In the previous chapter, we covered the fundamentals of Android architecture, security features, filesystems, and other capabilities. Having an established forensic environment before the start of an examination is important, as it ensures that the data is protected while the examiner maintains control of the workstation. This chapter will explain the process of, and what to consider when, setting up a digital forensic examination environment. It is paramount that the examiner maintains control of the forensic environment at all times; this prevents the introduction of contaminants that could affect the forensic investigation.
We will cover the following topics in this chapter:
- Setting up a forensic environment
- Connecting the device and accessing it from a workstation
- Screen lock bypass techniques
- Gaining root access to...