File Based Encryption (FBE) and Full Disc Encryption with Secure Start Up (FDE) impact Android device data collection. It is important to understand how to differentiate between cold and hot devices while using the different data collection options. 

File Based Encryption (FBE)

Cold Device – contains a stock background image, user data is locked, and needs bruteforce to access.

Hot Device – background image is visible, the camera is accessible, so data collection can be performed on the phone with Cellebrite Premium without knowing the passcode.

Full Disc Encryption with Secure Start-Up (FDE)

Cold Device (Samsung) – must enter the user’s password before the device will even start

Cold Device (LG) – the operating system is not fully booted without the password

Understanding how to differentiate between cold and hot devices while collecting data will help ensure you use the proper tools. 

Share this post