Analyzing a full physical image

Once an image has been obtained using one of the discussed methods, an examiner could conceivably go through the image manually and extract each partition, but would probably prefer to avoid doing that. Luckily, there is a wide variety of mobile forensic tools that can ingest a physical image, such as Cellebrite, XRY, Mobile Phone Examiner, and many others. Unfortunately, none of these are free or open source. By far the most popular analysis tool that is free and open source is Autopsy by Brian Carrier.

Autopsy

The Sleuth Kit began as a set of Linux-based command line tools for forensics; eventually, a browser-based GUI named Autopsy was added. Recently, Autopsy has been released as a stand-alone platform on Windows, ...

Get Learning Android Forensics now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Learning Android Forensics by Rohit Tamma, Donnie Tindall

Analyzing a full physical image

Autopsy

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly