Mobile device encryption has been a headache for investigators ever since Apple introduced it with the iPhone 3GS and iOS 3.0. Since that time, encryption headaches have only accelerated, with Apple tying it to hardware (the A5 and later processing chips) and adding layers of data to its encryption.
With Android in the game now that it’s successfully improved its encryption game with Marshmallow, it may seem that investigative challenges continue to mount. However, as our new white paper shows, the truth is not completely beyond reach—only obfuscated.
A Downloadable Guide to Investigating the Most Popular Android OS
Marshmallow has only gained ground as more mobile device manufacturers ship it preinstalled on new devices, a trend that accelerated over the 2016 holidays. With its adoption rate gaining rapidly on other Android operating systems, the need for forensic examiners to know how to obtain data from it has become more important, too.
Our white paper, “Demystifying Android Marshmallow Forensic Analysis,” details how to approach this operating system. Download the white paper to learn more about:
- Why Marshmallow’s built-in encryption isn’t necessarily the end of the forensic line
- How to bypass new and different levels of data obfuscation
- Where—and more importantly, how—to find the right data partition
- How adoptable storage changes your forensic process for micro SD cards
Android Marshmallow forensic analysis isn’t as mysterious or insurmountable as it might seem, but rather, requires a degree of creativity and an investigative mindset to get past its most significant challenges.