{"id":533,"date":"2016-04-05T12:49:03","date_gmt":"2016-04-05T12:49:03","guid":{"rendered":"https:\/\/www.digitalforensicscorp.com\/blog\/?p=533"},"modified":"2024-12-11T19:25:07","modified_gmt":"2024-12-11T19:25:07","slug":"android-forensic-analysis-with-autopsy","status":"publish","type":"post","link":"https:\/\/www.digitalforensics.com\/blog\/software\/android-forensic-analysis-with-autopsy\/","title":{"rendered":"Android Forensics with Autopsy: Open\u2011Source Mobile Investigation Tool"},"content":{"rendered":"<p>Nowadays, we have lots of commercial mobile forensics suites. <!--more-->Oxygen Forensic Analyst and Detective, Cellebrite UFED, MSAB XRY are just a few of them. Of course, these tools are very, even extremely, powerful and are able to extract huge datasets from lots of mobile devices including Android. But it\u2019s always good to have an open source alternative to the commercial ones. And we have good news: there is an open -source tool called Autopsy, suitable for Android <a title=\"Cell Phone Forensics\" href=\"\/digital-forensics\/cell-phone-forensics\">mobile forensic examinations<\/a>.<\/p>\n<p>Of course, this tool is not a new one. It\u2019s used globally by thousands of digital forensic examiners for traditional computer forensics, especially file system forensics. This open-source tool was created as a graphical interface for the Sleuth Kit, but since version &#8211; 3, it was completely rewritten and became Windows-based.<\/p>\n<p>The most current version is 4.0. It\u2019s very important to note that it has the Android Analyzer Module, which makes it possible to extract the following artifacts:<\/p>\n<ul>\n<li>Text messages (SMS \/ MMS);<\/li>\n<li>Call logs<\/li>\n<li>Contacts<\/li>\n<li>Tango messages<\/li>\n<li>Words with Friends messages<\/li>\n<li>GPS from the browser and Google Maps<\/li>\n<li>GPS from cache.wifi and cache.cell files<\/li>\n<\/ul>\n<p>But this is not the only module suitable for Android forensics. There are also such important modules as EXIF Parser Module, Keyword Search Module, PhotoRec Carver Module and some others.<\/p>\n<p>Let\u2019s create a case and add an Android physical image. Start the suite and you\u2019ll see the Welcome window:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-534\" src=\"https:\/\/www.digitalforensicscorp.com\/blog\/wp-content\/uploads\/2016\/04\/1.png\" alt=\"1\" width=\"450\" height=\"316\" srcset=\"https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/1.png 450w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/1-300x211.png 300w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/1-280x196.png 280w\" sizes=\"auto, (max-width: 450px) 100vw, 450px\" \/><\/p>\n<p>We need to create a new case, so choose the corresponding option.<\/p>\n<p>It\u2019s time to start filling in our case information:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-535\" src=\"https:\/\/www.digitalforensicscorp.com\/blog\/wp-content\/uploads\/2016\/04\/2.png\" alt=\"2\" width=\"750\" height=\"446\" srcset=\"https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/2.png 750w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/2-300x178.png 300w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/2-512x304.png 512w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/p>\n<p>Start with the case name, choose WeAre4n6_Android_Test &#8211; our base directory is D:\\, but you can choose your own, so our data will be stored in D:\\ WeAre4n6_Android_Test.<\/p>\n<p>Setting the case number and examiner\u2019s name is optional, so you can skip this step if you want:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-536\" src=\"https:\/\/www.digitalforensicscorp.com\/blog\/wp-content\/uploads\/2016\/04\/3.png\" alt=\"3\" width=\"750\" height=\"446\" srcset=\"https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/3.png 750w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/3-300x178.png 300w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/3-512x304.png 512w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/p>\n<p>Choose our data source:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-537\" src=\"https:\/\/www.digitalforensicscorp.com\/blog\/wp-content\/uploads\/2016\/04\/4.png\" alt=\"4\" width=\"811\" height=\"489\" srcset=\"https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/4.png 811w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/4-300x181.png 300w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/4-768x463.png 768w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/4-512x309.png 512w\" sizes=\"auto, (max-width: 811px) 100vw, 811px\" \/><\/p>\n<p>In our case, it\u2019s an Android userdata partition physical image (userdata.dd), located at C:\\Users\\Olly\\Desktop. Don\u2019t forget about setting the correct time zone!