Making complex data simple and compelling
From digital device to digital evidence
Unlock your vehicle's digital evidence potential
Forensic Analysis and Enhancement
Investigating and analyzing financial records
Gain access to the online accounts of deceased loved ones
Clear, precise evidence for a messy world
Expert reports to suit your specific needs
We can locate people anywhere
Stop worrying and learn the truth
Prevent, Detect, Respond To Cyberattacks
First response is crucial. Every minute counts.
The first response is critical to reduce liability
Detection & Removing Spyware Services
Reduce your electronic risk from digital transmittals
Find out who you are really talking to
Experienced, Confidential Services
Swift, professional incident response
Complicated cases require compelling digital facts
Find, recover and document digital evidence
Bring solid evidence before a judge
Cases can be investigated using Social Media
We got a good feedback regarding our last article – Android forensic analysis with Autopsy. But many of you asked if it is possible to perform a forensic examination of an Android logical image. The answer is – yes! And today we’ll show you how to do it.
In this example we’ll use a Samsung GT-I9105 logical image acquired by Magnet Acquire – a free imaging tool developed by Magnet Forensics:
As you can see our logical image is in archive. To use it with Autopsy we need to unpack it. Open it with your favorite archiver and you’ll see the following:
In our case Agent Data folder is empty, so we need to open another archive – adb-data.tar:
All you need now is to extract these two folders. It’s high time to launch Autopsy:
Create a new case:
Select “Logical files” as the source type. Then click “Add” button and add the extracted folders – shared and apps:
Now choose the ingest modules:
As you can see we don’t use PhotoRec Carver module for our logical image, because it doesn’t have unallocated space (excluding SQLite databases, but currently Autopsy isn’t able to extract data from it).
This is it – Android Analyzer module has successfully extracted available data:
As you can see, such powerful open source suite as Autopsy can be used not only for forensic analysis of Android physical images, but also for logical – and it’s very important, because nowadays less and less smartphones can be aqcuired physically.
About the authors:
Igor Mikhaylov
Interests: Computer, Cell Phone & Chip-Off Forensics
Oleg Skulkin
Interests: iOS forensics, Android forensics, Mac OS X forensics, Windows forensics, Linux forensics
Great article. Thank you for sharing
Please enter the result of the calculation above.
Save my name, email, and website in this browser for the next time I comment.
Δ
Speak to a Specialist Now
Get Help Now