• There are no suggestions because the search field is empty.

Digital Forensic News & Events
Bringing investigators digital forensics and cybersecurity related news from around the world. #AllinForensics

 

Back to News

Forensic Acquisition: Take Screenshots of Mobile Devices (Updated in 2022)

Posted by Sam Etemad-Moghadam on July 13, 2020
Sam Etemad-Moghadam

Why take Digital Forensic Screenshots?

Taking a screenshot of a connected iOS or Android mobile device consists in making a copy of what is displayed on the device screen. This method makes it possible to collect digital evidence that would otherwise not be available in a advanced logical acquisition because the data is protected.

Taking Screenshots

Mobile Device Investigator and ADF's PRO mobile phone forensic software products provide investigators and examiners with a Screenshots Capture screen to use during a forensic preview or investigation. Collected at before starting the logical acquisition, an investigator can capture screens and collect data to be included with the logical acquisition. In ADF, there are 2 ways to access the Screenshots Capture screen:

  • When starting a mobile device scan, if the Search Profile contains the APPLICATIONS > Screenshots Capture.
  • By navigating to Home > Image Attached Devices (ADF PRO Tools ) or Home > Acquire Android/iOS Devices (MDI logo - Mobile Device Investigator).

Forensic Acquisition - Screenshots on a Mobile Device with MDI and DEI PRO

 

The Screenshots Capture screen displays the following panels:Forensic Acquisition Take Screenshots of Mobile Devices

  • Screenshots (N): shows how many screenshots have been taken, a thumbnail for each screenshot and its name. Mouse-over a thumbnail to make the Delete button visible.
  • Device: is the mobile device name.
  • Screenshot group: is used to group screenshots together as they are displayed per group on the Screenshots view in the Viewer. 
  • Screenshot name: is assigned automatically and is a combination of the group name with an index for that group.
  • Comments: a comment can be assigned to the next screenshot taken. This comment is visible in the Viewer and can be part of the report.
  • Take Screenshot button: clicking on this button will take a copy of what is displayed on the device’s screen.
  • Continue button: clicking on this button will continue with the logical acquisition of the mobile device.
  • Finish button: this button is only offered when acquiring the mobile device instead of scanning it. When clicking Finish, the logical acquisition will only contain the screenshots and no other data.

Processing Screenshots: Digital Evidence 

After the screenshots have been collected, they are part of the advanced logical acquisition and need to be scanned to be processed and appear in a scan result. If the mobile device was scanned with a Search Profile containing the Screenshots Capture then all screenshots will be processed as part of the scan. If the mobile device was acquired, then the logical acquisition needs to be scanned by selecting the Add Phone Backup button on the Scan screen.

Once processed, the screenshots appear in the Screenshots Capture view. 

Optical Character Recognition of Screenshots

Captured Screenshot images are run through Optical Character Recognition within the ADF software so that evidence collected is included for analysis.  

Watch: Screenshots How To Video

Topics: Mobile Device Forensics, Mobile Forensics, Mobile Device Investigator, Android Forensics, iOS Forensics, DEI PRO, Triage-G2 PRO, MDI Field Tablet, DEI PRO Field Tablet

Posts by Tag

See all

Recent Posts

New ADF Free Trial Website Ad

  • READY TO ACCELERATE YOUR DIGITAL INVESTIGATIONS?

  • Purchase