<\/p>\n<p>Now choose the ingest modules you want to run on the image:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-538\" src=\"https:\/\/www.digitalforensicscorp.com\/blog\/wp-content\/uploads\/2016\/04\/5.png\" alt=\"5\" width=\"811\" height=\"489\" srcset=\"https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/5.png 811w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/5-300x181.png 300w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/5-768x463.png 768w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/5-512x309.png 512w\" sizes=\"auto, (max-width: 811px) 100vw, 811px\" \/><\/p>\n<p>Don\u2019t forget to choose Android Analyzer! Exif Parser, Keyword Search and PhotoRec Carver are also very useful. Also, make sure you check Process Unallocated Space option \u2013 it\u2019ll be automatically carved with PhotoRec.<\/p>\n<p>That\u2019s it! Now our image is being analyzed by Autopsy Ingest Modules:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-539\" src=\"https:\/\/www.digitalforensicscorp.com\/blog\/wp-content\/uploads\/2016\/04\/6.png\" alt=\"6\" width=\"811\" height=\"489\" srcset=\"https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/6.png 811w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/6-300x181.png 300w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/6-768x463.png 768w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/6-512x309.png 512w\" sizes=\"auto, (max-width: 811px) 100vw, 811px\" \/><\/p>\n<p>Here is what we got from the Android Analyzer module:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-540\" src=\"https:\/\/www.digitalforensicscorp.com\/blog\/wp-content\/uploads\/2016\/04\/7.png\" alt=\"7\" width=\"304\" height=\"216\" srcset=\"https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/7.png 304w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/7-300x213.png 300w\" sizes=\"auto, (max-width: 304px) 100vw, 304px\" \/><\/p>\n<p>As you can see, quite a lot of data is extracted automatically. Call logs, contacts, GPS trackpoints and messages are extracted by Android Analyzer module, EXIF metadata is extracted by EXIF Parser module, files with wrong extensions are detected by Extension Mismatch Detector module, and web cookies, web downloads, web history \/ web searches are extracted by Recent Activity module.<\/p>\n<p>Extension Mismatch Detector module is very useful for Android forensics, for example, it can be used to find cached images:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-542\" src=\"https:\/\/www.digitalforensicscorp.com\/blog\/wp-content\/uploads\/2016\/04\/8_.png\" alt=\"8_\" width=\"1169\" height=\"520\" srcset=\"https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/8_.png 1169w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/8_-300x133.png 300w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/8_-768x342.png 768w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/8_-1024x456.png 1024w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/8_-512x228.png 512w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/8_-920x409.png 920w\" sizes=\"auto, (max-width: 1169px) 100vw, 1169px\" \/><\/p>\n<p>As you can see, this cached image has \u201c0\u201d extension instead of \u201cjpg\u201d:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-543\" src=\"https:\/\/www.digitalforensicscorp.com\/blog\/wp-content\/uploads\/2016\/04\/9.png\" alt=\"9\" width=\"696\" height=\"418\" srcset=\"https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/9.png 696w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/9-300x180.png 300w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/9-512x307.png 512w\" sizes=\"auto, (max-width: 696px) 100vw, 696px\" \/><\/p>\n<p>Analyzing its location, we come to the conclusion that this image is cached by Odnoklassniki \u2013 a popular Russian social media application.<\/p>\n<p>Also, Autopsy supports automatic deleted files recovery from Ext4 file system:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-544\" src=\"https:\/\/www.digitalforensicscorp.com\/blog\/wp-content\/uploads\/2016\/04\/10.png\" alt=\"10\" width=\"1171\" height=\"605\" srcset=\"https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/10.png 1171w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/10-300x155.png 300w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/10-768x397.png 768w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/10-1024x529.png 1024w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/10-512x265.png 512w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/10-920x475.png 920w\" sizes=\"auto, (max-width: 1171px) 100vw, 1171px\" \/><\/p>\n<p>Finally, PhotoRec Carver module helps a mobile forensic examiner to extract data from unallocated space via carving