Mobile Forensics Update 1

Introduction

Frequent readers of this blog will not be surprised to see a new iteration of the Mobile Forensics project. This semester, we are focused specifically on social media apps on Android devices. For the purposes of this project, we have defined social media as any app that allows people to communicate, chat, interact, or exchange information. Most applications that will fit this definition are categorized on the Google Play store as “social”.

This year our devices are two LG G6’s and, as in past projects, the team will be taking advantage of Cellebrite’s UFED 4PC and Android Debug Bridge (ADB) to extract information from the app files. Additionally, we will be investigating if there is any difference between the data collected and stored on Android version 7 and Android version 8.

Current Progress

So far we have created processes and templates for organized data generation. After narrowing down which applications we want to look at, we decided the first application we will be pulling data from is Snapchat. We have been practicing rooting devices and pulling the data to figure out what we will look for on the devices. We need to root the devices to be able to get the information off the apps and look under the hood of them. Our LG G6 devices have just arrived, and we are preparing them for data generation.

Conclusion

After prepping our devices, we will download Snapchat and start creating data by sending snaps to the LCDI Snapchat. We will then use the app for a day before we pull information off of it. The more we use the app, the more information we could potentially acquire. When we do a pull, we will analyze all the data we have and once that is complete, we will move on to the next application, Telegram.

Stay tuned for more updates to come and follow us on Twitter @ChampForensics, Instagram @ChampForensics, and Facebook @ChamplainLCDI.