If any hidden or deleted files are present in the folder being copied, they won’t be in the pasted version of the folder.Īs you’ll see, however, the line between logical and physical extractions in mobile forensics is somewhat blurrier than in traditional computer forensics. In traditional computer forensics, logical extraction is analogous to copying and pasting a folder in order to extract data from a system this process will only copy files that the user can access and see. Because of this interaction with the operating system, a forensic examiner cannot be sure that they have recovered all of the data possible the operating system is choosing which data it allows the examiner to access. However, a more correct definition of logical extraction is any method that requires communication with the base operating system. In digital forensics, the term logical extraction is typically used to refer to extractions that don’t recover deleted data or do not include a full bit-by-bit copy of the evidence. This book explore open source and commercial forensic tools and teaches readers the basic skills of Android malware identification and analysis. This article is taken from the book Learning Android Forensics by Oleg Skulkin, Donnie Tindall, and Rohit Tamma. This tutorial discusses logical data extraction, and one of its subtopics Android SIM card extractions.
0 Comments
Leave a Reply. |