technique:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-545\" src=\"https:\/\/www.digitalforensicscorp.com\/blog\/wp-content\/uploads\/2016\/04\/11.png\" alt=\"11\" width=\"1172\" height=\"902\" srcset=\"https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/11.png 1172w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/11-300x231.png 300w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/11-768x591.png 768w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/11-1024x788.png 1024w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/11-512x394.png 512w, https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/04\/11-920x708.png 920w\" sizes=\"auto, (max-width: 1172px) 100vw, 1172px\" \/><\/p>\n<p>This article has shown that Autopsy is a quite powerful open source tool for Android forensics with a number of modules capable of both data parsing and recovery.<\/p>\n<h2>About the authors:<\/h2>\n<p><a href=\"http:\/\/linkedin.com\/in\/igormikhaylovcf\" target=\"_blank\" rel=\"noopener\">Igor Mikhaylov<\/a><\/p>\n<p>Interests: Computer, Cell Phone &amp; Chip-Off Forensics<\/p>\n<p><a href=\"https:\/\/www.linkedin.com\/in\/oleg-skulkin-96652a87\" target=\"_blank\" rel=\"noopener\">Oleg Skulkin<\/a><\/p>\n<p>Interests: iOS forensics, Android forensics, Mac OS X forensics, Windows forensics, Linux forensics<\/p>\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"Nowadays, we have lots of commercial mobile forensics suites.","protected":false},"author":126,"featured_media":255,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"csco_display_header_overlay":false,"csco_singular_sidebar":"","csco_page_header_type":"","footnotes":""},"categories":[6],"tags":[],"class_list":{"0":"post-533","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-software","8":"cs-entry"},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.6 (Yoast SEO v27.5) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Android Forensic Analysis with Autopsy | Open\u2011Source Tool<\/title>\n<meta name=\"description\" content=\"Learn how to perform Android forensic analysis using Autopsy. Explore key modules, artifact extraction, and open\u2011source tools for mobile investigations.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.digitalforensics.com\/blog\/software\/android-forensic-analysis-with-autopsy\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Android Forensics with Autopsy: Open\u2011Source Mobile Investigation Tool\" \/>\n<meta property=\"og:description\" content=\"Learn how to perform Android forensic analysis using Autopsy. Explore key modules, artifact extraction, and open\u2011source tools for mobile investigations.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.digitalforensics.com\/blog\/software\/android-forensic-analysis-with-autopsy\/\" \/>\n<meta property=\"og:site_name\" content=\"Resources for Sextortion and Online Blackmail Victims\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/DigitalForensicsCorp\/\" \/>\n<meta property=\"article:published_time\" content=\"2016-04-05T12:49:03+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-12-11T19:25:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/02\/weare4n6_articles.png\" \/>\n\t<meta property=\"og:image:width\" content=\"600\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Viktor Sobiecki\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ForensicsCorp\" \/>\n<meta name=\"twitter:site\" content=\"@ForensicsCorp\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Viktor Sobiecki\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/software\\\/android-forensic-analysis-with-autopsy\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/software\\\/android-forensic-analysis-with-autopsy\\\/\"},\"author\":{\"name\":\"Viktor Sobiecki\",\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/#\\\/schema\\\/person\\\/db7b63895c111dc8ed48df38d20b84ce\"},\"headline\":\"Android Forensics with Autopsy: Open\u2011Source Mobile Investigation Tool\",\"datePublished\":\"2016-04-05T12:49:03+00:00\",\"dateModified\":\"2024-12-11T19:25:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/software\\\/android-forensic-analysis-with-autopsy\\\/\"},\"wordCount\":619,\"publisher\":{\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/software\\\/android-forensic-analysis-with-autopsy\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/wp-content\\\/uploads\\\/2016\\\/02\\\/weare4n6_articles.png\",\"articleSection\":[\"Cybersecurity Tips, Services, and Key Resources for Cybercrime Victims\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/software\\\/android-forensic-analysis-with-autopsy\\\/\",\"url\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/software\\\/android-forensic-analysis-with-autopsy\\\/\",\"name\":\"Android Forensic Analysis with Autopsy | Open\u2011Source Tool\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/software\\\/android-forensic-analysis-with-autopsy\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/software\\\/android-forensic-analysis-with-autopsy\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/wp-content\\\/uploads\\\/2016\\\/02\\\/weare4n6_articles.png\",\"datePublished\":\"2016-04-05T12:49:03+00:00\",\"dateModified\":\"2024-12-11T19:25:07+00:00\",\"description\":\"Learn how to perform Android forensic analysis using Autopsy. Explore key modules, artifact extraction, and open\u2011source tools for mobile investigations.