For example, during creation of memory copy of mobile device Oxygen Forensic Suit, usually files mmsblk0, mmsblk1 are created. Usually, during creation of the mobile device memory copy, you can get files with specific names, which can give you an idea, what kind of data these files contain. ARM processors of Mediatek, Spreadtrum и Infineon firms are used in such devices and it is possible to apply combinations of methods: extracting data from a chip of mobile device «Chip-off» (when the central processor, which contains user’s data, is desoldered) and then user’s data extracting via JTAG interface.
įor example, in case when data of user is saved in extended memory of central processor of mobile device (it is typical for so-called “Chinese cell-phones” («Chinese mobile devices», «Chinese phones»)). Creation of the mobile device memory copy manually. However, there is a chance to damage the examined device.Ĥ. It is possible to get root-access using other more efficient methods. It means that forensic expert can not always get a root-access to a mobile device, but the device will be operational after the examination. Such tools use the safest method of root-access to mobile device. Data extracting via specialized programs (e.g., Oxygen Forensic Suit ) and hardware-software complexes (.XRY (Micro Systemation), UFED (Cellebrite Forensics), Secure View 3 ). Such dumps have to be converted into the format, which is supported by the forensic programs that forensic expert has.ģ. It is important to realize that some flasher tools create a mobile device memory dump in their own format (which differs from RAW).
#Accessdata ftk imager wiki software#
It allows extracting data from devices that have negligible hardware and software damages. This is popular method of data extraction via flasher tools RIFF-box, Octopus, etc. Extracting data from mobile device memory using debug interface JTAG. It is the most difficult method of data extraction, but sometimes it is the only way to extract data from the device.Ģ. Direct data extraction from memory chips of mobile device using «Chip-off» method. He can do a physical memory dump using the following methods:ġ. That means that forensic expert has to get a complete copy of the examined device. Physical data extraction from mobile devicesĬonsidering the fact that investigators are also interested in deleted files that are in the memory of mobile devices, forensic expert has to do physical data extraction from the memory of mobile device. What should forensic expert do in such situation? Let’s try to find out.ġ. Forensic laboratories and examining subdivisions can not afford to buy specialized software packages (.XRY (Micro Systemation), UFED (Cellebrite Forensics) etc.) because of the high cost. Criminals often delete files from memory of their mobile devices, trying to hide information about committed crime.ĥ. Now they are also interested in history of network resources (browsers’ data), history of the short messages exchange programs, deleted files (graphic files, videos, SQLite database, etc.) and other valuable criminalistics information.Ĥ. The time, when investigators were interested in the data from a phone book, calls, SMS messages that were extracted by forensic expert, has passed.
So far, there is no forensic program supporting analysis of logs and data from all of such programs.ģ.
#Accessdata ftk imager wiki for android#
There are a great number of programs designed for Android operating system, which data could potentially be interesting to investigators. There is no forensic program that supports extracting data from all mobile devices existing in the world.Ģ. However, during examination of mobile devices running Android operating system (hereafter mobile devices) forensic expert face the following difficulties:ġ. It is no wonder that such devices are often received for forensic examination. Most of the mobile devices in the world run Android operating system. In this article, we are going to tell about opportunities of utilizing programs that are used on a day-to-day basis in computer forensics and examination for analysis of mobile devices running Android operating system.
0 kommentar(er)
