In an interesting article, editors by Privacy International examines some aspects of digital forensics on mobile phones, from the acquisition process to the data analysis phase.
Mobile Phone Extraction technologies, known also as mobile forensics, entails the physical connection of the mobile device that is to be analysed and a device that extracts, analyses and presents the data contained on the phone. Whilst forensics experts, hackers and those selling spyware may be able to access and extract data, we look at a number of the most well-known commercial companies who sell their products to law enforcement, such as Cellebrite, Oxygen Forensic Detective, and MSAB.
Android vs. iOS
An important differentiator between iOS and Android in terms of forensics capabilities is that whilst Apple can push updates directly to their users, patching vulnerabilities and exploits, Android users are predominantly reliant on the manufacturer and carrier to provide update. This causes many Android phones to be running older versions of the operating systems which means various forms of extraction are viable.
There are three generic types of extraction: logical, file system and physical, which provide a framework to consider extraction technologies. No one technology can access and extract all data from all phones, and no one type of extraction is guaranteed to be successful.
Analysis of extracted data
There are a lot of tools for analysis of physical dumps and backups of mobile devices running Android operating systems. These tools include all the best mobile forensics tools, such as UFED Physical Analyzer (Cellebrite), Oxygen Forensics (Oxygen Forensics, Inc), XRY (MSAB), MOBILedit Forensic Express (COMPELSON Labs), and Secure View (Susteen).”
“Examination and analysis using third-party tools is generally performed by importing the device’s memory dump into a mobile forensics tool which will automatically retrieve the results.