{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,26]],"date-time":"2026-03-26T14:05:26Z","timestamp":1774533926524,"version":"3.50.1"},"reference-count":34,"publisher":"Emerald","issue":"5","license":[{"start":{"date-parts":[[2015,11,9]],"date-time":"2015-11-09T00:00:00Z","timestamp":1447027200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015,11,9]]},"abstract":"\n Purpose<\/jats:title>\n \u2013 The purpose of this paper is to propose an approach that helps in acquisition of live data as well as data stored in the internal\/external memory of android mobile device considering that the data on the device are not much altered during the extraction process. Also, the emphasis is laid on testing the validity of existing forensic tools against the data obtained manually and by using this approach. Smartphones have spurred the mobile computing technology, and Android is widely used as an Operating System in these devices. These days, users store most of their personal information like emails, images, contacts etc., on Phones\/Tablets as their data would be readily accessible and thus convenient for them. <\/jats:p>\n <\/jats:sec>\n \n Design\/methodology\/approach<\/jats:title>\n \u2013 Android Operating System is built on the Linux Kernel and scripts to extract data from Android Mobile Device with the use of Android Debugging Bridge have been written. The approach is more focused on the logical acquisition of data from devices rather than acquisition using physical methods. <\/jats:p>\n <\/jats:sec>\n \n Findings<\/jats:title>\n \u2013 Live data of the Facebook application running on the device can be extracted. Also, the password of the LuksManager application (used to create an encrypted volume on the device), which is stored in the internal memory, is also extracted and identified. <\/jats:p>\n <\/jats:sec>\n \n Research limitations\/implications<\/jats:title>\n \u2013 The study has been conducted in an academic environment, thereby limiting external validity. Another limitation is the limited edition of some of the software forensics tools that are used. The full access to these software tools are restricted by Law enforcement and Investigation policies. The research provides a different approach which could aid in criminal investigation activities on mobile devices. <\/jats:p>\n <\/jats:sec>\n \n Practical implications<\/jats:title>\n \u2013 The devices which have the latest versions of Android not only store messages and mails, but a lot of information about GPS, as well as information about popular applications like Facebook, WhatsApp, etc. This could practically help a lot in criminal investigation. <\/jats:p>\n <\/jats:sec>\n \n Originality\/value<\/jats:title>\n \u2013 This study is important because very few works have been done on recent versions (Jellybean and Kitkat) of Android. The proposed approach could extract large amounts of information as compared to earlier approaches with the newer versions of Android having larger memory and new features.<\/jats:p>\n <\/jats:sec>","DOI":"10.1108\/ics-02-2014-0013","type":"journal-article","created":{"date-parts":[[2015,11,3]],"date-time":"2015-11-03T03:30:17Z","timestamp":1446521417000},"page":"450-475","source":"Crossref","is-referenced-by-count":20,"title":["Logical acquisition and analysis of data from android mobile devices"],"prefix":"10.1108","volume":"23","author":[{"given":"Himanshu","family":"Srivastava","sequence":"first","affiliation":[]},{"given":"Shashikala","family":"Tapaswi","sequence":"additional","affiliation":[]}],"member":"140","reference":[{"key":"key2020122001141211200_b1","unstructured":"ACPO\n (2007), \u201cGood practice guide for computer-based electronic evidence ver. 4\u201d, available at: www.7safe.com\/electronic_evidence\/ACPO_guidelines_computer_evidence_v4_web.pdf"},{"key":"key2020122001141211200_b2","unstructured":"Alliance, Open Handset\n (2007), \u201cAndroid operating system\u201d, available at: http:\/\/en.wikipedia.org\/wiki\/Android%28operating_system%29 (accessed 22 December 2013)."