Summary

This chapter was an overview of a few free tools available for Android forensic examiners. These tools are summarized in the following table:

Tool

Features

ViaExtract
  • Free, requires registration and an active Internet connection
  • Logical extractions via an application pushed to the device
  • Backup extractions
  • Filesystem extractions if device is rooted
  • Roots devices
  • Bypasses screen locks without root by pushing an application to the device

Autopsy
  • Free and open source
  • Used to examine extractions done by other tools
  • Allows keyword searching, hash lists, and other common forensic methods
  • Powerful timeline feature
  • Can recover deleted data from supported filesystems

ViaLab
  • Free, requires registration and an active Internet connection
  • Allows an examiner ...

Get Learning Android Forensics now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial