Effects of the Factory Reset on Mobile Devices

Schwamm, Riqui; Rowe, Neil C.

Download

Article (106.1Kb)

Download Record

Download to EndNote/RefMan (RIS)

Download to BibTex

Author

Schwamm, Riqui

Rowe, Neil C.

Date

2014

Metadata

Show full item record

Abstract

Mobile devices usually provide a “factory-reset” tool to erase user-specific data from the main secondary storage. 9 Apple iPhones, 10 Android devices, and 2 BlackBerry devices were tested in the first systematic evaluation of the effectiveness of factory resets. Tests used the Cellebrite UME-36 Pro with the UFED Physical Analyzer, the Bulk Extractor open-source tool, and our own programs for extracting metadata, classifying file paths, and comparing them between images. Two phones were subjected to more detailed analysis. Results showed that many kinds of data were removed by the resets, but much user-specific configuration data was left. Android devices did poorly at removing user documents and media, and occasional surprising user data was left on all devices including photo images, audio, documents, phone numbers, email addresses, geolocation data, configuration data, and keys. A conclusion is that reset devices can still provide some useful information to a forensic investigation.

Rights

This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.

URI

https://hdl.handle.net/10945/49294

Collections

Faculty and Researchers' Publications