Practical Mobile Forensics
上QQ阅读APP看书,第一时间看更新

Logical acquisition

Logical acquisition is about extracting logical storage objects, such as files and directories, that reside on a filesystem. The logical acquisition of mobile phones is performed using the device manufacturer's application programming interface to synchronize the phone's contents with a computer. Many forensic tools can perform a logical acquisition. It is much easier for a forensic tool to organize and present data extracted through logical acquisition. However, the forensic analyst must understand how the acquisition occurs and whether the mobile was modified in any way during the process. Depending on the phone and forensic tools used, all or some of the data is acquired. A logical acquisition is easy to perform and only recovers the files on a mobile phone and does not recover data contained in unallocated space.