Information Technology Reference
In-Depth Information
Summary
A proper forensic workstation setup is required prior to conducting investigations on an
Android device. Using open source methods to acquire and analyze Android devices re-
quires the installation of specific software on the forensic workstation. If the method of
forensic acquisition requires the Android device to be unlocked, the examiner needs to de-
termine the best method to gain access to the device. Various screen lock bypass techniques
explained in this chapter help an examiner to bypass the passcode under different circum-
stances. Depending on the forensic acquisition method and scope of the investigation, root-
ing the device should provide complete access to the files present on the device. Some
commercial tools, such as Micro Systemation XRY, provide a root that the examiner must
use in order to access specific areas of the device memory. Now that the basic concepts are
covered on gaining access to an Android device, we will cover acquisition techniques and
describe how the data is being pulled using each method in
Chapter 9
,
Android Data Ex-
traction Techniques
.
