Android smartphones largely dominate the smartphone market. For this reason, it is very important to examine these smartphones in terms of digital forensics since they are often used as evidence in trials. It is possible to acquire a physical or logical image of these devices. Acquiring physical and logical images has advantages and disadvantages compared to each other. Creating the logical image is done at the file system level. Analysis can be made on this logical image. Both logical image acquisition and analysis of the image can be done by software tools. In this study, the differences between logical image and physical image acquisition in Android smartphones, their advantages and disadvantages compared to each other, the difficulties that may be encountered in obtaining physical images, which type of image contributes to obtaining more useful and effective data, which one should be preferred for different conditions, and the benefits of having root authority are discussed. The practice of getting the logical image of the Android smartphones and making an analysis on the image is also included. Although root privileges are not required for logical image acquisition, it has been observed that very limited data will be obtained with the logical image created without root privileges. Nevertheless, logical image acquisition has advantages too against physical image acquisition.
References
[1]
Curry, D. (2022) Android Statistics (2021). Business of Apps. https://www.businessofapps.com/data/android-statistics/
[2]
AlHidaifi, S. (2018) Mobile Forensics: Android Platforms and WhatsApp Extraction Tools. International Journal of Computer Applications, 179, 25-29. https://doi.org/10.5120/ijca2018917264
[3]
Ashawa, M. and Ogwuche, I. (2017) Forensic Data Extraction and Analysis of Left Artifacts on Emulated Android Phones: A Case Study of Instant Messaging Applications. Seizure, 19, 8-16. https://doi.org/10.22632/ccs-2017-252-67
[4]
Jeffay, J. (2024) Smartphone Is the Key to Solving Crime with AI. NoCamels. https://nocamels.com/2023/02/smartphone-is-the-key-to-solving-crime-with-ai/
[5]
Petrosyan, A. (2024) Targets of External Attacks Global 2023. Statista. https://www.statista.com/statistics/1451097/targets-of-external-attacks-worldwide/
[6]
Tajuddin, T.B. and Manaf, A.A. (2015) Forensic Investigation and Analysis on Digital Evidence Discovery through Physical Acquisition on Smartphone. 2015 World Congress on Internet Security (WorldCIS), Dublin, 19-21 October 2015, 132-138. https://doi.org/10.1109/WorldCIS.2015.7359429
[7]
Taylor, P. (2024) Forecast Number of Mobile Users Worldwide 2020-2025. Statista. https://www.statista.com/statistics/218984/number-of-global-mobile-users-since-2010/
[8]
Daware, S., Dahake, S. and Thakare, V.M. (2012) Mobile Forensics: Overview of Digital Forensic, Computer Forensics vs. Mobile Forensics and Tools. International Journal of Computer Applications, 2012, 7-8.
[9]
Srivastava, H. and Tapaswi, S. (2015) Logical Acquisition and Analysis of Data from Android Mobile Devices. Information and Computer Security, 23, 450-475. https://doi.org/10.1108/ICS-02-2014-0013
[10]
Çakir, H. and Kiliç, M.S. (2013) An Overview of Methods of Obtaining Evidence on Cyber Crimes (Bilişim suçlarına ilişkin delil elde etme yöntemlerine genel bir bakış). Polis BilimleriDergisi, 15, 23-44.
