- #BLACKBAG FORENSICS COMPARED TO OXYGEN FORENSICS FULL#
- #BLACKBAG FORENSICS COMPARED TO OXYGEN FORENSICS SOFTWARE#
- #BLACKBAG FORENSICS COMPARED TO OXYGEN FORENSICS SERIES#
File System AcquisitionĪ file system acquisition is a step down in completeness but also somewhat easier to accomplish.
#BLACKBAG FORENSICS COMPARED TO OXYGEN FORENSICS FULL#
This type of acquisition “ is the most complete, it is also the slowest and hardest to obtain.” A device may need to be rooted or jailbroken to facilitate a full physical image. Full Physical Acquisitionįull physical acquisitions are attempts to image every bit of stored data from the device’s memory, including both active files and any files or fragments in unallocated space ( i.e., deleted files). Generally, though, you will have a choice between a full physical acquisition, a file system acquisition, and a logical acquisition. The precise options available to you will depend on the specific source device, the operating system and security settings active on it, and the acquisition tool you are employing.
When executing mobile device acquisitions, there are a range of options similar to those available when conducting traditional computer drive acquisitions. Other options, with various strengths, weaknesses, and specialties, are available from MSAB, Katana Forensics, Magnet Forensics, Paraben, Oxygen Forensics, BlackBag Technologies, and Elcomsoft. The most widely used tools come from Cellebrite. There are now many specialized tools available for mobile acquisitions, with the most powerful costing thousands of dollars per kit/license. Additionally, the ever-expanding use of stronger and stronger encryption techniques can create more delays and challenges, with some data being functionally unobtainable without the necessary passwords.
#BLACKBAG FORENSICS COMPARED TO OXYGEN FORENSICS SOFTWARE#
Although Mobile Device Management software can facilitate remote deletions of company data, none can yet facilitate remote collections. All collections must also currently be done in person, with the physical device and the custodian’s password(s). The time required to execute these collections can also be much greater, with a 64GB iPhone potentially taking longer to capture than a 640GB hard drive. These tools are collection kits akin to those used for forensic acquisitions from traditional computer sources, but they feature connection options for all of the common mobile standards and more specialized software for interfacing with the wide range of potential data formats, file systems, etc. Tools for Acquisitionīecause of the huge diversity in smartphone and tablet hardware and software, collecting from these sources poses special challenges and requires special tools. In this Part, we continue our discussion of mobile devices in eDiscovery with a review of acquiring that data from them. In the second Part, we reviewed what is encompassed by “mobile devices” and what data is potentially contained on them. In the first Part of this series, we reviewed the ubiquity, usage, and business realities of mobile devices.
#BLACKBAG FORENSICS COMPARED TO OXYGEN FORENSICS SERIES#
A multi-part series on the logistical, technical, and legal challenges posed by the proliferation and popularity of smartphones and tablets
0 kommentar(er)
