SANS Digital Forensics and Incident Response Blog: Tag - Android Forensics

Getting the most out of Smartphone Forensic Exams - SANS Advanced Smartphone Forensics Poster Release

Getting the most out of Smartphone Forensic Exams - SANS Advanced Smartphone Forensics Poster Release There is one certain thing in the DFIR field, and that is that there are far more facts, details and artifacts to remember than can easily be retained in any forensic examiner's brain. SANS has produced an incredibly helpful array … Continue reading Getting the most out of Smartphone Forensic Exams - SANS Advanced Smartphone Forensics Poster Release


Open Source Android Digital Forensics Application

For some time now, I've spent most of my R&D time on Android Forensics. Gartner predicts that Android will be the #2 smart phone platform by 2012, exceeding the iPhone and leaving only Nokia/Symbia in front. With an estimated 95 million devices on the market by that time, forensic examiners will inevitably begin to run across them (if you have not already).

The techniques we've developed will provide a full forensic image of supported Android devices. With the introduction of a new file system (YAFFS2) and a host of other new challenges, our community has considerable work to do to more deeply understand the device.

In an effort to give back to the community, we have released our logical Android Forensic application as open source. You can download it on Google Code and