[11]
Harding, S. (2024) Why Mobile Digital Forensics Is a Growing Field. https://studyonline.port.ac.uk/blog/mobile-forensics
[12]
Freiling, F., Groß, T., Latzo, T., Müller, T. and Palutke, R. (2018) Advances in Forensic Data Acquisition. IEEE Design & Test, 35, 63-74. https://doi.org/10.1109/MDAT.2018.2862366
[13]
Kessler, G.C. and Carlton, G.H. (2014) A Study of Forensic Imaging in the Absence of Write-Blockers. Journal of Digital Forensics, Security and Law, 9, Article 4. https://doi.org/10.15394/jdfsl.2014.1187
[14]
Feng, P., Li, Q., Zhang, P. and Chen, Z. (2018) Logical Acquisition Method Based on Data Migration for Android Mobile Devices. Digital Investigation, 26, 55-62. https://doi.org/10.1016/j.diin.2018.05.003
[15]
Kävrestad, J. (2020) Collecting Data. In: Kävrestad, J., Ed., Fundamentals of Digital Forensics: Theory, Methods, and Real-Life Applications, Springer International Publishing, Cham, 101-113. https://doi.org/10.1007/978-3-030-38954-3_11
[16]
EC-Council (2024) How to Handle Data Acquisition in Digital Forensics. Cybersecurity Exchange. https://www.eccouncil.org/cybersecurity-exchange/computer-forensics/data-acquisition-digital-forensics/
[17]
Lukito, N.Y.P., Yulianto, F.A. and Jadied, E. (2016) Comparison of Data Acquisition Technique Using Logical Extraction Method on Unrooted Android Device. 2016 4th International Conference on Information and Communication Technology (ICoICT), Bandung, 25-27 May 2016, 1-6. https://doi.org/10.1109/ICoICT.2016.7571934
[18]
(2021) Questions about Rooting without Unlocking Bootloader? General Questions and Answers. https://forum.xda-developers.com/t/questions-about-rooting-without-unlocking-bootloader.4281491/
[19]
Android Authority (2024) We Asked, You Told Us: Your Android Phone Definitely Isn’t Rooted. https://www.androidauthority.com/android-phone-rooted-poll-results-3225345/
[20]
Akarawita, I., Perera, A. and Atukorale, A. (2015) ANDROPHSY—Forensic Framework for Android. 2015 Fifteenth International Conference on Advances in ICT for Emerging Regions (ICTer), Colombo, 24-26 August 2015, 250-258. https://doi.org/10.1109/ICTER.2015.7377696
[21]
Reality Net (2021) Android_Triage. https://github.com/RealityNet/android_triage
[22]
Da Silveira, C.M., et al. (2020) Methodology for Forensics Data Reconstruction on Mobile Devices with Android Operating System Applying In-System Programming and Combination Firmware. Applied Sciences, 10, Article 4231. https://doi.org/10.3390/app10124231
[23]
Backtrack and Deft Linux Experts (2022) Tsrugi Linux. https://tsurugi-linux.org/index.php
[24]
Aji, M., Hariyadi, D. and Rochmadi, T. (2020) Logical Acquisition in the Forensic Investigation Process of Android Smartphones Based on Agent Using Open Source Software. IOP Conference Series: Materials Science and Engineering, 771, Article ID: 012024. https://doi.org/10.1088/1757-899X/771/1/012024
[25]
Zhang, H., Chen, L. and Liu, Q. (2018) Digital Forensic Analysis of Instant Messaging Applications on Android Smartphones. 2018 International Conference on Computing, Networking and Communications (ICNC), Maui, 5-8 March 2018, 647-651. https://doi.org/10.1109/ICCNC.2018.8390330
[26]
Yalçın, N. and Kılıç, B. (2019) Digital Evidences According to ISO/IEC 27035-2, ISO/IEC 27037, ISO/IEC 27041, ISO/IEC 27042 and ISO/IEC 27043 Standards. SETSCI-Conference Proceedings, 9, 444–449. https://doi.org/10.36287/setsci.4.6.118
[27]
Alexis, B. (2021) ALEAPP-Master. https://github.com/abrignoni/ALEAPP
[28]
Racioppo, C. and Murthy, N. (2012) Android Forensics: A Case Study of the ‘HTC Incredible’ Phone. Proceedings of Student-Faculty Research Day, New York, May 2012, 8.
[29]
Sathe, S.C. and Dongre, N.M. (2018) Data Acquisition Techniques in Mobile Forensics. 2018 2nd International Conference on Inventive Systems and Control (ICISC), Coimbatore, 19-20 January 2018, 280-286. https://doi.org/10.1109/ICISC.2018.8399079
[30]
DFIR Science (2022) Logical Image Created with Root Authority. https://www.youtube.com/watch?v=_cm1n0stVrA
