Mobile Phone Forensic - How to Make Analysis on Smartphone Backups?
The advancement in wireless technology and mobiles has had a great impact on our lives. The number of smartphone users is increasing day by day. The dependency on smartphones is at the peak for not just communication but for various other purposes such as shopping, banking, and more. Though smartphones are highly useful in our lives, it has become a double-edged knife. The criminals also use smartphones as a tool to execute their plan. In the case of crime, the smartphone acts as a source of invaluable evidence to catch hold of the criminals. The problem is that the investigators find it challenging to extract information from the mobile. Let us take a look at how mobile is analyzed with the help of mobile phone forensic tools.
What is a mobile forensic?
Mobile forensics is a branch of digital forensics that involves the acquisition of data and analysis of the data from mobile devices to retrieve any mobile evidence. The mobile phones pose various challenges to the investigator due to various encryption and backup. The smartphone forensic system helps in the easy extraction of data from the smartphone. The mobile forensic process can be broken down into three steps: seizure, acquisition, and examination/analysis. Let us see how a backup is handled by the investigators.
What is android backup?
The latest android phones have an inbuilt feature to take backup of entire logical data of the phone into a single encrypted file. The logical data comprises various data such as app data, images, videos, and much more. This file has an extension .ab. This file is first compressed and encrypted and the user can provide a password to secure this file while taking backup.
How is the backup taken?
- The first step is to enable the developer mode- open settings, select about the phone, and Tap Build Number option 5-6 times. Now you will be able to view the developer option in the settings menu. The developer option differs from phone to phone.
- Tap on developer mode and enable it and in it, you can find another option which is known as USB DEBUGGING-enable this option
- Then enable Desktop backup password from settings
- Connect the phone to the PC
- Now ADB shell will be opened and a command will be run to confirm the connection between the phone and the desktop.
- After this certain commands will be executed by the investigator to take the backup
- After the command has been run a screen will appear on the phone screen you have to enter Desktop background password and tap on backup my data
- Once the password is entered, you will get a file in .ab form which is the android backup format. This has to be converted to tar or jar format.
Analysis of evidence
The analysis of the backup files is a complex process that can be done only with the help of a robust analysis tool such as UFED 4pc software. This tool can interpret, decode, read, and control with various teams. The software can be used for the retrieval of Wi-Fi networks name (SSID) and their password, Details of all dialed number/call log with a timestamp, Detail of all installed apps, Media with name, capturer model name, Timestamp, and much more.
If you want to speed up the process of evidence recovery the UFED 4pc software will be your best bet as it is powerful and robust.