This past year, the Nougat operating system has gained ground in the Android marketplace against Marshmallow and Lollipop. Examiners need to understand how Android Nougat is impacting forensic analysis, so we’re offering a new best practice guide to help get the most evidence from smartphones running Nougat.
“Taking Bytes out of Android Nougat Forensic Analysis” is an introduction to Android 7.0’s latest round of security features, including:
- What Android marketplace changes mean for forensics
- Direct Boot: Credential vs. Device Encrypted Storage as an answer to challenges with full disk encryption
- Nougat’s new file-based encryption and the multi-user environment
- New file partitions and pathing for often-accessed databases
- Adapting and evolving your forensic skill set
(Need more background on the security measures Google introduced in the Marshmallow operating system, v.6.0, including full disk encryption, changes to the file system, and adoptable storage? Download that white paper here!)
Android device security isn’t going to revert to a simpler time as consumers continue to demand protection from data thieves, governments, and one another. As Google continues to compete with Apple on this front, forensic examiners need practical insight into the required changes in forensic processes.