Computer Hacking Forensic Investigator (CHFI v10) — Question 422

A forensic investigator is tasked with logically acquiring data from an Android device involved in a cybercrime incident. The device is passcode protected, and the suspect refuses to reveal the passcode. How should the investigator proceed?

Answer options

• A. Enable USB debugging on the Android device and use adb commands to gain root access and extract data
• B. Connect the Android device to a computer with iTunes installed to perform a backup and extract data
• C. Use an adb pull command to download all the data, including system files and deleted data
• D. Use the adb push command to extract data from the device without bypassing the passcode

Correct answer: A

Explanation

The correct choice is A because enabling USB debugging allows the investigator to leverage adb commands for root access, which is crucial for data extraction when the device is locked. Options B and C won't work as iTunes is not compatible with Android devices, and adb pull requires prior access that isn't possible without the passcode. Option D also fails as it does not provide a means to bypass the passcode for data access.