May 11th, 2010 by lhaas                              

DFI News™ | An Introduction to Android Forensics

Check out Andrew’s Android forensics article in DFI News™:

Android, Google’s mobile device platform, is growing quickly in its share of the smart phone market share. …

In 2010, a large number of new devices will be released, including 20+ smart phones, 23 tablets, 2 e-books, and 4 net books. Clearly, forensic examiners need to prepare for [...]

  • Share/Bookmark
May 11th, 2010 | Tags: Android, forensic tools, Motorola Droid, smart phones, smartphones | Category: Android Forensics, Press Releases | Leave a comment
December 14th, 2009 by ahoog                               1 comment

Quick forensic analysis of Google Goggles

I played around with Google Goggles today and was quite impressed.  Like any good forensic geek, I wanted to understand better what happened behind the scenes.  Below are some observations from the data the app persisted on the NAND:

Application data is stored in /data/data/com.google.android.apps.unveil
Following directories exist: cache, databases, files, lib, shared_prefs
Last picture I took was [...]

  • Share/Bookmark
December 14th, 2009 | Tags: Motorola Droid | Category: Android Forensics | One comment
December 11th, 2009 by ahoog                               2 comments

Quick look at Motorola Droid sqlite3 databases

I was taking a look at the /data/data/ directory on the Droid and here are some interesting items:

Contact database

/data/data/com.android.providers.contacts/database/contacts2.db (thank goodness it’s not contacts1.db)

Combines data from Google, Exchange, Facebook and more
table status_updates has date/time and status update from contacts in your Contact list and Facebook
table raw_contacts has info about source of contact and other items
Is [...]

  • Share/Bookmark
December 11th, 2009 | Tags: Motorola Droid | Category: Android Forensics | 2 comments
November 23rd, 2009 by ahoog                               2 comments

Forensic analysis of Google Maps Navigation – Motorola Droid – viaForensics

While we continue our R&D on getting a full dd image from a Motorola Droid, I thought it would be interesting to do a quick write up on Google Maps Navigation artifacts.  Since we don’t yet have full access to the system, this preliminary analysis focuses on the residual data left on the SD Card.

SD [...]

  • Share/Bookmark
November 23rd, 2009 | Tags: Motorola Droid | Category: Android Forensics | 2 comments
November 12th, 2009 by ahoog                              

Droid complaints after 5 days of use

I really like my Droid…and I know it will continue to improve.  But since there are plenty of people proclaiming it’s greatness, I’ve decided to post my top complaints after a few days of use:

If you type in a phone number, it does not lookup the contact until I make call.  Sometimes I type numbers [...]

  • Share/Bookmark
November 12th, 2009 | Tags: Android, Motorola Droid | Category: Mobile News | Leave a comment
November 11th, 2009 by ahoog                               4 comments

Motorola Droid filesystem details

I was taking a look at the filesystem on my Motorola Droid and discovered they have a new YAFFS2 directory called /config.  The T-Mobile/HTC devices did not have this directory.  Interestingly, you can’t cd into the directory…you get the following error:

$ cd config
cd: can’t cd to config

but you can get a little info:

$ ls /config
wifi
public
lost+found

Oddly [...]

  • Share/Bookmark
November 11th, 2009 | Tags: Motorola Droid | Category: Android Forensics | 4 comments
November 9th, 2009 by ahoog                              

Fix for Exchange attachment downloads on Droid

I was unable to download and view attachment on my Droid.  To resolve, I had did the following: open the Exchange account, hit Menu -> Account Settings -> Incoming settings  and then uncheck the “Accept all SSL certificates”.  Credit goes to the Motorola Owners’ Forum.

  • Share/Bookmark
November 9th, 2009 | Tags: Android, Motorola Droid | Category: Mobile News | Leave a comment