Challenge
A newer generation of Android smartphone was under investigation. The federal agency was interested in a full forensic image recovery including deleted data, and faced the additional challenge of the phone being passcode-protected.
The case was a high priority and the evidence from this phone was considered critical, so the agents contacted the leading experts in Android forensics.
viaForensics’ Approach
viaForensics was able to respond rapidly and send a consultant to work on-site with the agency’s own forensic experts. Using a viaForensics-developed technique, AFPhysical, the team was able to circumvent the passcode and acquire a full physical forensic image of the device, including:
- Full memory dump
- Deleted information
- Logical directory structure
- SQLite databases containing text messages, contacts and emails
Results
After acquiring the forensic image, viaForensics helped the agency process the image to extract the pertinent data necessary for the case. The client was completely satisfied with viaForensics’ work and plans to refer future Android forensics work to viaForensics.
