Information Technology Reference
In-Depth Information
Connecting an Android device to a workstation
Forensic acquisition of an Android device using open source tools requires connecting the
device to a forensic workstation. Forensic acquisition of any device should be conducted on
a forensically sterile workstation. This means that the workstation is strictly used for
forensics and not for personal use. Also, note that anytime a device is plugged into a com-
puter, changes can be made to the device. The examiner must have full control of all inter-
actions with the Android device at all times.
The following steps should be performed by the examiner in order to connect the device
successfully to a workstation. Note that write protection may prevent the successful acquis-
ition of the device since commands may need to be pushed to the device in order to pull in-
formation. All the following steps should be validated on a test device prior to attempting
them on real evidence.
Identifying the device cable
The physical USB interface of an Android device allows it to connect to a computer to
share data, such as songs, videos, and photos. This USB interface might change from man-
ufacturer to manufacturer and also from device to device. For example, some devices use
mini-USB while some others use micro-USB. Apart from this, some manufacturers use
their own proprietary formats, such as EXT-USB, EXT micro-USB, and so on. The first
step in acquiring an Android device is to determine what kind of device cable is required.
Installing the device drivers
In order to identify the device properly, the computer may need certain drivers to be in-
stalled. Without necessary drivers, the computer may not identify and work with the con-
nected device. But the issue is, that since Android is allowed to be modified and custom-
ized by the manufacturers, there is no single generic driver that would work for all the
Android devices. Each manufacturer writes its own proprietary drivers and distributes them
along with the phone. So, it's important to identify specific device drivers, which need to be
installed. Of course, some of the Android forensic toolkits (which we are going to discuss
in the following chapters) do come with some generic drivers or a set of most-used drivers;
they may not work with all the models of Android phones. Some Windows operating sys-
tems are able to autodetect and install the drivers once the device is plugged in but more of-
ten than not, it fails. The device drivers for each manufacturer can be found on their re-
spective websites.
