Mobile Forensics MethodDescriptionUsage
Manual ExtractionInvolves looking at the device’s content page by page and taking pictures.Used if investigators can’t do a logical or physical extraction.
Logical ExtractionThe mobile device is connected to a forensic workstation via a wired (USB cable, for example) or wireless (such as Bluetooth) connection.Extracts the file system information.
Physical ExtractionSimilar to logical extraction, but involves creating a forensic copy of the device.Allows retrieval of deleted files and decoding of other items.
Hex DumpingUses a modified boot loader to access the RAM for analysis.
Joint Test Action Group (JTAG) ExtractionRetrieves information directly from the processor, flash memory, or other physical components.Highly invasive method.
Chip-OffInvolves physically removing the flash memory chip from the device.Gathers information at the binary level.
Micro ReadUtilizes an electron microscope to examine logic gates.Can be used even when data has been overwritten on magnetic media. Very expensive, used for national security cases.

Leave a Reply