},{"key":"key2020122001141211200_b3","unstructured":"Android Source Codes \n \n (2007), available at: http:\/\/source.android.com\/source\/"},{"key":"key2020122001141211200_b4","unstructured":"Android Wiki, Boot and Recovery Image for Mobile Device \n \n (2013), available at: http:\/\/android-dls.com\/wiki\/index.php?title=HOWTO:_Unpack%2C_Edit%2C_and_Re-Pack_Boot_Images"},{"key":"key2020122001141211200_b5","unstructured":"ASTM International\n (2009), \u201cForensic science standards\u201d, available at: www.astm.org\/Standards\/forensic-science-standards.html"},{"key":"key2020122001141211200_b6","unstructured":"Barghuthi Al, N.B.\n and \n Said, H.\n (2013), \u201cSocial networks in forensics: encryption analysis\u201d, \n Journal of Communications\n , Vol. 8 No. 11, pp. 708-715."},{"key":"key2020122001141211200_b7","doi-asserted-by":"crossref","unstructured":"Barmpatsalou, K.\n , \n Damopoulos, D.\n , \n Kambourakis, G.\n and \n Katos, V.\n (2013), \u201cA critical review of 7 years of mobile device forensics\u201d, \n Digital Investigation\n , Vol. 10 No. 4, pp. 323-349.","DOI":"10.1016\/j.diin.2013.10.003"},{"key":"key2020122001141211200_b8","doi-asserted-by":"crossref","unstructured":"Becker, A.\n , \n Mladenow, A.\n , \n Kryvinska, N.\n and \n Strauss, C.\n (2012), \u201cAggregated survey of sustainable business models for agile mobile service delivery platforms\u201d, \n Journal of Service Science Research\n , Vol. 4 No. 1, pp. 97-121.","DOI":"10.1007\/s12927-012-0004-3"},{"key":"key2020122001141211200_b9","unstructured":"Bornstein, D.\n (2008), \u201cDalvik vm internals\u201d, Google I\/O Developer Conference, San Francisco, Vol. 23, pp. 17-30."},{"key":"key2020122001141211200_b10","doi-asserted-by":"crossref","unstructured":"Breeuwsma, I.\n (2006), \u201cForensic imaging of embedded systems using JTAG (boundary-scan)\u201d, \n Digital Investigation\n , Vol. 3 No. 1, pp. 32-42.","DOI":"10.1016\/j.diin.2006.01.003"},{"key":"key2020122001141211200_b11","doi-asserted-by":"crossref","unstructured":"Canlar, E.S.\n , \n Conti, M.\n , \n Crispo, B.\n and \n Di Pietro, R.\n (2013), \u201cWindows mobile LiveSD forensics\u201d, \n Journal of Network and Computer Applications\n , Vol. 36 No. 2, pp. 677-684.","DOI":"10.1016\/j.jnca.2012.12.024"},{"key":"key2020122001141211200_b12","unstructured":"Casadei, F.\n , \n Savoldi, A.\n and \n Gubian, P.\n (2006), \u201cForensics and SIM cards: an overview\u201d, \n International Journal of Digital Evidence\n , Vol. 5 No. 1, pp. 1-21."},{"key":"key2020122001141211200_b13","unstructured":"Casey, E.\n (2011), \n Digital Evidence and Computer Crime: Forensic Science Computers and the Internet\n , 3rd ed., Academic Press, Waltham, Massachusetts."},{"key":"key2020122001141211200_b15","unstructured":"ClockWorkMod Recovery\n (2012), \u201cClockworkMod custom recovery images for mobile device\u201d, available at: http:\/\/forum.xda-developers.com\/wiki\/ClockworkMod_Recovery (accessed 22 December 2013)."},{"key":"key2020122001141211200_b16","unstructured":"Foundation, E.\n (2013), \u201cMAT memory analyzer tool\u201d, available at: www.eclipse.org\/mat\/ (accessed 22 December 2013)."},{"key":"key2020122001141211200_b17","doi-asserted-by":"crossref","unstructured":"Hoog, A.\n (2011), \n Android Forensics: Investigation, Analysis and Mobile Security for Google Android\n , Elsevier, Amsterdam.","DOI":"10.1016\/B978-1-59749-651-3.10006-8"},{"key":"key2020122001141211200_b18","doi-asserted-by":"crossref","unstructured":"Jansen, W.\n and \n Ayers, R.\n (2007), \n Guidelines on Cell Phone Forensics\n , National Institute of Standards and Technology, Gaithersburg.","DOI":"10.6028\/NIST.SP.800-101"},{"key":"key2020122001141211200_b19","doi-asserted-by":"crossref","unstructured":"Klaver, C.\n (2010), \u201cWindows mobile advanced forensics\u201d, \n Digital Investigation\n , Vol. 6 No. 3, pp. 147-167.","DOI":"10.1016\/j.diin.2010.02.001"},{"key":"key2020122001141211200_b20","unstructured":"Kornblum, J.\n (2008), \u201cdc3dd, a patched version of gnu dd\u201d, available at: www.forensicswiki.org\/wiki\/Dc3dd (accessed 22 December 2013)."},{"key":"key2020122001141211200_b21","unstructured":"Labs, C.\n (2013), \u201cMOBILedit: forensic tool for data extraction from mobile device\u201d, available at: www.mobiledit.com\/ (accessed 22 December 2013)."},{"key":"key2020122001141211200_b22","unstructured":"Lessard, J.\n and \n Kessler, G.