Android-based smartphones have grown their consumer base in the past few years. At the same time, investigation needs have evolved as a consequence of the new smartphones that have entered the landscape. In order to answer some interesting questions about Android forensics, this chapter will bring to light some important points about Android OS internals, filesystem, data structure, and security models. It will discuss how it is possible to logically and physically acquire an Android device. We will also see what JTAGs are and what the chip-off technique is; this chapter will also explain how to bypass lock screens, security, and encryption. In this chapter, we will discuss a real case of forensic analysis of a third-party application.
This chapter will cover the following topics:
Android OS – all you need to know
Android security model
Bypassing security
Android logical data acquisition
Android physical data acquisition
JTAG and chip-off forensic examinations
Third...