Survey on Android Forensic Tools and Methodologies

Abstract: In recent days, Android Operating System has gained top most position in mobile Operating System (OS) market share. Usage of Smartphone and tablet devices is massively increased and major portion of these devices are come up with android OS. There is a big chance that these devices may be used in committing crimes also. While doing forensic investigation of the digital devices which are involved in the crime needs special tools and techniques to seize, acquire and analysis of the android devices. This paper hi… Show more

“…There are also tools that focus on a specific type of a mobile device, for example, for Apple products Lantern and Elcomsoft iOS Forensic Toolkit. [5] The second type is tools directly mounted on the mobile device. These tools do not have the same options as the desktop application.…”

Mobile forensic tools and techniques: Android data security

“…There are also tools that focus on a specific type of a mobile device, for example, for Apple products Lantern and Elcomsoft iOS Forensic Toolkit. [5] The second type is tools directly mounted on the mobile device. These tools do not have the same options as the desktop application.…”

Mobile forensic tools and techniques: Android data security

“…Android is an open source operating system designed for use on mobile devices and the basic composition of the operating system is the SDK (Software Development Kit) and applications which are a set of tools provided by Google that creates a development environment for developing Android compatible software [2]. The Android platform has unique characteristic features and different scenarios which a forensic analyst may come across, these unique characteristics raises issues of complexity and diversity of android based mobile devices which differ in terms of architecture, model and manufacturer design [3] [4]. Therefore in the event of a need to extract forensic data from such devices, clear understanding of the architecture of the device plays a significant role in guiding the process model to be used and algorithm to follow [4].…”

“…The Android platform has unique characteristic features and different scenarios which a forensic analyst may come across, these unique characteristics raises issues of complexity and diversity of android based mobile devices which differ in terms of architecture, model and manufacturer design [3] [4]. Therefore in the event of a need to extract forensic data from such devices, clear understanding of the architecture of the device plays a significant role in guiding the process model to be used and algorithm to follow [4]. A process model is a defined standard or method of getting things done by applying scientific methods [5].…”

An Algorithm and Process Flow Model for the Extraction of Digital Forensic Evidence in Android Devices

“…São copiados os dados dos espaços alocados em disco, ainda acessíveis ao usuário no sistema de arquivos. Tais dados incluem a agenda telefônica, as chamadas, as mensagens, alguns dados de aplicativos e outros dados que se pode esperar de um backup do softwares com o iTunes ou o próprio Android, ou seja, o que você pode ver se examinar manualmente o dispositivo [13]. É vista como a mais rápida e menos invasiva, porém é a mais limitada das aquisições.…”

“…Existem no mercado inúmeras ferramentas e suites forenses voltadas para a aquisição e análise de dados de dispositivos móveis. O estudo de Rao e Chakravarthy, [13], Khan e Mansuri [40] Segundo Pappas [11], qualquer ferramenta ou software usado para aquisição e análise de dados deve ser testado e verificado anteriormente à sua utilização em casos reais, para que possa garantir seu desempenho e que os documentos relacionados ao software/hardware devem ser revistos periodicamente. O NIST disponibiliza em seu site 1 relatórios de validação de algumas ferramentas.…”

Metodologia para reconstrução de dados em dispositivos móveis com Sistema Operacional Android mediante aplicação de técnicas ISP e Combination firmware