and classified.
Ferranti L. et.Al. (2023) [8].This research introduces FUZZYLOGIC, a Julia library, to perform fuzzy inference.The library is open-source, and its license is permissive.The core design principles of Julia's library are friendliness, flexibility, and efficiency.Notably, the paper library is easy to use, allows to specify fuzzy systems in a meaningful specific language, has many visualization tools, and supports inference systems like Mamdani.The author describes the library features and benchmark and compares it with the library in the Matlab fuzzy toolbox.
Abubakar A. et. al. in 2021 [9].The goal is to analyze the WhatsApp group chat to be aware of the level of participation by members of the group.They are studying the messages in all formats and the date and time the active users send them to be investigated.The author used Python and notebooks as a classification method.The libraries of Python include Numpy, Pandas, and Seaborn.The result showed that group users' sharing levels differ from the top five group members, as only the full five group members accounted for more than a quarter of the accumulative messages sent over fourteen months.The research supports group members to be actively involved.Being an active group member is better than remaining a non-contributor member.Krishnan S. et al. in 2019 [5] an examination of social media applications on smartphones.They focused on testing the internal memory of the smartphones and describing if the actions and activities were stored or not.The author tested social media applications installed on smartphones with different operating systems.The paper used forensic tools to validate social media applications such as Meta Company (Facebook) and Twitter.The report proved that Blackberry phones are secured because tools could not extract data from them.In comparison, much data was extracted from Android and iPhone smartphones Umar R. et.al., 2017 [10].The research aims to extract evidence from WhatsApp applications on smartphones.This research aims to rate the mobile forensic tools' ability to extract and evaluate extracted data from WhatsApp.The author used the WhatsApp Key and Oxygen tools, compared them, and mentioned their strong and weak points.Kanchan H. et al. in 2016 [11].In this paper, the authors identified the factors that help discover the redirection of spam and malicious proposals by using a fuzzy logic-based model for spam discoverable spam.The author tested his model against URLs, and the model detected high-quality spam redirections.
Ramya T. at.El in 2014 [12].The paper explains the Fuzzy Logic Toolbox.The authors constructed the rules based on various statements and converted them into fuzzy rules, and the Fuzzy Logic Toolbox GUI tools were built using a MATLAB numeric environment.
In our research, fuzzy logic is used to evaluate the extracted data and determine the degree of truth or false.Matlab Fuzzy Toolbox helps in designing a model capable of testing this data and specify its degree of truth or falsity.This allowed us to determine whether the data could be considered evidence or not.

Overview of gauging evidence extracted from smartphones with different logic
Mobile device forensics involves the collection and analysis of evidence found in small devices such as smartphones, smartwatches, and tablets.These devices use operating systems such as Android, macOS, and iOS to function and display graphical user interfaces to the users.

Data Acquisition Technique:
The techniques and methods used to extract data from mobile devices [6] as shown in figure [1].
Figure (1), data acquisition methods [6] -Micro-read is the technique that allows you to view data on memory chips by the investigator with highpower electron microscopes.The disadvantage of this technique is its cost, time-consuming, and requires high knowledge of hardware and file systems [13].
-Chip-off is the technique that helps the investigator extract data and information from the memory directly.The investigator removes the memory chip from the device and generates a binary image to analyze data.The disadvantage of this technique is the costly physical damage that could happen [14].
-JTAG is the technique that enables physical data extraction from a smart device.The investigator connects the smart device to a workstation; then, the tools extract and create a raw data image in the smart device's memory.There are many forensic tools for JTAG, such as XACT and Pandora's Box [15].
-Logical extraction is the most accessible and widespread technique; the smart device is connected to the forensic lab with Bluetooth, cable NFC, or any other method, and forensic tools will be installed in the smart device to extract all data from it [16].
-Manual extraction is one of the simplest and quickest ways to retrieve data from a mobile device.This method involves an investigator scrolling through the device's text messages, web browser history, photo albums, social media apps, and more.[16] 3.2 Boolean logic: Boolean logic is fundamental in computer science and mathematics.It is based on the principles of binary logic, which uses two values -actual (represented as 1) or false (represented as 0) -to represent logical statements [17].These logical statements can be combined using Boolean operators such as AND, OR, and NOT to create more complex expressions.Understanding Boolean logic is crucial for designing and analyzing digital computer circuits and for programming and algorithm development [18].
Boolean logic is an essential tool for computer scientists and mathematicians.It allows for manipulating and evaluating logical statements using binary values, leading to the development of complex expressions [28].Boolean logic is a core computer science and mathematics concept that relies on binary values (true and false) to represent logical statements.Boolean logic enables creating and analyzing complex expressions using Boolean operators such as AND, OR, and NOT [18].

