An Introduction to Forensics Data Acquisition From Android Mobile Devices

An Introduction to Forensics Data Acquisition From Android Mobile Devices

The role that a Digital Forensics Investigator (DFI) is rife with continuous learning opportunities, especially as technology expands and proliferates into every corner of marketing and sales communications, entertainment and business. Since a DFI, we package with a regular onslaught of new devices. Several of these devices, like the cellphone or tablet, use common functioning systems that we need to be acquainted with. Absolutely, the Android OS is predominant in the gadget and cellphone industry. Provided the predominance of the Android OS in the mobile device market, DFIs will run into Google android devices in the course of many investigations. When there are several models that suggest approaches to acquiring data from Android os devices, this post introduces four viable methods that the DFI must look into when proof gathering from Android devices. Android Stock ROM

A Bit of Good the Android OS

Android’s first commercial release was at September, 2008 with version 1. 0. Android is the open source and ‘free to use’ functioning system for mobile devices developed by Google. Significantly, early on, Google and other hardware companies developed the “Open Handset Alliance” (OHA) in 2007 to foster and support the growth of the Android os in the marketplace. The OHA now contains 84 hardware companies including leaders like Samsung, HTC, and Motorola (to name a few). This alliance commenced to compete with companies who their own market offerings, such as competitive devices made available from Apple, Microsoft company (Windows Phone 10 – which is now apparently dead to the market), and Blackberry (which has ceased making hardware). Irrespective if an OS is defunct or not, the DFI must know about the various versions of multiple operating system systems, particularly if their forensics concentrate is in a certain sphere, such as mobile mobile phones.

Linux and Android

The present iteration of the Android os OS is based on Linux. Understand that “based on Linux” does not always mean the usual Cpanel programs will usually run on an Android and, conversely, the Android programs which you may enjoy (or are familiar with) will not necessarily operate on your Cpanel desktop. But Linux is not Android. To explain the point, you should be aware that Google selected the Cpanel kernel, the essential portion of the Linux operating system, to manage the hardware chip-set processing so that Google’s developers wouldn’t have to be concerned with the specifics of how digesting occurs over a given collection of hardware. This permits their developers to give attention to the broader operating system part and the user program popular features of the Android OPERATING SYSTEM.

A big Market Share

The Android OS has a substantial market share of the mobile device market, generally due to it is open-source nature. An surplus of 328 million Google android devices were shipped since the third quarter in 2016. And, according to netwmarketshare. com, the Android os main system had the volume of installations in 2017 — practically 67% — as of this writing.

As a DFI, we can expect to face Android-based hardware in the course of a typical investigation. Due to the open source nature of the Android OS with the varied hardware systems from Samsung, Motorola, THE NEW HTC, and so forth, the variety of combinations between hardware type and OPERATING SYSTEM implementation presents an additional challenge. Consider that Android os is currently at version 7. 1. 1, yet each phone manufacturer and mobile device supplier will typically modify the OPERATING-SYSTEM for the specific hardware and service offerings, showing an additional layer of complexity for the DFI, considering that the approach to data acquisition can vary.

Ahead of we dig deeper into additional attributes of the Android OS that confuse the approach to data acquisition, let’s look at the concept of a ROM version that will be put on an Android os device. As an understanding, a ROM (Read Only Memory) program is low-level coding that is near the kernel level, and the unique ROM program is often called firmware. In the event that you think in conditions of a tablet unlike a cell phone, the tablet will have different ROM programming as in comparison to a cell telephone, since hardware features between the tablet and cellular phone will be different, even if both hardware devices are from the same hardware manufacturer. Complicating the need for more details in the ROM program, add in the specific requirements of cell service carriers (Verizon, AT&T, and so forth. ).


Leave a Reply

Your email address will not be published. Required fields are marked *