New acquisition method based on firmware update protocols for Android smartphones

Android remains the dominant OS in the smartphone market even though the iOS share of
the market increased during the iPhone 6 release period. As various types of Android
smartphones are being launched in the market, forensic studies are being conducted to
test data acquisition and analysis. However, since the application of new Android security
technologies, it has become more dif
ficult to acquire data using existing forensic methods.
In order to address this problem, we propose a new acquisition method based on analyzing
firmware update protocols of Android smartphones. A physical acquisition of Android
smartphones can be achieved using the
flash memory read command by reverse engineering the firmware update protocol in the bootloader. Our experimental results
demonstrate that the proposed method is superior to existing forensic methods in terms of
the integrity guarantee, acquisition speed, and physical dump with screen-locked smartphones (USB debugging disabled)