Fuzzy logic:
Fuzzy logic is a mathematical framework that allows for reasoning and decision-making in situations with inherent uncertainty or ambiguity.Lotfi Zadeh developed it in the 1960s to model and process uncertainty and imprecise information [8].Fuzzy logic is different from Boolean logic as it helps to represent partial truths and gradual transitions between true and false [12].Fuzzy logic introduces the concept of "fuzzy sets," which assigns degrees of membership instead of strict membership.In a fuzzy set, an element can belong to the set to a certain degree, ranging from fully belonging (degree of 1) to not belonging [12].
Fuzzy Logic in Decision Support Systems Fuzzy Logic plays a crucial role in decision support systems by incorporating degrees of truth and considering the uncertainty in real-world scenarios; fuzzy Logic provides a more nuanced and flexible approach to decision-making.Fuzzy Logic is particularly advantageous in complex systems where the data may need to be more precise or complete [18].Overall, fuzzy Logic provides a flexible and powerful tool for dealing with imprecise and uncertain information, allowing for more nuanced reasoning and decision-making in various domains [19].

Excel Fuzzy Lookup:
Fuzzy Lookup is a powerful feature in Excel that allows users to find and match similar records within large datasets.By utilizing fuzzy matching algorithms and similarity measures, Excel's fuzzy lookup can effectively identify records that may have slight variations, such as misspellings or typos, and provide a list of potential matches [20].This add-in considers the responses' spelling and similarity, ensuring that only very close matches are deemed correct.Excel Fuzzy Lookup can significantly streamline the process of scoring cued recall data and eliminate potential errors or discrepancies caused by human judgment.The Fuzzy Lookup operator in SSIS also provides similar functionality for approximate string matching [21].Incorporating the Fuzzy Lookup system into this operator further enhances its capabilities and allows for more robust transformations.This integration with other operators in the ETL process enables users to create robust solutions for data manipulation and analysis [22].

Matlab:
Matlab is a highly versatile programming language and software environment that has gained widespread popularity in various fields such as engineering, mathematics, and science.One key feature that makes Matlab useful in these areas is its ability to efficiently handle and manipulate large datasets, allowing for complex data analysis and modeling.Matlab can be especially useful in weather forecasting, where accurate predictions rely heavily on analyzing vast amounts of meteorological data [8].
The Toolbox allows users to build fuzzy models that capture the underlying relationships between various meteorological variables, such as temperature, humidity, wind speed, and atmospheric pressure.Using the Fuzzy Logic Toolbox, researchers can input historical weather data and expert knowledge into the System to create a fuzzy rule-based model.This model can then predict future weather conditions based on current observations [23].

Methodology
The purpose of this research is to assess data, determine if it is reliable or not, and analyze it.Fuzzy Logic has been selected as the method for evaluating the data and providing a level of certainty for forensic investigators to use in investigations.Additionally, Excel's fuzzy lookup has been utilized to evaluate conversations between individuals and assign a percentage to each data point.The results are compiled into a dataset and analyzed using a Matlab model to assess the reliability of the information.The outcomes reveal the percentage of each data point and whether it can be considered as evidence.

Dataset:
A dataset obtained from the Kaggle website [24] was analyzed.This dataset contains conversations between individuals.It comprises 7 columns, where the first column shows the name of the sender while the second column contains the chat messages.From third to seventh columns represent the date and time of each message, as shown in Table (1).

Matlab Fuzzy Toolbox:
A fuzzy Mamdani-type model with three inputs, rules, and output was created using the Matlab Fuzzy Logic Designer tool, as shown in screenshot (1).This Fuzzy model was designed to test three inputs according to predetermined rules and produce corresponding outputs.1: week ranges from 0% to 25%, representing week evidence.2: Middle represents 25% to 75%, representing the average evidence.

Results
Matlab fuzzy toolbox logic was used to create a fuzzy model.The model helps evaluate the strength of each data point by testing it against the three inputs with predefined rules.The output of the model is given in percentage, which helps us determine whether the data can be used as evidence or not.
We analyzed 30 chats with different inputs, and after the model processed the inputs using rules and generated outputs, the results were presented in Table (4).
Table (4), the results of all 30 chat message.
The timestamp 1637953254 is the first timestamp, 1661367654 is when the investigator found the smartphone, and 1684780423 is the timestamp after the investigator found the smartphone by year.Any chat that occurred between 1637953254 and 1661367654 that contains feud and violation words is considered strong evidence, as are the percentage numbers listed above.However, any chat that occurred between 1661367654 and 1684780423 is considered weak evidence.

Conclusion and Future Work
The research objective is to develop a fuzzy model that can automatically assess data and determine whether it can be considered as evidence.The model analyzed 30 chat transcripts and provided a strength percentage for each based on different standards.

Table (
To work with the Matlab application, the date and time must be converted into a numeric timestamp.Microsoft Excel has been used to change the date and time into timestamps.The user column also changed into 0, 1.The sender's changed to (0), while the recipients' changed to (1), as shown in table(2).

Table ( 2
), chat messages after converting the user column and the timestamp column.Each chat in the dataset was changed to a percentage using the Excel Fuzzy Lookup Add-in.This addin provides a percentage of similarity between the two tables.The first table was the chat table, while the other table had a single column containing the most commonly used words for disputes and violations.The Excel Fuzzy Lookup Add-in provided a similarity percentage between each chat and the terms in the second table.This resulted in a new table with five columns as shown in table(3).

Table ( 3
), similarity percentage after comparing the message table with a table of the violation words.