If you have taken or plan to take FOR585: Advanced Smart Phone Forensics, you realize how desirable it is to have a rooted Android device for analysis. A rooted Android will provide access to full physical partitions that are not typically available on devices without system level permissions. But lets suppose that you are interested specifically in application research and data that can be found in the USERDATA partition. It is becoming more common for application developers to restrict very important user artifacts from being accessed from these Android devices. This most often includes the SQLite databases, which likely contain the information that we, as examiners, are after.
FOR585, discusses many of the ways that forensic tools will attempt to TEMPORARILY or SOFT root your device in order to extract data. For research purposes, we often seek a device with a FULL root, or one in which the root will persist even after the device loses power. This webcast will explore topics such as 1) Choosing the best test device, 2) Rooting your Android, 3) Utilizing File Browsers for quick file/folder access, and 4) Examining application directories of interest, all using utilities that exist on your SIFT workstation or that can be downloaded for free from the Internet.