±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36464
New Yesterday: 0 Visitors: 347

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Backup of Android Device

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

laura4458
Member
 

Backup of Android Device

Post Posted: Apr 09, 15 23:30

I'm a digital forensic examiner and private investigator with Select Investigations in North Carolina. Though I desperately love digital forensics, cell phone forensics always makes me want to run away screaming. We're preparing to examine a Motorola DROID MAXX with Android 4.4.4.

Though I hesitate to say it in fear of angering the Android fans, I'm an Apple person. And unlike Apple, it doesn't appear as though there's an option built into this Android phone to choose to create a complete backup of the phone to a computer. I see there's an option to backup the phone to a Google account.

My goal: to create a backup of the phone that we can forensically examine. That is, we want to examine the backup, not the phone itself. Any suggestions?

A few concerns: 1) Any backup option that involves installing an app on the phone results in a) altering the evidence and b) I assume there's something along the line that Apple does when you purchase (even a free) app from the app store-a receipt/email is generated when you do so. Is that the case with Android and the Google play store?

2) I've perused using handy-dandy Google Searches, and I can't seem to find a program to install on a computer that will allow for creating a full backup of the phone. Some of the ones I've come across say they will support Android 4.2, but I haven't seen one that says it will support 4.4.4. Am I missing one you all know about?

3) It's my understanding that this phone does not have an micro SD slot, so any option for installing an app that will back up to an SD card is out.

4) What if we were to back up to a Google account. What happens? I assume if we were to change which Google account it backs up to, we're going to be changing which Google account that phone is linked with, correct? And regardless of which Google account it is backed up to, is there actually a downloadable file that we can access, or is the backup only accessible by getting another phone and restoring the phone from the backup.

That's just some of the initial thoughts I have. So, can any of you awesome Android super users help this bumbling Apple idiot?

Thanks for your help and any suggestions.
_________________
Laura A. Moorehead
North Carolina Private Investigator 4458
Select Investigations
Email: LM AT selectinvestigations DOT com
www.selectinvestigations.com 
 
  

Adam10541
Senior Member
 

Re: Backup of Android Device

Post Posted: Apr 10, 15 06:16

Can I ask why you want to take the 'examine a backup approach' rather than the phone itself?

If you have access to XRY/UFED then the process of taking a dump of the phone (physical or logical) is no more intrusive than taking a backup of the phone with software and in fact may be less intrusive and give you more information.

Traditionally backups that are created by iPhone or Android devices don't get all the available information, and you can miss data that is incredibly important as part of any forensic examination. Add to that the process of backing up a device may alter time stamps and other meta data giving false information when it comes to the examination of the data.  
 
  

UnallocatedClusters
Senior Member
 

Backup of Android Device

Post Posted: Apr 10, 15 06:48

If you are looking for a free tool to perform an Android collection, try DEFT (www.deftlinux.com).

I strongly recommend reading the DEFT manual (also free for download) as it lists the manual steps required to collect an Android device. This will give you an idea of what the "push button" tools are doing under the hood.

The DEFT manual explains why one must "root" an Android device in order to perform a physical image in addition to how one can use the Android Debugging Bridge (adb.exe) in order to collect evidence from an Android device.

Unlike most PCs, many smartphones come from the factory with encrypted storage in addition to un-encrypted storage that precludes a "physical" image unless one "jailbreaks" or "roots" the device.

Therefore, on non-rooted, non-jailbroken devices, one must install an application on the smartphone itself from which "logical" data will be exported to one's forensic workstation for further analysis.

I am a Lantern Certified Examiner and highly recommend Katana Forensic's Lantern tool.

Also, you may want to look at Compelson's Mobiledit Forensic edition. Mobiledit does a wonderful job of revealing all of the folders and files on iPhones and Android phones that one normally cannot see or access. For example, Mobiledit will allow one to see "KIK" or "Skype" application folders and export the contents to your desktop for further examination.

I will email you my newly published CLE course on smartphone forensic best practices as I think you will find the content informative.

Regards,

Larry  
 
  

AshishSingh
Member
 

Re: Backup of Android Device

Post Posted: Apr 10, 15 10:03

- UnallocatedClusters
If you are looking for a free tool to perform an Android collection, try DEFT (www.deftlinux.com).

I will email you my newly published CLE course on smartphone forensic best practices as I think you will find the content informative.

Regards,

Larry


Hi Sir,

Please share your contributions regarding Smartphone forensics. I would be highly obliged.

Regards  
 
  

ForensicMeteor
Senior Member
 

Re: Backup of Android Device

Post Posted: May 22, 15 04:29

- AshishSingh
- UnallocatedClusters
If you are looking for a free tool to perform an Android collection, try DEFT (www.deftlinux.com).

I will email you my newly published CLE course on smartphone forensic best practices as I think you will find the content informative.

Regards,

Larry


Hi Sir,

Please share your contributions regarding Smartphone forensics. I would be highly obliged.

Regards


I'd like to see it as well!  
 
  

OxygenForensics
Senior Member
 

Re: Backup of Android Device

Post Posted: May 29, 15 18:17

You may try Oxygen Forensic Suite. It allows to create Android backup from device and save it on PC or parse data from it and see it all in the easy-to-use program interface. Of course, all popular apps, like Skype, Kik, WhatsApp, Viber, etc. are automatically extracted and shown.  
 
  

zuberb
Newbie
 

Re: Backup of Android Device

Post Posted: May 31, 15 03:43

- UnallocatedClusters


I will email you my newly published CLE course on smartphone forensic best practices as I think you will find the content informative.

Regards,

Larry


Plus one on the CLE course sir  
 

Page 1 of 1