Mobile Forensics Method | Description | Usage |
---|---|---|
Manual Extraction | Involves looking at the device’s content page by page and taking pictures. | Used if investigators can’t do a logical or physical extraction. |
Logical Extraction | The mobile device is connected to a forensic workstation via a wired (USB cable, for example) or wireless (such as Bluetooth) connection. | Extracts the file system information. |
Physical Extraction | Similar to logical extraction, but involves creating a forensic copy of the device. | Allows retrieval of deleted files and decoding of other items. |
Hex Dumping | Uses a modified boot loader to access the RAM for analysis. | |
Joint Test Action Group (JTAG) Extraction | Retrieves information directly from the processor, flash memory, or other physical components. | Highly invasive method. |
Chip-Off | Involves physically removing the flash memory chip from the device. | Gathers information at the binary level. |
Micro Read | Utilizes an electron microscope to examine logic gates. | Can be used even when data has been overwritten on magnetic media. Very expensive, used for national security cases. |
Be Part of Hall of Fames | Check Why Students Trust Us [70+ Review] | New MCQs This Week