Guideline for forensic investigation of Android smartphones
Denise Muth, Summer term 2013
Smartphones offer versatile applications due to powerful hardware, high storage capacities, an operating system with open interfaces and a permanent data connection. Consequently, smartphones have emerged as increasingly important devices in the field of computer forensics. Especially devices based on the operating system “Android” are widespread and accordingly hold an outstanding market position. In a criminal investigation, the data stored on the system can be used as potential evidence to investigate a crime.
Due to the special technical features of smartphones, the forensic investigation methods essentially differ from those of classical IT forensics. For instance, the approach to securing storage media (data collection) needs rethinking. A simple removal of the hard-wired flash memory, comparable to the removal of a hard drive from a computer, is not possible. Previous studies in the field of forensic investigation of Android smartphones either ignore the operating system-specific focus or do not follow a systematic approach based on approved process models. This might result in improper handling of the devices, leading to loss of essential evidence.
The objective of this master thesis is to provide a proper forensic investigation of Android smartphones. The focus is set on data collection since it forms the essential basis for all further steps of investigation. Through the practical approach, a reference work should be compiled to solve current problems – especially with respect to data collection.
The result is a guideline dedicated to smartphone related changes in IT forensics, allowing a systematic forensic investigation of Android-based smartphones. It builds on a fundamental process model that has been established while taking into account approved approaches and specific forensic aspects relating to Android. In conclusion, a practical scenario successfully demonstrates the applicability of the data collection methods.