Toward a general collection methodology for Android devices

The Android platform has been deployed across a wide range of devices, predominately mobile phones, bringing unprecedented common software features to a diverse set of devices independent of carrier and manufacturer. Modern digital forensics processes differentiate collection and analysis, with collection ideally only occurring once and the subsequent analysis relying upon proper collection. After exploring special device boot modes and Android's partitioning schema we detail the composition of an Android bootable image and discuss the creation of such an image designed for forensic collection. The major contribution of this paper is a general process for data collection of Android devices and related results of experiments carried out on several specific devices.

[1]  Ibrahim Baggili,et al.  iPhone 3GS Forensics: Logical analysis using Apple iTunes Backup Utility , 2010 .

[2]  Dowon Hong,et al.  Data Acquisition from Cell Phone using Logical Approach , 2007 .

[3]  Vrizlynn L. L. Thing,et al.  Live memory forensics of mobile phones , 2010, Digit. Investig..

[4]  Marwan Al-Zarouni Introduction to Mobile Phone Flasher Devices and Considerations for their Use in Mobile Phone Forensics , 2007 .

[5]  Maynard Yates Practical investigations of digital forensics tools for mobile devices , 2010, InfoSecCD.

[6]  Dan Farmer,et al.  Forensic Discovery , 2004 .

[7]  Brenda M. Williamson,et al.  Forensics analysis of the contents of Nokia mobile phones , 2006 .

[8]  Edgar R. Weippl,et al.  Android forensics , 2012, Computers & security.

[9]  Gianluigi Me,et al.  An overall assessment of Mobile Internal Acquisition Tool , 2008, Digit. Investig..

[10]  Martin S Olivier,et al.  Acquisition of a Symbian Smart phone’s Content with an On-Phone Forensic Tool , 2007 .

[11]  Svein Yngvar Willassen Forensics and the GSM Mobile Telephone System , 2003, Int. J. Digit. EVid..

[12]  Timothy M. Vidas,et al.  The Acquisition and Analysis of Random Access Memory , 2007, J. Digit. Forensic Pract..

[13]  Wayne Jansen,et al.  Guidelines on Cell Phone Forensics , 2007 .

[14]  Paolo Gubian,et al.  Forensics and SIM Cards: An Overview , 2006, Int. J. Digit. EVid..

[15]  Henry Owen,et al.  BlackBerry IPD parsing for open source forensics , 2009, IEEE Southeastcon 2009.

[16]  Toshiaki Tanaka,et al.  Towards Formal Analysis of the Permission-Based Security Model for Android , 2009, 2009 Fifth International Conference on Wireless and Mobile Communications.

[17]  Richard P. Ayers,et al.  Cell Phone Forensic Tools: An Overview and Analysis Update , 2007 .