In this episode, I want to focus on accessing mobile devices again and on a feature we built into UFED to help you identify exactly what’s behind the scenes on an Android device that may be causing you some issues.

In UFED, I choose Mobile Device then I plug in my Android and wait for it to be recognized. I allow the connection to my computer, and it tells me right away the type of device I have.

I click on Console at the bottom of the screen. I want the Android console to come up and tell me information about my device.

It is very important that you read the screens that appear and that you make sure these settings are enabled on your device.

The console is going to give all types of information about the Android after it completes the scan of the device. And it is going to tell us exactly what we need to know that may help us get additional access to the device such as Qualcomm Live or what we’re going to use.

Information about the Android device:

  • Samsung Model
  • Android 12
  • Security patch version
  • File-based encryption
  • Not rooted
  • The battery is at 100 percent

Information such as encryption state, security patch, OS, and whether or not you have root access are very helpful details when it comes to mobile device acquisition.

I would recommend taking a screenshot of the screen and including it in your report, but it’s a great starting point in your extraction flow when you are using UFED to collect data from mobile devices.

Watch the full episode to learn more.

Share this post