In this episode, I will discuss managing expectations when it comes to mobile data collection. In my experience, most digital examiners have a good idea of what to do with iOS devices, but they are less confident with Android devices. According to what I see on listservs, chat channels, and Twitter, people can get really upset trying to access, collect, or analyze data from Android devices. Some even label the whole experience as a nightmare.

In this open conversation, I will explore what DFIR community challenges are, what can be done to overcome them, and ultimately, how to set digital intelligence expectations with colleagues.

I will walk you through the key questions to ask during a data collection workflow:

  • Is the device locked?
  • Is the device supported?
  • If it’s an iOS device, can you checkra1n it?
  • Is it file-based encryption or full-disk encryption?
  • Is Secure Startup involved?
  • If you do get a physical extraction, is the data still encrypted?

Security patches are also next on the list of challenges to contend with as they can neutralize effective digital intelligence methods that preciously rendered comprehensive results. So we have to be ready for the unexpected with a relevant list of optional methods to move investigations forward.

Watch the show to find out more useful fundamental skills that will achieve results in your investigations now and in the future.

Share this post