Android TOT container parsing with Oxygen Forensics
The Oxygen Forensic program has already been described in the Chapter 1, SIM Cards Acquisition and Analysis. The Oxygen Forensic program has a specialized Oxygen Forensic Extractor module that can be used to make logical extraction, backup, and physical dump of a mobile device running Android operating systems. The Oxygen Forensic program is able to import and analyze the mobile device’s data extracted via other hardware and software. The program can import the following types of images and data of Android devices:
- Android backup
- Android physical image
- Android YAFSS physical image
- JTAG image
- Filesystem tarball or ZIP archive
- Filesystem image folder
- Nandroid backup Nandroid (CWM)
- Nandroid Nandroid (TWRM)
- Android TOT container
As an example, the import of data from Android TOT containers will be described. These containers can be created by some types of flashers during the process of an Android device’s memory reading.
How to do it…
- Click the arrow...
