Book Image

Learning Android Forensics

By : Rohit Tamma, Donnie Tindall
Book Image

Learning Android Forensics

By: Rohit Tamma, Donnie Tindall

Overview of this book

Table of Contents (15 chapters)
Learning Android Forensics
About the Authors
About the Reviewers

Bypassing Android lock screens

Lock screens are the most challenging aspect of Android forensic examinations. Frequently, the entire investigation depends on the examiner's ability to gain access to a locked device. While there are methods to bypass them, this can be highly dependent on the OS version, device settings, and technical capabilities of the examiner. There is no magical solution that will work every time on every device. Commercial forensics tools such as Cellebrite and XRY have fairly robust bypass capabilities, but are far from infallible. This chapter will show how an examiner can increase their odds of bypassing locked devices with free tools and methods.


An examiner should never attempt to guess a Pattern/PIN/Password on the device. Many manufacturers implement a setting that will wipe the device after a number of failed attempts. Many also allow the user to lower that number.

Lock screen types

There are many methods used to secure a device, and the methods for bypassing...