Special Guest: Ed Michael, Detective at the Orlando Police Department

Ed has been involved in digital forensics for the last 10 years and has been using Cellebrite Digital Intelligence solutions since 2011. He is also a Cellebrite Instructor teaching for the last 6 years.

In this episode, Ed will cover both iOS and Android system logs that run in the background on their respective devices. There is quite a lot of additional digital evidence that can be found there, which Ed has used to solve several cases.

Sometimes you can find the same log data results in the initial data collection, but it is a lot harder to locate them there. By knowing how to access and produce log data, especially on Android devices that are becoming increasingly locked, you will be able to answer your investigative questions faster.

The best practice in the lab is to leave your device on. During the podcast we follow the system log collection process outlined below:

iOS:

  • Vol Up + Vil Dn+Pwr for 1 second
  • Can be generated from the lock screen
  • You will see the power-off screen – Hit ‘cancel,’ or you will power-off your device!

A macOS is preferred to examine these devices, however, there is plenty to extract using Windows as well.

Android

  • Must have USB debugging enabled
  • Root access not needed
  • Use ADB to access the logs

Listen to the podcast to get more hands-on advice on how to access Android and iOS system log files.

Share this post