Apple serial number finally by forensic for android#
Each type of acquisition has a variety of techniques for data acquisition such as “nandroid” backup (only for Android devices) and “logical acquisition” using “UFED Touch” for the logical acquisition and JTAG, ISP, chip-off or “dd” command for the physical acquisition. File system acquisition can provide information for files that are deleted but not overwritten if the device allows file system access. files) that reside on a logical storage while physical acquisition is bit-by-bit copy of the physical storage (e.g. Logical acquisition is a “bit-by-bit” copy of logical storage objects (e.g. The methods for data acquisition can be divided in three types: logical, file system and physical acquisition. In mobile forensics, data acquisition and analysis it can be one step or two different steps depends on the method and technique used. The forensic process consists of the collection of evidences, data acquisition, analysis of the data and report the evidences. Mobile forensics is the science dedicated to analyzing mobile devices for evidences. Mobile forensics is relatively a new area but it is growing fast as forensic examiners are dealing with mobile devices more often than before. The plethora of artefacts in devices like smartphones created the need of a science that its main goal is to examine these devices for evidences and report them in a clear way for later use in court, thus mobile forensics emerged, which is a sub-branch of the main science of digital forensics. When these valuable functions are combined with the fact that people tend to carry their phones everywhere, smartphones become a goldmine of evidences in criminal cases. Smartphones are pocket-sized computers in which you can browse the Internet, chat, send emails, create and read documents and books, use GPS to navigate, keep notes and a lot of other functions. Smartphones have become an integral part of people’s daily life in 2014, smartphone users were 1.57 billion while in 2016 this number increased to 2.1 billion and by 2020 it is expected to go up to 2.87 billion, globally.
Cellebrite UFED Touch Logical, File System and Physical Acquisition Table of Contents Click to expand Table of ContentsĢ.1 Android File System and Partition Layoutģ.1 Data acquisition types comparison with Cellebrite UFED Touchģ.2 Physical acquisition techniques comparison: UFED Touch vs “dd” commandĤ Testing and Comparing Forensic Acquisition Techniques with Step-by-Step GuideĤ.1 Data acquisition types comparison with Cellebrite UFED TouchĤ.2 Cellebrite UFED Touch and dd Physical memory dump Comparison Small Scale Digital Device Forensics Journal Scientific Working Group on Digital Evidence Keywords: Android, Forensic, JTAG, ISP, eMMC, Acquisition, Physical, LogicalĬERCS: P170,Computer science, numerical analysis, systems, control Abbreviations and Definitions JTAG Finally, the last test will focus on the examination of the content of an encrypted device to show if it is possible to find evidences. The second test will try to prove that all physical acquisitions are equivalent by comparing the acquired data from the same device with two different methods.
The first test will focus on showing the differences on the different types of acquisition by comparing the results of a forensic analysis of the same device using Cellebrite UFED Touch and Physical Analyzer. The aim is to give an overview of these techniques from a forensic point of view and in addition to some other tests will try to prove that are forensically equivalent to any other method. These techniques were created from manufactures to test PCBs and repair devices but they are being used as a forensic technique to acquire the data from a device.
This thesis is focusing on JTAG and ISP physical acquisitions techniques. Share this: Facebook Facebook logo Twitter Twitter logo Reddit Reddit logo LinkedIn LinkedIn logo WhatsApp WhatsApp logo Abstract