Hi,
I'm currently looking at doing a final year university project on Mobile Forensics, particularly in the area of Android phones.
I've briefly researched methods of imaging an Android phone, and it seems most people are inclined to use dd in conjunction with ADB, however this requires root access on the phone, and from what I can see so far, there isn't really an officially agreed upon way of achieving this.
So my question is What is the most forensically sound way of gaining root access on an Android phone?
(alternatively if there is any better way to go about imaging an android device I'd be very happy to hear it, I'm not in any way attached to this method P)
Thanks
Hi,
As you are researching the area of Android forensics then I am sure you are familiar with ViaForensics http//
I would read up on their tools as I understand that they have created tools to take an image (to some degree) of an Android device. It could be well worth talking with Andrew Hoog to see if he can offer any help or advice.
Thanks for the reply Doug,
I've read a little about ViaForensics' tools and they seem impressive, however I feel a little off about using pre-developed utilities like this in my project (I probably should have mentioned the degree im studying is Software Engineering, so the part of the project is kind of for me to develop my own utilities/software lol).
But yeah, while im not trying to re-invent the wheel, there seems to be a slight gap in the market for android forensics at the moment, and even though ViaForensics is obviously working on it, for my project i'd rather get down to the bare bones of the process and create my own tool of sorts.
I'll definately talk to Andrew Hoog though, thanks for the advice )
Hi,
Even I am doing my final year project on Android Forensics with Nexus one in focus. Could you please throw some light on the existing methods that can be used to DD the whole internal memory of the Android Device?
If any of you determine a way to image the internal memory without rooting the device, I'd love to know about it. I don't have a need for this now, but I have checked into out of curiosity.
This will be important because I think that some carriers prohibit rooted phones on the network… cough cough.. Verizon.
Mark
Hi,
I'm currently looking at doing a final year university project on Mobile Forensics, particularly in the area of Android phones.
I've briefly researched methods of imaging an Android phone, and it seems most people are inclined to use dd in conjunction with ADB, however this requires root access on the phone, and from what I can see so far, there isn't really an officially agreed upon way of achieving this.
So my question is What is the most forensically sound way of gaining root access on an Android phone?
(alternatively if there is any better way to go about imaging an android device I'd be very happy to hear it, I'm not in any way attached to this method P)
Thanks
This is an excellent post…I am doing a Cell Phone Forensics as well, but not at the moment..I will a little bit later…It would be great to hear and see what the results are.
Hi,
I have just finished my degree in Computer Forensics and created an Android tool for my final year project.
I did quite a lot of research and found that currently there isn't really a way to "image" the internal memory of an Android device in the same context as if you image a hard drive for example; unless you 'root' the phone.
Many of the software tools available install a small client/agent application onto the device to interact with it.
These are just my findings and please correct me if you think i'm wrong.
Oli
Is it possible to boot from a microSD card? I have a WiMo device, that they're trying to get Android to boot from, they boot Android off a microSD card with no modification to the phone. This would be a great way to go, from a sound forensics point of view.
Another way of doing it might be to tear the thing apart and read the flash memory directly. Might not be easy but then you wouldn't have to mess with the system, potentially causing evidence spoliation.