Mobile Data Acquisition Report Guidelines

Guidelines for producing a report of a forensic data acquisition on a mobile device

Problem

All the steps detailed in Article #305: Android Devices Data Acquisition Procedure (SD Card and SIM card byte-copy, data acquisition with Android Debug Bridge) should be detailed in this report, along with the results of the previous research and data gathered on the device.

Solution

Create a report with the following sections:

  • Title page: Case name (Access Now Ticket number), date, investigator’s name, and contact information

  • Table of Contents

  • Executive Summary

  • Aim of the investigation and objectives

  • Device research and data: general information, condition of the device, hardware structure, file system, etc.

  • Selected acquisition tool and justification of the selection (include software and hardware used, version numbers, etc.)

  • Procedures followed: SD Card and SIM card byte-copy, data acquisition with Android Debug Bridge

  • Image information summary: image name, hashes, name of the encrypted container, etc.

  • Timeline: concise timeline of important events

  • Conclusion

  • Signature

  • Investigator’s curriculum vitae, chain of custody documentation, supporting document linked from the body of the report, etc.

Comments

Find an official format for the report here.

Notes