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/software\\\/android-forensic-analysis-with-autopsy\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/software\\\/android-forensic-analysis-with-autopsy\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/software\\\/android-forensic-analysis-with-autopsy\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/wp-content\\\/uploads\\\/2016\\\/02\\\/weare4n6_articles.png\",\"contentUrl\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/wp-content\\\/uploads\\\/2016\\\/02\\\/weare4n6_articles.png\",\"width\":600,\"height\":400},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/software\\\/android-forensic-analysis-with-autopsy\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity Tips, Services, and Key Resources for Cybercrime Victims\",\"item\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/software\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Android Forensics with Autopsy: Open\u2011Source Mobile Investigation Tool\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/\",\"name\":\"Resources for Sextortion and Online Blackmail Victims\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/#organization\",\"name\":\"Digital Defense Hub: Resources for Sextortion and Online Blackmail Victims\",\"url\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/12\\\/df-logo.png\",\"contentUrl\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/12\\\/df-logo.png\",\"width\":393,\"height\":343,\"caption\":\"Digital Defense Hub: Resources for Sextortion and Online Blackmail Victims\"},\"image\":{\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/DigitalForensicsCorp\\\/\",\"https:\\\/\\\/x.com\\\/ForensicsCorp\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/#\\\/schema\\\/person\\\/db7b63895c111dc8ed48df38d20b84ce\",\"name\":\"Viktor Sobiecki\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/07\\\/viktor-sobiecki_avatar-96x96.jpg\",\"url\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/07\\\/viktor-sobiecki_avatar-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/07\\\/viktor-sobiecki_avatar-96x96.jpg\",\"caption\":\"Viktor Sobiecki\"},\"description\":\"Dr. Viktor Sobiecki currently serves as the Chief Technology Officer (CTO) at Digital Forensics Corporation, where responsibilities span the leadership of advanced cybersecurity initiatives, data breach incident responses, and corporate strategic planning. Professional career has been driven by the intersection of innovation and practical application, particularly in the domains of cybersecurity and cyber crime investigations. He holds a Ph.D. in Computer Science and has contributed extensively to academic and industry advancements through publications, patents, and technological solutions addressing complex real-world challenges. As a professional with over 25 years of experience in the fields of cybersecurity, artificial intelligence, and digital forensics his career spans roles in academic research, software development, corporate leadership, and expert consulting, giving me a comprehensive understanding of the technical, strategic, and practical dimensions of projects. Expertise spans a wide range of technical domains, including: \u2022 Data Breach Incident Response: Managing immediate responses to cybersecurity crises, including the containment and mitigation of threats \u2022 Corporate Strategy Development: Designing long-term strategies to enhance organizational resilience against emerging cyber threats. \u2022 Expert Testimony: Providing legal and technical expertise in high-profile cybersecurity cases. \u2022 Artificial Intelligence and Machine Learning: Designing and implementing algorithms for data analysis, pattern recognition, and anomaly detection. \u2022 Network Security and Data Integrity: Developing solutions to protect critical systems from cyber threats, including encryption protocols and intrusion detection systems. \u2022 Cloud Computing and Hybrid Infrastructures: Creating scalable, resilient architectures for data storage, processing, and security.