\n (2010), \u201cAndroid forensics: simplifying cell phone examinations\u201d, \n Small Scale Digital Device Forensics Journal\n , Vol. 4 No. 1, pp. 1-13."},{"key":"key2020122001141211200_b23","unstructured":"Liles, S.\n , \n Kovacik, S.\n and \n R. O\u2019Day, D.\n (2010), \u201c Proposed methodology for victim android forensics\u201d, available at: https:\/\/viaforensics.com\/viaforensics-articles\/viaforensics-aflogical-tool-android-forensic-investigations.html"},{"key":"key2020122001141211200_b24","unstructured":"Mohindra, D.\n (2008), \u201cThe android project: incident response and forensics\u201d, available at: www1.webng.com\/dhruv\/material\/android_report.pdf (accessed 22 December 2013)."},{"key":"key2020122001141211200_b25","unstructured":"Quick, D.\n and \n Alzaabi, M.\n (2011), \u201cForensic analysis of the android file system yaffs2\u201d, Proceedings 9th Australian Digital Forensics Conference, Perth, 5-7 December, pp. 100-108."},{"key":"key2020122001141211200_b26","unstructured":"Racioppo, C.\n and \n Murthy, N.\n (2012), \u201cAndroid forensics: a case study of the htc incredible phone\u201d, available at: http:\/\/csis.pace.edu\/wctappert\/srd2012\/b6.pdf"},{"key":"key2020122001141211200_b27","unstructured":"Solutions, D.\n (2013), \u201cEMMC, storage for mobile devices\u201d, available at: www.datalight.com\/solutions\/technologies\/emmc\/what-is-emmc (accessed 22 December 2013)."},{"key":"key2020122001141211200_b28","unstructured":"Son, N.\n , \n Lee, Y.\n , \n Kim, D.\n , \n James, J.I.\n , \n Lee, S.\n and \n Lee, K.\n (2013), \u201cA study of user data integrity during acquisition of Android devices\u201d, \n Digital Investigation\n , Vol. 10, pp. S3-S11."},{"key":"key2020122001141211200_b29","unstructured":"SWGDE\n (2009), \u201cSWGDE best practices for mobile phone examinations v1.0\u201d, available at: www.swgde.org\/documents\/Current%20Documents\/2009521%20SWGDE%20Best%20Practices%20for%20Mobile%20Phone%20Examinations%20v1.0"},{"key":"key2020122001141211200_b30","doi-asserted-by":"crossref","unstructured":"Sylve, J.\n , \n Case, A.\n , \n Marziale, L.\n and \n Richard, G.G.\n (2012), \u201cAcquisition and analysis of volatile memory from android devices\u201d. \n Digital Investigation\n , Vol. 8 No. 3, pp. 175-184.","DOI":"10.1016\/j.diin.2011.10.003"},{"key":"key2020122001141211200_b31","unstructured":"van Den Bos, J.\n and \n van der Knijf, R.\n (2005), \u201cTulp2g\u2013an open source forensic software framework for acquiring and decoding data stored in electronic devices\u201d, \n International Journal of Digital Evidence\n , Vol. 4 No. 2."},{"key":"key2020122001141211200_b32","unstructured":"viaForensics\n (2013), \u201cViaextract, forensic software by viaforensics\u201d, https:\/\/viaforensics.com\/products\/viaextract\/, (accessed 22 December 2013)."},{"key":"key2020122001141211200_b33","unstructured":"Vidas, T.\n , \n Zhang, C.\n and \n Christin, N.\n (2011), \u201cToward a general collection methodology for Android devices\u201d, \n Digital Investigation\n , Vol. 8, pp. S14-S24."},{"key":"key2020122001141211200_b34","unstructured":"X-ways\n (2013), \u201cWinhex, a universal hexadecimal editor\u201d, available at: winhex.com\/winhex\/ (accessed 22 December 2013)."},{"key":"key2020122001141211200_frd1","unstructured":"Chow, C.\n (2013), \u201cBusybox application for android device\u201d, available at: http:\/\/chislonchow.wordpress.com\/2013\/03\/29\/what-is-busybox-for-an-android-user\/ (accessed 22 December 2013)."}],"container-title":["Information & Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/ICS-02-2014-0013","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-02-2014-0013\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-02-2014-0013\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:22:39Z","timestamp":1753406559000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/23\/5\/450-475\/110971"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,11,9]]},"references-count":34,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2015,11,9]]}},"alternative-id":["10.1108\/ICS-02-2014-0013"],"URL":"https:\/\/doi.org\/10.1108\/ics-02-2014-0013","relation":{},"ISSN":["2056-4961"],"issn-type":[{"value":"2056-4961","type":"print"}],"subject":[],"published":{"date-parts":[[2015,11,9]]}}}