Google implemented ADB backup functionality, beginning in Android 4.0 Ice Cream Sandwich. This allows users (and forensic examiners) to backup application data to a local computer over ADB. This process does not require root, and is therefore highly useful for forensic purposes. However, it does not acquire every application installed on the device. When a developer makes a new app, it is set to allow backups by default, but this can be changed by the developer. In practice, it seems the vast majority of developers leave the default setting, which means that backups do capture most third-party applications. Unfortunately, most Google applications disable backups; full application data from apps such as Gmail and Google Maps will not be included.
Learning Android Forensics
Learning Android Forensics
Overview of this book
Table of Contents (15 chapters)
Learning Android Forensics
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Free Chapter
Introducing Android Forensics
Setting Up an Android Forensic Environment
Understanding Data Storage on Android Devices
Extracting Data Logically from Android Devices
Extracting Data Physically from Android Devices
Recovering Deleted Data from an Android Device
Forensic Analysis of Android Applications
Android Forensic Tools Overview
Index
Customer Reviews