Episode 4: I Beg to DFIR – Android Logical and Full File System Data Collection
Ronen Engler – Senior Manager, Technology and Innovation at Cellebrite
Heather Mahalik – Senior Director of Digital Intelligence at Cellebrite
Paul Lorentz – Senior Solutions Engineer at Cellebrite
In this episode, we will cover the topic of Android data collection. There are many variables when it comes to Android data collection and lots of things you need to consider when you begin the collection procedure.
We will take turns discussing:
- What kind of Android data collection can you perform?
- How do you perform the collection?
- What kind of results should you expect?
- What are the best practices, tips, and tricks?
Keep in mind that Android data collection is completely different from iOS data collection as we are dealing with entry-level type, simple data collection. What we’ve done now in Cellebrite UFED to make your life easier is combine the separate logical and full file system extractions into one. This is now called an “Advanced Logical Extraction,” which collects messages, pictures, media, and more.
There is also the capability to perform full-file-system extractions as well as physical extractions. One key thing you need to know before you start any type of examination is your device’s details. To be prepared, it is recommended that you understand:
- What kind of device is it?
- What kind of chipset does it have?
- What kind of processor does the device use?
- What level of encryption (full-disk or file-based encryption) are you’re dealing with?
Knowing these details will help you determine what the optimal methods of extraction are. Based on this information, you will be prepared for various types of data collection results.
Here are some great resources for researching mobile devices:
Register for the next iBeg to DFIR episode here.