Abstract
Due to the prevalent use of smartphones, mobile devices have attracted some of the most sophisticated mobile device malware in existence. Traditional forensics investigation tools and techniques have fallen short of successfully investigating mobile malware incidents. Consequently, the need for the design and development of specific mobile device malware tools and techniques has been raised in the literature. However, it has become clear that the requirements for the evaluation of such tools and methods are missing. This research paper proposes a set of requirements that should be met by forensic models meant to be used in investigating security incidents involving mobile device malware. We have defined a sufficient number of requirements that take into consideration the characteristics of mobile devices and mobile malware as well. The requirements are designed as solutions for the limitations associated with existing conventional digital and malware forensic models.