THE SIXTH INTERNATIONAL CONFERENCE ON FORENSIC COMPUTER SCIENCE
Print ISBN 978-85-65069-07-6 - Online ISBN 978-85-65069-05-2, pp 92-99
DOI: 10.5769/C2011009 and http://dx.doi.org/10.5769/C2011009
Aquisição de Evidências Digitais em Smartphones Android
By André Morum de L. Simão, Fábio Caús Sícoli, Laerte Peotta de Melo, Flávio Elias de Deus, and
Rafael Timóteo de Sousa Júnior
To download this paper, click here.
From an expert's perspective, an Android phone is a large data repository that can be stored either locally or remotely. Besides, its platform allows analysts to acquire device data and evidence, collecting information about its owner and facts that are under investigation. This way, by means of exploring and cross referencing that rich data source, one can get information related to unlawful acts and its perpetrator. There are widespread and well documented approaches to forensic examining mobile devices and computers. Nevertheless, they are not specific nor detailed enough to be carried out on Android cell phones. These approaches are not totally adequate to examine modern smartphones, since these devices have internal memories whose removal or mirroring procedures are considered invasive and complex, due to difficulties in having direct hardware access. Furthermore, specific features of each smartphone platform have to be considered prior to acquiring its data. In order to deal with those challenges, this paper proposes a method to perform data acquisition of Android smartphones, regardless of version and manufacturer. The proposed approach takes into account existing techniques of computer and cell phone forensic examination, adapting them to specific Android characteristics, its data storage structure, popular applications and the conditions under which the device was sent to the forensic examiner.
Forensic analisys; data aquisition; evidence analisys; cell phone; smarphone; Android.
To return to the "Published Papers" main page, click here.