Book Image

Learning Android Forensics

By : Rohit Tamma, Donnie Tindall
Book Image

Learning Android Forensics

By: Rohit Tamma, Donnie Tindall

Overview of this book

Table of Contents (15 chapters)
Learning Android Forensics
About the Authors
About the Reviewers


This chapter discussed several techniques used for physically imaging internal memory or SD cards and some of the common problems associated with them:


Problems associated


  • Usually pre-installed on device

  • May not work on MTD blocks

  • Does not obtain Out-of-Band area


  • Not commonly found on the device, must be pushed to device

  • Works well with MTD blocks

  • May obtain Out-of-Band area, based on options in the binary used

Additionally, each imaging technique can be used to either save the image on the device (typically on the SD card), or used with netcat to write the file to the examiner's computer:



Writing to SD card

  • Easy, doesn't require additional binaries to be pushed to the device

  • Familiar to most examiners

  • Cannot be used if SD card is symbolically linked to the partition being imaged

  • Cannot be used if the entire memory is being imaged

Using netcat

  • Usually requires yet another binary to be pushed to the device

  • Somewhat complicated, must follow...