This talk details a selection of techniques for getting the data out of an Android device in order to perform forensic analysis. It covers cracking lockscreen passwords, creating custom forensic ramdisks, bypassing bootloader protections and stealth real-time data acquisition. We’ll even cover some crazy techniques - they may get you that crucial data when nothing else will work, or they may destroy the evidence!
Forensic practitioners are well acquainted with push-button forensics software. They are an essential tool to keep on top of high case loads – plug in the device and it pulls out the data. Gaining access to that data is a constant challenge against sophisticated protection being built into modern smartphones. Combined with the diversity of firmware and hardware on the Android platform it is not uncommon to require some manual methods and advanced tools to get the data you need.
This talk will reveal some of the techniques forensic software uses behind the scenes, and will give some insight into what methods and processes blackhats and law enforcement have at their disposal to get at your data. Free and Open Source tools will be released along with this talk to help you experiment with the techniques discussed.
Note that this talk does not discuss Android analysis basics such as how to use ADB or what the SDK is - it is assumed you know these or can easily look them up afterwards.