Since our introductory blog post, we have made a great deal of progress on the Android forensics project. We have done research on the Android operating system versions 2.3.4 and 2.3.6, and on the files systems YAFFS (Yet Another Flash File System) and EXT4 (Fourth Extended File System).
Once we completed operating and file system research, we generated data on three phones- the Avail, the Fusion 2, and the Galaxy Appeal. The data included browsing history, text messages, videos, pictures, apps, contacts, and calendar events. Some of this data was then deleted to see if any tools could recover it.
So far, to extract data from the phones we have used a Cellebrite. In order to collect as much data as possible, we did a Physical, Logical, and File System extraction. The next step in our research is to extract data from all three phones using the XRY.
To see the full blog bost and research results click here.