New White Paper: Android Acquisition Methods from Root to Recovery

Now available! Learn about the live and dead exploit methods available to acquire evidence from Android devices—including newer recovery methods. Download our white paper to learn more!

In last week’s blog post, we offered a short history into the many mobile forensic methods that exist to help investigators retrieve evidence from Android devices. We talked about their limitations and some of the methods that evolved to overcome them.

With recovery images now a part of Magnet AXIOM, enabling you to acquire evidence from an array of screen-locked Samsung devices, we wanted to revisit these and other live and dead exploit methods.

Now available for download, our new white paper describes more about:

• “Live exploit” methods using the Android Debug Bridge (ADB) and agents.
• “Dead exploit” methods including flasher boxes and bootloaders—and why their effectiveness is decreasing.
• The risks that go along with each method and how to make sure you reduce them.
• What to document along the way.

The many different methods available to you—and especially, figuring out which ones work best for the devices you’re seizing and searching—may seem intimidating: especially if you’re new to mobile forensics. Our white paper is designed to help you start to unpack the methods and the way they work, and hopefully provide you a good starting point—or refresher—to use in conducting your forensic research and examinations. Download it today!