![]() ![]() Copies and readings are made block by block at the filesystem level. According to Mota Filho, the least amount of information that an OS can read in a filesystem is a block that, at the physical disk level, is equivalent to a cluster. ![]() It is considered to be the most effective in forensic terms and is performed using specific tools. A physical acquisition can acquire all data present on a storage device, including deleted data that has not yet been overwritten, in addition to copying unallocated space. Such an approach is similar to that adopted in computer forensic investigations. The process creates a copy of the entire file system bit by bit. Physical Acquisition: Physical acquisition on mobile devices consists of copying information from the device by direct access to the internal storage memory. Studies also demonstrate that data preservation and integrity are maintained, which is critical to a digital forensic process. The techniques included in the methodology are effective on encrypted devices, in which the JTAG and Chip-Off techniques prove to be ineffective, especially on those that have an unauthorized access protection mechanism enabled, such as lock screen password, blocked bootloader, and Factory Reset Protection (FRP) active. The methodology is also feasible in devices compatible with the usage of Joint Test Action Group (JTAG) techniques and which use Embedded Multimedia Card (eMMC) or Embedded Multi-Chip Package (eMCP) as main memory. The carried out experiments show that the proposed methodology is convenient and practical and provides new possibilities for data acquisition on devices that run the Android Operating System with advanced protection mechanisms. The proposed methodology allows an overview of the use of the In-System Programming (ISP) technique with the usage of Combination Firmware, aligned with specific collection and analysis processes. This paper proposes a new forensic analysis methodology that combines processes, techniques, and tools for physical and logical data acquisition from mobile devices. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |