Producing the Digital Body
| Name | Size | Last Modified | SHA2-256 | SHA3-256 |
|---|---|---|---|---|
| README.txt | 2,736 | 2020-11-22 03:10:17Z | c218049dd6781fc5c61e0bdca61ea6d3efda749038d5126658c66e151dc985d4 | 2fe9eae1ddc7b79e991d502ed5f08d9ce8710dabe05672baf5a57e40b472dc56 |
This directory holds a corpora of images taken from Android devices.
HTC Nexus One:
Android 2.2.1
Kernel: 2.6.32.9-27240-gbca5320
Android Build: FRG83
IMEI: 354957034051501
The Nexus One partitions are:
dev: size erasesize name
mtd0: 000e0000 00020000 "misc"
mtd1: 00400000 00020000 "recovery"
mtd2: 00380000 00020000 "boot"
mtd3: 09100000 00020000 "system"
mtd4: 05f00000 00020000 "cache"
mtd5: 0c440000 00020000 "userdata"
Samsung Nexus S:
Android 2.3
Kernel: 2.6.35.7-g119403d
Android Build: GRH55
IMEI: 355031040342228
The Nexus S partitions are:
The mmcblk0 is the only block imaged.
lrwxrwxrwx root root 2011-06-14 20:42 media -> /dev/block/mmcblk0p3
lrwxrwxrwx root root 2011-06-14 20:42 userdata -> /dev/block/mmcblk0p2
lrwxrwxrwx root root 2011-06-14 20:42 system -> /dev/block/mmcblk0p1
and
dev: size erasesize name
mtd0: 00200000 00040000 "bootloader"
mtd1: 00140000 00040000 "misc"
mtd2: 00800000 00040000 "boot"
mtd3: 00800000 00040000 "recovery"
mtd4: 1d580000 00040000 "cache"
mtd5: 00d80000 00040000 "radio"
mtd6: 006c0000 00040000 "efs"
With the exception of the baseline image, both phones were synced to the npsforensics@gmail.com account. The clockworkmod ROM Manager application was downloaded from the Android market, used to get a unique recovery image for each device and was used to perform backups that provide our logical acquisition technique.
This directory has two directories, one for each phone. Each phone directory contains multiple directories pertaining to different data placed on the phone. The phone directory structure is as follows:
2011-NexusX-Y
2011-NexusX-Y-Z
Where X is the phone model, Y indicates the experiment number (listed below), and Z is alway equal to 1 and indicates the logical (clockworkmod technique) image.
Experiments:
2011-NexusX-1
This is the baseline image, with no network data on devices. NOTE: These devices were slightly used and might have existing data.
2011-NexusX-1.5
An image taken after associating a google account with the android device.
2011-NexusX-2
No data passed. This associates to a wireless router and scans the GSM and 802.11 RF spectrum picking up network metadata.
2011-NexusX-3
SOMETHING WITH BLUETOOTH
2011-NexusX-4
Android Device associates to TacBSR and wireless router. Pulls a 10KB file from 192.168.77.4.
2011-NexusX-5
Android Device associates to TacBSR and wireless router. Pulls a 1MB file from 192.168.77.2.
2011-NexusX-6
The Android devices use the Facebook application.
2011-NexusX-7
Devices are associated to TacBSR and wireless routers, use bluetooth device, use Facebook, retrieve a 10MB file from 192.168.77.1, place a call to the other device.