Without any doubt, lock screens represent the very first starting point in every mobile forensic examination. As for all smartphone OSes, Android offers a way to control access to a given device by requiring user authentication; the problem with recent implementations of lock screens in modern operating systems, in general and in Android (since it is the point of interest of this chapter), is that beyond controlling access to the system user interface and applications, lock screens have now been extended to more fancy (showing widgets, switching users in multi-users devices, and so on) and forensically challenging features, such as unlocking the system keystore, to derive the key-encryption key (used with the disk encryption key), and the credential storage encryption key.
The problem with bypassing lock screens (also called keyguards) is that techniques that can be used are very version/device dependent, thus there is neither a generalized method nor a technique that...