\",\"sameAs\":[\"https:\\\/\\\/www.digitalforensics.com\\\/\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/viktor-sobiecki\\\/\"],\"honorificPrefix\":\"Dr\",\"jobTitle\":\"Chief Technology Officer (CTO)\",\"worksFor\":\"Digital Forensics Corporation\",\"url\":\"https:\\\/\\\/www.digitalforensics.com\\\/blog\\\/author\\\/visor\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Android Forensic Analysis with Autopsy | Open\u2011Source Tool","description":"Learn how to perform Android forensic analysis using Autopsy. Explore key modules, artifact extraction, and open\u2011source tools for mobile investigations.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.digitalforensics.com\/blog\/software\/android-forensic-analysis-with-autopsy\/","og_locale":"en_US","og_type":"article","og_title":"Android Forensics with Autopsy: Open\u2011Source Mobile Investigation Tool","og_description":"Learn how to perform Android forensic analysis using Autopsy. Explore key modules, artifact extraction, and open\u2011source tools for mobile investigations.","og_url":"https:\/\/www.digitalforensics.com\/blog\/software\/android-forensic-analysis-with-autopsy\/","og_site_name":"Resources for Sextortion and Online Blackmail Victims","article_publisher":"https:\/\/www.facebook.com\/DigitalForensicsCorp\/","article_published_time":"2016-04-05T12:49:03+00:00","article_modified_time":"2024-12-11T19:25:07+00:00","og_image":[{"width":600,"height":400,"url":"https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/02\/weare4n6_articles.png","type":"image\/png"}],"author":"Viktor Sobiecki","twitter_card":"summary_large_image","twitter_creator":"@ForensicsCorp","twitter_site":"@ForensicsCorp","twitter_misc":{"Written by":"Viktor Sobiecki","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.digitalforensics.com\/blog\/software\/android-forensic-analysis-with-autopsy\/#article","isPartOf":{"@id":"https:\/\/www.digitalforensics.com\/blog\/software\/android-forensic-analysis-with-autopsy\/"},"author":{"name":"Viktor Sobiecki","@id":"https:\/\/www.digitalforensics.com\/blog\/#\/schema\/person\/db7b63895c111dc8ed48df38d20b84ce"},"headline":"Android Forensics with Autopsy: Open\u2011Source Mobile Investigation Tool","datePublished":"2016-04-05T12:49:03+00:00","dateModified":"2024-12-11T19:25:07+00:00","mainEntityOfPage":{"@id":"https:\/\/www.digitalforensics.com\/blog\/software\/android-forensic-analysis-with-autopsy\/"},"wordCount":619,"publisher":{"@id":"https:\/\/www.digitalforensics.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.digitalforensics.com\/blog\/software\/android-forensic-analysis-with-autopsy\/#primaryimage"},"thumbnailUrl":"https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/02\/weare4n6_articles.png","articleSection":["Cybersecurity Tips, Services, and Key Resources for Cybercrime Victims"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.digitalforensics.com\/blog\/software\/android-forensic-analysis-with-autopsy\/","url":"https:\/\/www.digitalforensics.com\/blog\/software\/android-forensic-analysis-with-autopsy\/","name":"Android Forensic Analysis with Autopsy | Open\u2011Source Tool","isPartOf":{"@id":"https:\/\/www.digitalforensics.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.digitalforensics.com\/blog\/software\/android-forensic-analysis-with-autopsy\/#primaryimage"},"image":{"@id":"https:\/\/www.digitalforensics.com\/blog\/software\/android-forensic-analysis-with-autopsy\/#primaryimage"},"thumbnailUrl":"https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/02\/weare4n6_articles.png","datePublished":"2016-04-05T12:49:03+00:00","dateModified":"2024-12-11T19:25:07+00:00","description":"Learn how to perform Android forensic analysis using Autopsy. Explore key modules, artifact extraction, and open\u2011source tools for mobile investigations.","breadcrumb":{"@id":"https:\/\/www.digitalforensics.com\/blog\/software\/android-forensic-analysis-with-autopsy\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.digitalforensics.com\/blog\/software\/android-forensic-analysis-with-autopsy\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.digitalforensics.com\/blog\/software\/android-forensic-analysis-with-autopsy\/#primaryimage","url":"https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/02\/weare4n6_articles.png","contentUrl":"https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2016\/02\/weare4n6_articles.png","width":600,"height":400},{"@type":"BreadcrumbList","@id":"https:\/\/www.digitalforensics.com\/blog\/software\/android-forensic-analysis-with-autopsy\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.digitalforensics.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity Tips, Services, and Key Resources for Cybercrime Victims","item":"https:\/\/www.digitalforensics.com\/blog\/software\/"},{"@type":"ListItem","position":3,"name":"Android Forensics with Autopsy: Open\u2011Source Mobile Investigation Tool"}]},{"@type":"WebSite","@id":"https:\/\/www.digitalforensics.com\/blog\/#website","url":"https:\/\/www.digitalforensics.com\/blog\/","name":"Resources for Sextortion and Online Blackmail Victims","description":"","publisher":{"@id":"https:\/\/www.digitalforensics.