Digital forensics investigations on Android phones often involve analyzing various types of data stored on the device. One crucial piece of information that can be obtained from an Android system during a forensic investigation is Wi-Fi data. Android devices store a wide range of Wi-Fi-related information, including SSIDs, connection dates and times, and saved passwords.
Android devices store information about Wi-Fi access points that they have connected to in the past. The information includes the MAC address of the access point, IP address, network security status, and password. This information can be used to identify the physical location of the device at a specific time; which can be useful in reconstructing the device's movements or establishing a user's whereabouts. Moreover, saved Wi-Fi passwords can provide evidence of unauthorized access to a network; which can be a potential indicator of criminal activity.
Wi-Fi artifacts are found in the following location: data\misc\apexdata\com.android.wifi\WifiConfigStore.xml
This section will discuss how to use ArtiFast Windows to extract extract Wi-Fi artifacts from Android and what kind of digital forensics insight we can gain from the artifact.
After you have created your case and added evidence for the investigation, at the Artifact Selection phase, you can select Android Wi-Fi Information artifacts:
Once ArtiFast parser plugins complete processing the artifact for analysis, it can be reviewed via “Artifact View” or “Timeline View,” with indexing, filtering, and searching capabilities. Below is a detailed description of Android Wi-Fi Information artifact in ArtiFast.
Android Wi-Fi Information
For more information or suggestions please contact: [email protected]