Abstract

This paper presents a comprehensive analysis of forensic techniques for Android devices, focusing on logical extraction methods and temporary root techniques. As Android smartphones continue to dominate the mobile market, they serve as critical sources of digital evidence in forensic investigations. However, security mechanisms such as application sandboxing, encryption, and file-based access controls pose challenges to forensic data acquisition. Logical extraction techniques provide a non-intrusive approach to retrieving user-accessible data, ensuring evidence integrity while maintaining the device’s operational state. This method is particularly useful for standard forensic investigations where access to unaltered, user-level data is required. Conversely, temporary root methods exploit system vulnerabilities to gain elevated privileges, allowing forensic experts to access deleted and system-level files with minimal modification to the device. This approach is essential for advanced forensic investigations requiring deeper insights into device storage structures. The paper evaluates the strengths and limitations of both methodologies, considering factors such as data accessibility, forensic soundness, and legal admissibility. Additionally, it discusses the evolving landscape of Android security, highlighting challenges introduced by encryption, cloud storage, and anti-forensic techniques. A comparative analysis underscores the importance of selecting the appropriate technique based on investigative needs and device security constraints. The findings suggest that a hybrid forensic strategy beginning with logical extraction and escalating to temporary root techniques when necessary can optimize evidence acquisition while preserving forensic integrity. This study provides forensic practitioners with insights into effective Android forensic methodologies, ensuring comprehensive digital investigations within legal and ethical frameworks.

• 1.   Lukito, N.Y.P., Yulianto, F.A., & Jadied, E. (2016). Comparison of Data Acquisition Techniques Using Logical Extraction Method on Unrooted Android Devices. 2016 Fourth International Conference on Information and Communication Technologies (ICoICT), 1-6. IEEE.
• 2.   Guo, W., Wu, S., & Wang, D. (2017). A Forensic Method for Android Devices Based on the Technique of Temporary Root. The 12th International Conference on Computer Science & Education (ICCSE), 502-505. IEEE.
• 3.   Hoog, A. (2011). Android Forensics: Investigation, Analysis, and Mobile Security for Google Android. Syngress.
• 4.   Vidas, T., Zhang, C., & Christin, N. (2011). Toward a General Collection Methodology for Android Devices. Digital Investigation, 8, S14-S24.
• 5.   Ableson, F., Collins, C., & Sen, R. (2009). Unlocking Android. Manning Publications.
• 6.   Casey, E. (2011). Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet. Academic Press.
• 7.   Lessard, J., & Kessler, G. (2010). Android Forensics: Simplifying Cell Phone Examinations. Small Scale Digital Device Forensics Journal,4(1).
• 8.   Rogers, M.K., & Seigfried, K. (2004). The Future of Computer Forensics: A Needs Analysis Survey. Computers & Security, 23(1), 12-16.
• 9.   Stuttgen, J., & Cohen, M. (2013). Anti-Forensic Resilient Memory Acquisition. Digital Investigation, 10, S105-S115.
• 10.   Ovens, M., & Morison, S. (2016). Forensic Examination of Mobile Devices Using OpenSource Tools. Forensic Science International, 267, 26-34.

Data Sharing Statement

Funding