Posts

Showing posts from January, 2024

A first look at Android 14 forensics

Android 14 was released to the public by the Open Handset Alliance on October 4, 2023, and is now available on various smartphones, including the Google Pixel. This blog post aims to explore a list of the majr oartifacts you can find on this version of the Android OS.  For testing and review, I set up a Google Pixel 7A and used it for about a month, with a SIM card and various native and third-party apps installed. The blog post is organized by sections: Device information and general settings User accounts Information on Cellular, Wi-Fi, and Bluetooth connections Native Android applications Google applications Analysis of the use of native and third-party applications Other relevant information As always, I'll try to update this blog post as I test and research. Device information and general settings build.prop TXT format Stored in the root directory of the system partition  Among other things, it contains the device manufacturer, the device model, the operating system ...

Analysis of Android settings during a forensic investigation

Image
During the forensic examination of a smartphone, we sometimes need to understand some basic settings of the device. Some simple examples are: What is the name of the device? Is the "Set time automatically" option on or off? Is the "Set time zone automatically" option on or off? Is mobile data switched on or off? Is mobile data roaming switched on or off? On Android devices, most of these settings are managed centrally by the Android settings provider.  The source code is available here . This topic is covered in a blog post by Yoghes Khatri who explores a way to extract and analyze Android settings using an Android Backup created with the "keyvalue" option. In this blog post, I'd like to expand the discussion a bit, by exploring: How can these settings be extracted? What information is potentially more relevant for a forensic investigation? Android Settings extraction There are basically 3 ways to extract the Android settings, depending on your case: ...