Effects of the Factory Reset on Mobile Devices

Loading...
Thumbnail Image
Authors
Schwamm, Riqui
Rowe, Neil C.
Subjects
mobile device
forensics
factory reset
file types
Cellebrite
privacy
Advisors
Date of Issue
2014
Date
2014
Publisher
ADFSL
Language
Abstract
Mobile devices usually provide a “factory-reset” tool to erase user-specific data from the main secondary storage. 9 Apple iPhones, 10 Android devices, and 2 BlackBerry devices were tested in the first systematic evaluation of the effectiveness of factory resets. Tests used the Cellebrite UME-36 Pro with the UFED Physical Analyzer, the Bulk Extractor open-source tool, and our own programs for extracting metadata, classifying file paths, and comparing them between images. Two phones were subjected to more detailed analysis. Results showed that many kinds of data were removed by the resets, but much user-specific configuration data was left. Android devices did poorly at removing user documents and media, and occasional surprising user data was left on all devices including photo images, audio, documents, phone numbers, email addresses, geolocation data, configuration data, and keys. A conclusion is that reset devices can still provide some useful information to a forensic investigation.
Type
Article
Description
Series/Report No
Department
Computer Science (CS)
Organization
Naval Postgraduate School (U.S.)
Identifiers
NPS Report Number
Sponsors
Funder
Format
16 p.
Citation
Schwamm, Riqui, and Neil C. Rowe. "Effects of the factory reset on mobile devices." Journal of Digital Forensics, Security and Law 9.2 (2014): 205-220.
Distribution Statement
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Collections