Mobile Forensics
- Tags
- security
Variant of digital forensics targeting mobile devices specifically.
This is [see page 4, important] because the number of smartphone users has been increasing for years and its [see page 5, application] in criminal activities has seen similar growth. Even without this, smartphones track an absurd amount of [see page 9, data] about its users and this data can be used to implicate an individual in a crime.
There're also concerns surrounding BYOD (bring your own device) policies which let individuals use their own mobile devices to access confidential information such as documents and emails related to organisations.
Android Forensics
[see page 11, Android] uses the Linux kernel.
[see page 12, Approaches] to Data Extraction
- Manual: Examiner uses the same interface as device owner to interact with data.
- Logical: Extract data by interacting with OS and accessing the file system.
- Physical: Obtaining a exact bit-by-bit image of the device.
[see page 13, Targets] of Extraction
Most of the data we're interested in can be find in the /data/data/ location in
reverse domain-name notation. For example we can find the:
| Target | Example Path |
|---|---|
| Call Log | /data/data/com.android.providers.contacts/databases/contacts2.db |
| SMS messages | /data/data/com.android.providers.telephony/databases/mmssms.db |
| Browser History | /data/data/com.android.browser/browser |
Databases are generally stored on mobile devices as SQLITE databases.