Impact of Android Phone Rooting on User Data Integrity in Mobile Forensics

Abstract

Modern cellular phones are potent computing devices, and their capabilities are constantly progressing. The Android operating system (OS) is widely used, and the number of accessible apps for Android OS phones is unprecedented. The increasing capabilities of these phones imply that they have distinctive software, memory designs, and storage mechanisms. Furthermore, they are increasingly being used to commit crimes at an alarming rate. This aspect has heightened the need for digital mobile forensics. Because of the rich user data they store, they may be relevant in forensic investigations, and the data must be extracted. However, as this study will show, most of the available tools for mobile forensics rely greatly on rooted (Android) devices to extract data. Rooting, as some of the selected papers in this research will show, poses a key challenge for forensic analysts: user data integrity. Rooting per se, as will be seen, is disadvantageous. It is possible for forensic analysts to extract useful data from Android phones via rooting, but the user data integrity during data acquisition from Android devices is a prime concern. In suggesting an alternative rooting technique for data acquisition from an Android handset, this paper determines whether rooting is forensically sound. This is particularly due to the device's modification, which a root often requires, that may violate the data integrity.