Filesystem extractions are useful for examining the file structure, web browsing history and app usage history of a mobile device. This direct access allows the forensic tools to extract all files present in the internal memory including database files, system files and logs. The primary differentiator between logical extractions and filesystem extractions is the ability for the forensic tools to access the files on the mobile device’s internal memory directly instead of having to communicate through API’s for each type of data. The next step up in extraction abilities is a filesystem extraction. All the data exported in these categories will be live data and will not have the possibility of containing any deleted data. For example you can choose to extract SMS data, but all SMS will be collected not just conversations between specific people or phone numbers. It is possible to specify specific categories to collect, such as only SMS and MMS, but you cannot specify particular items in that category to only export. The typical data available via a logical extraction are call logs, SMS (Short Messaging Service, commonly known as text messages), MMS (Multimedia Messaging Service, which are generally text messages with attachments or group text messages), images, videos, audio files, contacts, calendars and application data. This process allows for the acquisition of most of the live data on the device, much like that of a live targeted collection of computer. The extracted data is output into a readable format. The forensic tools use these API’s to communicate with the mobile device’s operating system and request the data from the system. In a logical extraction, the forensic tools communicate with the operating system of the mobile device using an API (Application Programming Interface), which specifies how software components interact. The quickest and most supported extraction method, but also the most limited, is a logical extraction. The feasibility of these three types of extractions depends upon the make, model and operating system of the mobile device. There are three types of extractions that may be performed on a mobile device: logical, filesystem, and physical.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |