+- PINE64 (https://forum.pine64.org)
+-- Forum: PinePhone (https://forum.pine64.org/forumdisplay.php?fid=120)
+--- Forum: General Discussion on PinePhone (https://forum.pine64.org/forumdisplay.php?fid=127)
+--- Thread: Forensic Analysis of PinePhone (/showthread.php?tid=8811)
Forensic Analysis of PinePhone - UnallocatedClusters - 01-16-2020
Hello all,
I work in computer forensics and I am looking forward to purchasing and using a PinePhone both for general privacy sake as well as my desire to learn how to create forensic images of Linux smartphones and then perform forensic analysis of the resulting forensic images.
Currently, my smartphone forensic software includes Cellebrite (www.cellebrite.com) and MOBILedit Forensic Express (www.mobiledit.com/forensic-express).
For imaging iPhones, smartphone forensic software basically invokes iTunes to create a "mobile backup" of the iPhone being imaged; the resulting image is a logical image, not a physical image, though. In order to generate a physical image of an iPhone, one must jailbreak the iPhone first.
For imaging Android phones, smartphone forensic software will first install an "agent" on the Android phone; the installed agent will then export out files to external media, sometimes through the use of the Android Debugging Bridge. Similar to iPhones, one cannot generate a physical image of an Android phone unless one can root the Android phone first.
I am curious to see if traditional workstation imaging software will be able to generate forensic images of the PinePhone.
For example, I oftentimes use Guymager (https://guymager.sourceforge.io/) to generate forensic images of workstation hard drives. Typically I will use a Live USB running a "free-to-use" Forensic Linux distribution such as Paladin (https://sumuri.com/software/paladin/). I am able to boot the target workstation to the Linux distribution, which gets loaded to the target workstation's RAM and will not mount the internal hard drive, or only mount the target workstation's internal hard drive as read only.
I am new to this forum so I do not know if there are any other fellow forensic practitioners here, but if there is interest, I will update everyone with my forensic imaging and analysis progress once I get a PinePhone.
RE: Forensic Analysis of PinePhone - vicky - 01-17-2020
I am not in computer forensics but I am interested in your findings.