Yesterday someone asked me a question can EnCase acquire data from a smartphone, and my reply was "yes". Let me show you how to use Use EnCase to acquire data from a smartphone. Of course we have to install driver on the workstation first so that we could identify that smartphone correctly. If the smartphone is rooted, we could do the physical acquisition and generate E01 images for further analysis.
Let's take a look in the evidence file and find out where Naver LINE database is. The database name is "naver_line" and we could open this file by using external viewer-DB Browser for SQLite. Now we could see those chat messages in talbe "chat_history".
浙公网安备 33010602011771号