Backup of Android D...
 
Notifications
Clear all

Backup of Android Device  

  RSS
laura4458
(@laura4458)
New Member

I'm a digital forensic examiner and private investigator with Select Investigations in North Carolina. Though I desperately love digital forensics, cell phone forensics always makes me want to run away screaming. We're preparing to examine a Motorola DROID MAXX with Android 4.4.4.

Though I hesitate to say it in fear of angering the Android fans, I'm an Apple person. And unlike Apple, it doesn't appear as though there's an option built into this Android phone to choose to create a complete backup of the phone to a computer. I see there's an option to backup the phone to a Google account.

My goal to create a backup of the phone that we can forensically examine. That is, we want to examine the backup, not the phone itself. Any suggestions?

A few concerns 1) Any backup option that involves installing an app on the phone results in a) altering the evidence and b) I assume there's something along the line that Apple does when you purchase (even a free) app from the app store-a receipt/email is generated when you do so. Is that the case with Android and the Google play store?

2) I've perused using handy-dandy Google Searches, and I can't seem to find a program to install on a computer that will allow for creating a full backup of the phone. Some of the ones I've come across say they will support Android 4.2, but I haven't seen one that says it will support 4.4.4. Am I missing one you all know about?

3) It's my understanding that this phone does not have an micro SD slot, so any option for installing an app that will back up to an SD card is out.

4) What if we were to back up to a Google account. What happens? I assume if we were to change which Google account it backs up to, we're going to be changing which Google account that phone is linked with, correct? And regardless of which Google account it is backed up to, is there actually a downloadable file that we can access, or is the backup only accessible by getting another phone and restoring the phone from the backup.

That's just some of the initial thoughts I have. So, can any of you awesome Android super users help this bumbling Apple idiot?

Thanks for your help and any suggestions.

Quote
Posted : 10/04/2015 12:30 am
Adam10541
(@adam10541)
Senior Member

Can I ask why you want to take the 'examine a backup approach' rather than the phone itself?

If you have access to XRY/UFED then the process of taking a dump of the phone (physical or logical) is no more intrusive than taking a backup of the phone with software and in fact may be less intrusive and give you more information.

Traditionally backups that are created by iPhone or Android devices don't get all the available information, and you can miss data that is incredibly important as part of any forensic examination. Add to that the process of backing up a device may alter time stamps and other meta data giving false information when it comes to the examination of the data.

ReplyQuote
Posted : 10/04/2015 7:16 am
UnallocatedClusters
(@unallocatedclusters)
Senior Member

If you are looking for a free tool to perform an Android collection, try DEFT (www.deftlinux.com).

I strongly recommend reading the DEFT manual (also free for download) as it lists the manual steps required to collect an Android device. This will give you an idea of what the "push button" tools are doing under the hood.

The DEFT manual explains why one must "root" an Android device in order to perform a physical image in addition to how one can use the Android Debugging Bridge (adb.exe) in order to collect evidence from an Android device.

Unlike most PCs, many smartphones come from the factory with encrypted storage in addition to un-encrypted storage that precludes a "physical" image unless one "jailbreaks" or "roots" the device.

Therefore, on non-rooted, non-jailbroken devices, one must install an application on the smartphone itself from which "logical" data will be exported to one's forensic workstation for further analysis.

I am a Lantern Certified Examiner and highly recommend Katana Forensic's Lantern tool.

Also, you may want to look at Compelson's Mobiledit Forensic edition. Mobiledit does a wonderful job of revealing all of the folders and files on iPhones and Android phones that one normally cannot see or access. For example, Mobiledit will allow one to see "KIK" or "Skype" application folders and export the contents to your desktop for further examination.

I will email you my newly published CLE course on smartphone forensic best practices as I think you will find the content informative.

Regards,

Larry

ReplyQuote
Posted : 10/04/2015 7:48 am
AshishSingh
(@ashishsingh)
Junior Member

If you are looking for a free tool to perform an Android collection, try DEFT (www.deftlinux.com).

I will email you my newly published CLE course on smartphone forensic best practices as I think you will find the content informative.

Regards,

Larry

Hi Sir,

Please share your contributions regarding Smartphone forensics. I would be highly obliged.

Regards

ReplyQuote
Posted : 10/04/2015 11:03 am
ForensicMeteor
(@forensicmeteor)
Member

If you are looking for a free tool to perform an Android collection, try DEFT (www.deftlinux.com).

I will email you my newly published CLE course on smartphone forensic best practices as I think you will find the content informative.

Regards,

Larry

Hi Sir,

Please share your contributions regarding Smartphone forensics. I would be highly obliged.

Regards

I'd like to see it as well!

ReplyQuote
Posted : 22/05/2015 5:29 am
OxygenForensics
(@oxygenforensics)
Active Member

You may try Oxygen Forensic Suite. It allows to create Android backup from device and save it on PC or parse data from it and see it all in the easy-to-use program interface. Of course, all popular apps, like Skype, Kik, WhatsApp, Viber, etc. are automatically extracted and shown.

ReplyQuote
Posted : 29/05/2015 7:17 pm
zuberb
(@zuberb)
New Member

I will email you my newly published CLE course on smartphone forensic best practices as I think you will find the content informative.

Regards,

Larry

Plus one on the CLE course sir

ReplyQuote
Posted : 31/05/2015 4:43 am
Share: