Supporting the Unsupported: Carving, Parsing, and Creating Custom Artifacts
Many of the new mobile applications that daily hit the App Store and Google Play contain features that can contain crucial evidence. Often, though, commercial forensic tools cannot keep pace with these apps or their consumer usage. This lab will describe how to acquire evidence from a wide range of smartphones including Samsung, LG, Qualcomm, and off-brand devices using MTK chips. We’ll review methods to discover and parse data from unsupported applications, including the chat, contact, location, and historical data that can be found using AXIOM’s Dynamic App Finder. Finally, we’ll discuss how to create custom artifacts to parse and carve data from the unsupported databases.