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.digitalforensics.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.digitalforensics.com\/blog\/#organization","name":"Digital Defense Hub: Resources for Sextortion and Online Blackmail Victims","url":"https:\/\/www.digitalforensics.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.digitalforensics.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2024\/12\/df-logo.png","contentUrl":"https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2024\/12\/df-logo.png","width":393,"height":343,"caption":"Digital Defense Hub: Resources for Sextortion and Online Blackmail Victims"},"image":{"@id":"https:\/\/www.digitalforensics.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/DigitalForensicsCorp\/","https:\/\/x.com\/ForensicsCorp"]},{"@type":"Person","@id":"https:\/\/www.digitalforensics.com\/blog\/#\/schema\/person\/db7b63895c111dc8ed48df38d20b84ce","name":"Viktor Sobiecki","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2025\/07\/viktor-sobiecki_avatar-96x96.jpg","url":"https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2025\/07\/viktor-sobiecki_avatar-96x96.jpg","contentUrl":"https:\/\/www.digitalforensics.com\/blog\/wp-content\/uploads\/2025\/07\/viktor-sobiecki_avatar-96x96.jpg","caption":"Viktor Sobiecki"},"description":"Dr. Viktor Sobiecki currently serves as the Chief Technology Officer (CTO) at Digital Forensics Corporation, where responsibilities span the leadership of advanced cybersecurity initiatives, data breach incident responses, and corporate strategic planning. Professional career has been driven by the intersection of innovation and practical application, particularly in the domains of cybersecurity and cyber crime investigations. He holds a Ph.D. in Computer Science and has contributed extensively to academic and industry advancements through publications, patents, and technological solutions addressing complex real-world challenges. As a professional with over 25 years of experience in the fields of cybersecurity, artificial intelligence, and digital forensics his career spans roles in academic research, software development, corporate leadership, and expert consulting, giving me a comprehensive understanding of the technical, strategic, and practical dimensions of projects. Expertise spans a wide range of technical domains, including: \u2022 Data Breach Incident Response: Managing immediate responses to cybersecurity crises, including the containment and mitigation of threats \u2022 Corporate Strategy Development: Designing long-term strategies to enhance organizational resilience against emerging cyber threats. \u2022 Expert Testimony: Providing legal and technical expertise in high-profile cybersecurity cases. \u2022 Artificial Intelligence and Machine Learning: Designing and implementing algorithms for data analysis, pattern recognition, and anomaly detection. \u2022 Network Security and Data Integrity: Developing solutions to protect critical systems from cyber threats, including encryption protocols and intrusion detection systems. \u2022 Cloud Computing and Hybrid Infrastructures: Creating scalable, resilient architectures for data storage, processing, and security.","sameAs":["https:\/\/www.digitalforensics.com\/","https:\/\/www.linkedin.com\/in\/viktor-sobiecki\/"],"honorificPrefix":"Dr","jobTitle":"Chief Technology Officer (CTO)","worksFor":"Digital Forensics Corporation","url":"https:\/\/www.digitalforensics.com\/blog\/author\/visor\/"}]}},"_links":{"self":[{"href":"https:\/\/www.digitalforensics.com\/blog\/wp-json\/wp\/v2\/posts\/533","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.digitalforensics.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.digitalforensics.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.digitalforensics.com\/blog\/wp-json\/wp\/v2\/users\/126"}],"replies":[{"embeddable":true,"href":"https:\/\/www.digitalforensics.com\/blog\/wp-json\/wp\/v2\/comments?post=533"}],"version-history":[{"count":4,"href":"https:\/\/www.digitalforensics.com\/blog\/wp-json\/wp\/v2\/posts\/533\/revisions"}],"predecessor-version":[{"id":16005,"href":"https:\/\/www.digitalforensics.com\/blog\/wp-json\/wp\/v2\/posts\/533\/revisions\/16005"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.digitalforensics.com\/blog\/wp-json\/wp\/v2\/media\/255"}],"wp:attachment":[{"href":"https:\/\/www.digitalforensics.com\/blog\/wp-json\/wp\/v2\/media?parent=533"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.digitalforensics.com\/blog\/wp-json\/wp\/v2\/categories?post=533"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.digitalforensics.com\/blog\/wp-json\/wp\/v2\/tags?post=533"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}