Android Forensics

The book I read to research this post was Android Forensics by Andrew Hoog which is a very good book which I read at http://safaribooksonline.com

This book is a how to guide to doing digital forensics on an android smartphone. Most of the software used in the tutorials is open source although in some cases it's free to people who are employed in digital forensics labs but the rest of us have to pay for it. Much of the process of interrogating  a smartphone is very complicated. There is a very interesting section on the history of android which was developed by Android Inc before Google bought them out.  It's based on the Linux 2.6 Kernel. There is also an operating system called Minix which is a sort of Linux or Unix software that runs on Apple Macs, 

When interrogating a phone ideally the sim card should be removed and the wireless carrier contract should be suspended to make sure the data doesn't change in anyway way. Also put it in a faraday bag to prevent unwanted transmissions. Sometimes the SD card has to be removed but the smartphone has to be turned off to do this and there is a chance if you have something like a virus some of them disappear once you do this making it impossible to trace. There is a couple of file systems mentioned but I think the book is showing its age and they may be obsolete on the latest phones. One is FAT 32 which of course had widespread use with windows pc's. The other is YAFFS2 or Yet Another Flash File System and you might find one of these on older machines. I enjoyed reading this book although I would advice a complete beginner to read something else.